Heartbeat is a High Availabily cluster software in linux platform. Here we will discuss how to
install and configure heartbeat-3.0.3 in redhat enterprise linux. In this example we will configue
a webserver using apache and we will cluster it. It can be implemented on centos, fedora and other redhat flavors.
Heartbeat Version is : heartbeat-3.0.3
Requirements:
2 linux nodes, rhel5.4.
Node1: 192.168.0.33 hb_test1.lap.work
Node2: 192.168.0.34 hb_test2.lap.work
LAN & Internet connection.
A yum server.
Initial Steps:
Set the fully qualified hostnames and give corresponding entries in /etc/hosts and
/etc/network/network.
Configuring Apache:
#yum install httpd*
On node1
#vi /var/www/html/index.html
This is node 1 of Heartbeat HA cluster
On node2
#vi /var/www/html/index.html
This is node 2 of Heartbeat HA cluster
On both nodes:
#vi /etc/httpd/conf/httpd.conf
Listen 192.168.0.222:80
Now start the service in both nodes.
#service httpd start #it wont work untill heartbeat is started. So dont worry
#chkconfig httpd on
Confirm them from broswer.
Install the following packages in both nodes:
#yum install glibc*
#yum install gcc*
#yum install lib*
#yum install flex*
#yum install net-snmp*
#yum install OpenIPMI*
#yum install python-devel
#yum install perl*
#yum install openhpi*
Save the repo file for clusterlabs online repository in both machines:
Its availabile in http://www.clusterlabs.org/rpm/epel-5/clusterlabs.repo
it is as follows:
[clusterlabs]
name=High Availability/Clustering server technologies (epel-5)
baseurl=http://www.clusterlabs.org/rpm/epel-5
type=rpm-md
gpgcheck=0
enabled=1
[root@hb_test2 ~]# cat /etc/yum.repos.d/clusterlabs.repo
[clusterlabs]
name=High Availability/Clustering server technologies (epel-5)
baseurl=http://www.clusterlabs.org/rpm/epel-5
type=rpm-md
gpgcheck=0
enabled=1
[root@hb_test2 ~]#
After that install heartbeat packages on both nodes:
#yum install cluster-glue*
Four packages will be installed
cluster-glue
cluster-glue-libs
cluster-glue-libs-devel
cluster-glue-debuginfo
#yum install heartbeat*
Five packages will be installed including one dependency
heartbeat.i386 0:3.0.3-2.el5
heartbeat-debuginfo.i386 0:3.0.3-2.el5
heartbeat-devel.i386 0:3.0.3-2.el5
heartbeat-libs.i386 0:3.0.3-2.el5
Dependency:
resource-agents.i386 0:1.0.3-2.el5
#yum install resource-agents*
One package will be installed
resource-agents-debuginfo.i386 0:1.0.3-2.el5
Setting Configuration files:
We can do all configuration in one system and copy the /etc/ha.d to the second node.
#cd /etc/ha.d
#cat README.config
The details about configuration files are explained in this file. We have to copy three
configuration files to this directory from samples in documentation.
[root@hb_test1 ha.d]# cp /usr/share/doc/heartbeat-3.0.3/authkeys /etc/ha.d/
[root@hb_test1 ha.d]# cp /usr/share/doc/heartbeat-3.0.3/ha.cf /etc/ha.d/
[root@hb_test1 ha.d]# cp /usr/share/doc/heartbeat-3.0.3/haresources /etc/ha.d/
We have to edit the authkeys file:
We are using sha1 algorithm:
#vi authkeys
edit as follows
auth 2
#1 crc
2 sha1 test-ha
#3 md5 Hello!
And change the permission of authkeys to 600
#chmod 600 authkeys
We have to edit the ha.cf file:
#vi ha.cf
uncomment following lines and make edits
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 15
warntime 10
initdead 120
udpport 694
bcast eth0
auto_failback on
node hb_test1.lap.work # in both nodes command #uname -n should
node hb_test2.lap.work # give the these hostnames
We have to edit the haresources file:
#vi haresources
hb_test2.lap.work 192.168.0.222 httpd
NOTE: You dont have to create an interface and set this IP or make a IP alias. Heartbeat
will take care of it. Automaticaly.
Now exchange and save authorized keys between node1 and node2.
Key exchange:
On node1:
Generate the key:
[root@hb_test1 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
9f:5d:47:6b:2a:2e:c8:3e:ee:8a:c2:28:5c:ad:57:79 root@hb_test1.lap.work
Pass the key to node2:
[root@hb_test1 ~]# scp .ssh/id_dsa.pub hb_test2.lap.work:/root/.ssh/authorized_keys
On node2:
Generate the key:
[root@hb_test2 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
40:66:t8:bd:ac:bf:68:38:22:60:d8:9f:18:7d:94:21 root@hb_test2.lap.work
Pass the key to node1:
[root@hb_test2 ~]# scp .ssh/id_dsa.pub hb_test1.lap.work:/root/.ssh/authorized_keys
Now copy the /etc/ha.d of node1 to node2:
[root@hb_test1 ~]# scp -r /etc/ha.d hb_test2.lap.work:/etc/
Starting the service:
On both nodes:
#/etc/init.d/heartbeat start
You may have to restart the heartbeat service a few times. Check #ifconfig in one node you can
see an interface eth0:1 is up with IP 192.168.0.222. In that node httpd is running and in the other
node it is stopped. When the running node fails, the other one will start.
Have fun! Tc.
Showing posts with label Linux Performance n Monitoring. Show all posts
Showing posts with label Linux Performance n Monitoring. Show all posts
Find out what RAM type you have in Linux
7diggsdigg
To check what RAM memory type yo have installed (and also see other useful information about your system), do a
sudo dmidecode
Depending on the version of dmidecode you have installed and the hardware configuration you have, each hardware device will have a certain type number assigned t it. On my machine, the RAM has type 6. So to see what RAM type and speed you have, do a
# dmidecode 2.9
SMBIOS 2.3 present.
Handle 0×0008, DMI type 6, 12 bytes
Memory Module Information
Socket Designation: ROW-0
Bank Connections: 1 0
Current Speed: 800
Type: DIMM SDRAM
Installed Size: 256 MB (Double-bank Connection)
Enabled Size: 256 MB (Double-bank Connection)
Error Status: OK
Download the latest 642-902 exam questions with complete 642-813 study guides to successfully pass SY0-201 exam.
sudo dmidecode
Depending on the version of dmidecode you have installed and the hardware configuration you have, each hardware device will have a certain type number assigned t it. On my machine, the RAM has type 6. So to see what RAM type and speed you have, do a
sudo dmidecode --type 6and the output will be something like
# dmidecode 2.9
SMBIOS 2.3 present.
Handle 0×0008, DMI type 6, 12 bytes
Memory Module Information
Socket Designation: ROW-0
Bank Connections: 1 0
Current Speed: 800
Type: DIMM SDRAM
Installed Size: 256 MB (Double-bank Connection)
Enabled Size: 256 MB (Double-bank Connection)
Error Status: OK
Download the latest 642-902 exam questions with complete 642-813 study guides to successfully pass SY0-201 exam.
Clear the memory cache in Linux
In Linux, you can clear the cache of the memory by using
sync; echo 3 > /proc/sys/vm/drop_caches
sync; echo 3 > /proc/sys/vm/drop_caches
How install MRTG on linux?
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.
Here are the steps those I followed :
====
Installing Library zlib :
................
wget http://www.gzip.org/zlib/zlib-1.1.4.tar.gz
tar -xvzf zlib-1.1.4.tar.gz
mv zlib-1.1.4 zlib
cd zlib
./configure
make
cd ..
................
Installing Library libpng :
................
wget http://public.planetmirror.com/pub/sourceforge/l/li/libpng/libpng-1.0.15.tar.gz
tar -xvzf libpng-1.0.15.tar.g
mv libpng-1.0.15 libpng
cd libpng
make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
cd ..
................
Installing Library gd :
................
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz
tar -xvzf gd-1.8.4.tar.gz
mv gd-1.8.4 gd
cd gd
perl -i~ -p -e s/gd_jpeg.o//g Makefile
make INCLUDEDIRS="-I. -I../zlib -I../libpng" \
LIBDIRS="-L../zlib -L. -L../libpng" \
LIBS="-lgd -lpng -lz -lm" \
CFLAGS="-O -DHAVE_LIBPNG"
cd ..
................
Installing MRTG:
.................
cd /usr/local/src
wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.15.0.tar.gz
gunzip -c mrtg-2.15.0.tar.gz | tar xvf -
cd mrtg-2.15.0
./configure --prefix=/usr/local/mrtg-2 \
--with-gd=/usr/local/src/gd \
--with-z=/usr/local/src/zlib \
--with-png=/usr/local/src/libpng
make
make install
.................
Configuration :-
..................
cd /usr/local/src/mrtg-2.15.0/bin
cfgmaker --global 'WorkDir: /home/yourusername/public_html/mrtg' \
--global 'Options[_]: bits,growright' \
--output /usr/local/mrtg-2/mrtg.cfg \
public@localserver
..................
setup cron :
*/5 * * * * root "env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/mrtg.cfg" --logging /var/log/mrtg.log
View the MRTG :
htpp://localhost/mrtg
Here are the steps those I followed :
====
Installing Library zlib :
................
wget http://www.gzip.org/zlib/zlib-1.1.4.tar.gz
tar -xvzf zlib-1.1.4.tar.gz
mv zlib-1.1.4 zlib
cd zlib
./configure
make
cd ..
................
Installing Library libpng :
................
wget http://public.planetmirror.com/pub/sourceforge/l/li/libpng/libpng-1.0.15.tar.gz
tar -xvzf libpng-1.0.15.tar.g
mv libpng-1.0.15 libpng
cd libpng
make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
cd ..
................
Installing Library gd :
................
wget http://www.boutell.com/gd/http/gd-1.8.4.tar.gz
tar -xvzf gd-1.8.4.tar.gz
mv gd-1.8.4 gd
cd gd
perl -i~ -p -e s/gd_jpeg.o//g Makefile
make INCLUDEDIRS="-I. -I../zlib -I../libpng" \
LIBDIRS="-L../zlib -L. -L../libpng" \
LIBS="-lgd -lpng -lz -lm" \
CFLAGS="-O -DHAVE_LIBPNG"
cd ..
................
Installing MRTG:
.................
cd /usr/local/src
wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.15.0.tar.gz
gunzip -c mrtg-2.15.0.tar.gz | tar xvf -
cd mrtg-2.15.0
./configure --prefix=/usr/local/mrtg-2 \
--with-gd=/usr/local/src/gd \
--with-z=/usr/local/src/zlib \
--with-png=/usr/local/src/libpng
make
make install
.................
Configuration :-
..................
cd /usr/local/src/mrtg-2.15.0/bin
cfgmaker --global 'WorkDir: /home/yourusername/public_html/mrtg' \
--global 'Options[_]: bits,growright' \
--output /usr/local/mrtg-2/mrtg.cfg \
public@localserver
..................
setup cron :
*/5 * * * * root "env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/mrtg.cfg" --logging /var/log/mrtg.log
View the MRTG :
htpp://localhost/mrtg
Speed Up Firefox web browser
Mozilla Firefox
is a cross-platform browser, providing support for various versions of Microsoft Windows, Mac OS X, and Linux. Although not officially released for certain operating systems, the freely available source code works for many other operating systems, including FreeBSD,OS/2, Solaris, SkyOS, BeOS and more recently, Windows XP Professional x64 Edition.
I am providing some Very Useful Tips to speedup your Firefox.
In your location bar, type about:config
Once it Opens You should see similar to the following screen
Tip1
In the filter bar type network.http.pipelining
You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip2
In the filter bar again and type network.http.pipelining.maxrequests
Once it Opens You should see the following screen
Default it says 4 under value field and you need to change it to 8
Once you finished this you should see the following screen.
Tip3
Go to the filter bar again and type network.http.proxy.pipelining
Once it Opens You should see similar to the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip4
Go to the filter bar again and type network.dns.disableIPv6
Once it Opens You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip5
Go to the filter bar again and type plugin.expose_full_path
Once it Opens You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip6
Now you need to Create new Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type nglayout.initialpaint.delay and click ok
Now you need to enter 0 in value filed and click ok
Once you finished this you should see the following screen.
Tip7
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type content.notify.backoffcount and click ok
Now you need to enter 5 in value filed and click ok
Once you finished this you should see the following screen.
Tip8
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type ui.submenuDelay and click ok
Now you need to enter 0 in value filed and click ok
Once you finished this you should see the following screen.
Some more Tweaks
Enable the spellchecker for inputfields and textareas (default is textareas only)
layout.spellcheckDefault=2
Open lastfm://-links directly in amarok
network.protocol-handler.app.lastfm=amarok
network.protocol-handler.external.lastfm=true
Firefox Memory Leak Fix
Open a new tab. Type “about:config” without quotes into the address bar and hit enter/click Go.
Right-click anywhere, select New, then Integer. In the dialog prompt that appears, type:
browser.cache.memory.capacity
Click OK. Another dialog prompt will appear. This is where you decide how much memory to allocate to Firefox. This depends on how much RAM your computer has, but generally you don’t want to allocate too little (under 8MB), but if you allocate too much, you might as well not do this. A good recommended setting is 16MB. If you want 16MB, enter this value into the dialog prompt:
16384
(Why 16384 instead of 16000? Because computers use base-12 counting. Thus 16 megabytes = 16384 bytes. Likewise, if you want to double that and allocate 32MB, you’d enter 32768.)
Click OK to close the dialog box, then close all instances of Firefox and restart. If your Firefox still uses the same amount of memory, give it a few minutes and it should slowly clear up. If that fails, try a system reboot.
Now your Firefox will now be 3 - 30 times faster in loading pages.
I am providing some Very Useful Tips to speedup your Firefox.
In your location bar, type about:config
Once it Opens You should see similar to the following screen
Tip1
In the filter bar type network.http.pipelining
You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip2
In the filter bar again and type network.http.pipelining.maxrequests
Once it Opens You should see the following screen
Default it says 4 under value field and you need to change it to 8
Once you finished this you should see the following screen.
Tip3
Go to the filter bar again and type network.http.proxy.pipelining
Once it Opens You should see similar to the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip4
Go to the filter bar again and type network.dns.disableIPv6
Once it Opens You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip5
Go to the filter bar again and type plugin.expose_full_path
Once it Opens You should see the following screen
Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.
Tip6
Now you need to Create new Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type nglayout.initialpaint.delay and click ok
Now you need to enter 0 in value filed and click ok
Once you finished this you should see the following screen.
Tip7
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type content.notify.backoffcount and click ok
Now you need to enter 5 in value filed and click ok
Once you finished this you should see the following screen.
Tip8
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer
Once it opens you should see the following screen
Here you need to type ui.submenuDelay and click ok
Now you need to enter 0 in value filed and click ok
Once you finished this you should see the following screen.
Some more Tweaks
Enable the spellchecker for inputfields and textareas (default is textareas only)
layout.spellcheckDefault=2
Open lastfm://-links directly in amarok
network.protocol-handler.app.lastfm=amarok
network.protocol-handler.external.lastfm=true
Firefox Memory Leak Fix
Open a new tab. Type “about:config” without quotes into the address bar and hit enter/click Go.
Right-click anywhere, select New, then Integer. In the dialog prompt that appears, type:
browser.cache.memory.capacity
Click OK. Another dialog prompt will appear. This is where you decide how much memory to allocate to Firefox. This depends on how much RAM your computer has, but generally you don’t want to allocate too little (under 8MB), but if you allocate too much, you might as well not do this. A good recommended setting is 16MB. If you want 16MB, enter this value into the dialog prompt:
16384
(Why 16384 instead of 16000? Because computers use base-12 counting. Thus 16 megabytes = 16384 bytes. Likewise, if you want to double that and allocate 32MB, you’d enter 32768.)
Click OK to close the dialog box, then close all instances of Firefox and restart. If your Firefox still uses the same amount of memory, give it a few minutes and it should slowly clear up. If that fails, try a system reboot.
Now your Firefox will now be 3 - 30 times faster in loading pages.
Linux Disable or Enable ExecShield Buffer Overflows Protection
Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.
Task: Disable ExecShield protection
Type the following command as root user:# sysctl -w kernel.exec-shield=0You can disable it permanently system-wide after each and every reboot by adding following line to /etc/sysctl.conf file:
# vi /etc/sysctl.confAppend following line
kernel.exec-shield=0Save and close the file. Please note that I don’t recommend disabling ExecShild protection.
You can also disable protection by appending the following parameter to the kernel command line in the GRUB bootloader to kernel line:
# vi /etc/grub.confModify / append exec-shield=0 parameter as follows:
kernel /vmlinuz-2.6.8 ro root=LABEL=/ exec-shield=0Close and save the file.
Enable ExecShield Protection Against Buffer Overflows
Open your /etc/sysctl.conf file:# vi /etc/sysctl.confAdd the following lines:
kernel.exec-shield = 1 kernel.randomize_va_space = 1Save and close the file. First line will enable ExecShield protection and second line will enable random placement of virtual memory regions protection. To load in sysctl settings, enter:
# sysctl -p
Linux Limit CPU Usage Per Process
I don't want background process to eat all my CPU. I know how to find out CPU utilization but how do I limit the cpu usage of a process under Linux operating system? How do I force a process to limit itself to 25% only?
You can use cpulimit program that attempts to limit the cpu usage of a process. Limits are expressed in percentage and not in cpu time. cpulimit does not act on the nice value or other scheduling priority stuff, but on the real cpu usage. Also, it is able to adapt itself to the overall system load, dynamically and quickly.
Install cpulimit
Type the following commands to install latest stable release:
# cd /tmp
# wget 'http://downloads.sourceforge.net/cpulimit/cpulimit-1.1.tar.gz'
# tar -zxvf cpulimit-1.1.tar.gz
# cd cpulimit-1.1
# make
# cp cpulimit /usr/local/sbin/
# rm -rf cpulimit*
A note about Debian / Ubuntu Linux users
Type the following command to install cpulimit:
$ sudo apt-get update
$ sudo apt-get install cpulimit
How do I use cpulimit?
To limit CPU usage of the process called firefox to 30%, enter:
# cpulimit -e firefox -l 30
To limit CPU usage of the process to 30% by using its PID, enter:
# cpulimit -p 1313 -l 30
To find out PID of the process use any of the following:
# ps aux | less
# ps aux | grep firefox
# pgrep -u vivek php-cgi
# pgrep lighttpd
You can also use absolute path name of the executable, enter:
# cpulimit -P /opt/firefox/firebox -l 30
Where,
* -p : Process PID.
* -e : Process name.
* -l : percentage of CPU allowed from 0 to 100.
* -P: absolute path name of the executable program file.
Root vs Normal User Account
From the project webpage:
cpulimit should run at least with the same user running the controlled process. But it is much better if you run cpulimit as root, in order to have a higher priority and a more precise control.
A Note About SMP (Multicore / MultiCpu) Systems
Again quoting from the project webpage:
If your machine has one processor you can limit the percentage from 0% to 100%, which means that if you set for example 50%, your process cannot use more than 500 ms of cpu time for each second. But if your machine has four processors, percentage may vary from 0% to 400%, so setting the limit to 200% means to use no more than half of the available power. In any case, the percentage is the same of what you see when you run top.
You can use cpulimit program that attempts to limit the cpu usage of a process. Limits are expressed in percentage and not in cpu time. cpulimit does not act on the nice value or other scheduling priority stuff, but on the real cpu usage. Also, it is able to adapt itself to the overall system load, dynamically and quickly.
Install cpulimit
Type the following commands to install latest stable release:
# cd /tmp
# wget 'http://downloads.sourceforge.net/cpulimit/cpulimit-1.1.tar.gz'
# tar -zxvf cpulimit-1.1.tar.gz
# cd cpulimit-1.1
# make
# cp cpulimit /usr/local/sbin/
# rm -rf cpulimit*
A note about Debian / Ubuntu Linux users
Type the following command to install cpulimit:
$ sudo apt-get update
$ sudo apt-get install cpulimit
How do I use cpulimit?
To limit CPU usage of the process called firefox to 30%, enter:
# cpulimit -e firefox -l 30
To limit CPU usage of the process to 30% by using its PID, enter:
# cpulimit -p 1313 -l 30
To find out PID of the process use any of the following:
# ps aux | less
# ps aux | grep firefox
# pgrep -u vivek php-cgi
# pgrep lighttpd
You can also use absolute path name of the executable, enter:
# cpulimit -P /opt/firefox/firebox -l 30
Where,
* -p : Process PID.
* -e : Process name.
* -l : percentage of CPU allowed from 0 to 100.
* -P: absolute path name of the executable program file.
Root vs Normal User Account
From the project webpage:
cpulimit should run at least with the same user running the controlled process. But it is much better if you run cpulimit as root, in order to have a higher priority and a more precise control.
A Note About SMP (Multicore / MultiCpu) Systems
Again quoting from the project webpage:
If your machine has one processor you can limit the percentage from 0% to 100%, which means that if you set for example 50%, your process cannot use more than 500 ms of cpu time for each second. But if your machine has four processors, percentage may vary from 0% to 400%, so setting the limit to 200% means to use no more than half of the available power. In any case, the percentage is the same of what you see when you run top.
Guide Or How To Monitor CPU Temperature in Linux
To monitor CPU temperature in Linux you will need to install lm_sensors package and then install gnome-applet-sensors (assuming you are using gnome) to get a nice graphical display. The devil is in the details. The shipped lm_sensors doesn't work on Fedora Core 6 with 2.6 kernels. It also doesn't support core 2 duo.
Install
To use lm_sensors you will have to install it from the development repository.
Login as root and run the following:
This will install lm_sensors on your machine. You have completed the first step.
Note: The provided version number of lm_sensors is likely to change soon. So you are better off just browsing to http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/ and selecting the latest lm_sensors package for installation.
Detection
You now need to detect available sensors on your system. Run sensors-detect from command line (after logging as root).
Accept all the default values.
At the end it will print out something like:
Ignore the other instructions. Now run:
service lm_sensors start
This will start the lm_sensors service. Now run:
sensors -s
There should be no output. Next run:
sensors
This will list available sensors and provide current sensor data.
The last two steps are for checking that the sensor detection is working correctly.
Now install gnome-applet-sensors:
To activate it right click on a Gnome panel and choose Add to Panel. Then select Hardware Sensors Monitor.
lm_sensors requires coretemp kernel module which is only available in 2.6.21.x kernels and above. So you will have to install the development versions of kernel to use lm_sensors in core 2 duo systems. Personally I am waiting for the 2.6.21 release version. It will soon be released.
Install
To use lm_sensors you will have to install it from the development repository.
Login as root and run the following:
rpm -iv http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/lm_sensors-2.10.3-2.fc7.i386.rpmThis will install lm_sensors on your machine. You have completed the first step.
Note: The provided version number of lm_sensors is likely to change soon. So you are better off just browsing to http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/ and selecting the latest lm_sensors package for installation.
Detection
You now need to detect available sensors on your system. Run sensors-detect from command line (after logging as root).
Accept all the default values.
At the end it will print out something like:
To make the sensors modules behave correctly, add these lines toAdd the line, as instructed, to the end of /etc/modprobe.conf file.
/etc/modprobe.conf:
#—-cut here—-
# I2C module options
alias char-major-89 i2c-dev
#—-cut here—-
Ignore the other instructions. Now run:
service lm_sensors start
This will start the lm_sensors service. Now run:
sensors -s
There should be no output. Next run:
sensors
This will list available sensors and provide current sensor data.
The last two steps are for checking that the sensor detection is working correctly.
Now install gnome-applet-sensors:
yum install gnome-applet-sensorsTo activate it right click on a Gnome panel and choose Add to Panel. Then select Hardware Sensors Monitor.
lm_sensors requires coretemp kernel module which is only available in 2.6.21.x kernels and above. So you will have to install the development versions of kernel to use lm_sensors in core 2 duo systems. Personally I am waiting for the 2.6.21 release version. It will soon be released.
Kernel Tunable Security Parameters
The following list shows tunable kernel parameters you can use to secure your Linux server against attacks.
For each tunable kernel parameters I will show the entry that needs to be added to the /etc/sysctl.conf configuration file to make the change permanent after reboots. To activate the configured kernel parameters immediately at runtime, use:
# sysctl -pEnable TCP SYN Cookie Protection
A "SYN Attack" is a denial of service attack that consumes all the resources on a machine. Any server that is connected to a network is potentially subject to this attack.
To enable TCP SYN Cookie Protection, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.tcp_syncookies = 1Disable IP Source Routing
Source Routing is used to specify a path or route through the network from source to destination. This feature can be used by network people for diagnosing problems. However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it's not communicating with a trusted server.
To enable Source Route Verification, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.accept_source_route = 0Disable ICMP Redirect Acceptance
ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server. However, an intruder could potentially use ICMP redirect packets to alter the hosts's routing table by causing traffic to use a path you didn't intend.
To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.accept_redirects = 0Enable IP Spoofing Protection
IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks. For more information on IP Spoofing, I recommend the article IP Spoofing: Understanding the basics.
To enable IP Spoofing Protection, turn on Source Address Verification. Edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.rp_filter = 1Enable Ignoring to ICMP Requests
If you want or need Linux to ignore ping requests, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_echo_ignore_all = 1This cannot be done in many environments. Enable Ignoring Broadcasts Request
If you want or need Linux to ignore broadcast requests, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_echo_ignore_broadcasts = 1Enable Bad Error Message Protection
To alert you about bad error messages in the network, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_ignore_bogus_error_responses = 1Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets
To turn on logging for Spoofed Packets, Source Routed Packets, and Redirect Packets, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.log_martians = 1References for Kernel Tunable Parameters
Network Security with /proc/sys/net/ipv4
IP Spoofing: Understanding the basics
Iptables Limits Connections Per IP
Syntax
The syntax is as follows:/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset # save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Example: Limit SSH Connections Per IP / Host
Only allow 3 ssh connections per client host:/sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT # save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Example: Limit HTTP Connections Per IP / Host
Only allow 20 http connections per IP (MaxClients is set to 60 in httpd.conf):WARNING! Please note that large proxy servers may legitimately create a large number of connections to your server. You can skip those ips using !/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset # save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Skip proxy server IP 1.2.3.4 from this kind of limitations:
/sbin/iptables -A INPUT -p tcp --syn --dport 80 -d ! 1.2.3.4 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
Example: Class C Limitations
In this example, limit the parallel http requests to 20 per class C sized network (24 bit netmask)/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j REJECT --reject-with tcp-reset # save the changes see iptables-save man page service iptables save
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 10 connection attempts to port 80 within 100 seconds (add rules to your iptables shell script)#!/bin/bash IPT=/sbin/iptables # Max connection in seconds SECONDS=100 # Max connections per IP BLOCKCOUNT=10 # .... # .. # default action can be DROP or REJECT DACTION="DROP" $IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set $IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION} # .... # ..
How Do I Test My Firewall Working?
Use the following shell script to connect to your web server hosted at 202.1.2.3:#!/bin/bash ip="202.1.2.3" port="80" for i in {1..100} do # do nothing just connect and exit echo "exit" | nc ${ip} ${port}; done
Linux: How to clear the cache from memory
Linux has a supposedly good memory management feature that will use up any "extra" RAM you have to cache stuff. This section of the memory being used is SUPPOSED to be freely available to be taken over by any other process that actually needs it, but unfortunately my Linux (three distros now, Mandriva 32 bit, and Mandriva 64 bit, and Opensuse 11 64 bit) thinks that cache memory is too important to move over for anything else that actually needs it.
I have 6 GB RAM in my computer. Whenever there is no cache being stored in the memory (i.e. when I first boot the computer), everything runs great. But as soon as it fills up with cache, my computer starts feeling like a 700mhz P2 running windows 98 stuffed full of malware. It's terrible..
Up until just now, I have been forced to restart every time this happens because I simply cannot get any work done while in this state of retardation. I can close every single program I'm running - and even then, simply right clicking would require some extended thinking before loading the context menu. Ridiculous.
Luckily, I found a way to clear out the cache being used. Simply run the following command as root and the cache will be cleared out.
Thank you ariel for posting in the comments below about including the sync command before dropping caches.
I have 6 GB RAM in my computer. Whenever there is no cache being stored in the memory (i.e. when I first boot the computer), everything runs great. But as soon as it fills up with cache, my computer starts feeling like a 700mhz P2 running windows 98 stuffed full of malware. It's terrible..
Up until just now, I have been forced to restart every time this happens because I simply cannot get any work done while in this state of retardation. I can close every single program I'm running - and even then, simply right clicking would require some extended thinking before loading the context menu. Ridiculous.
Luckily, I found a way to clear out the cache being used. Simply run the following command as root and the cache will be cleared out.
Linux Command
echo 3 > /proc/sys/vm/drop_caches
echo 3 > /proc/sys/vm/drop_caches
Thank you ariel for posting in the comments below about including the sync command before dropping caches.
Improve Firefox speed by 5x
1. Open Firefox and in the address bar type about:config.
2. Click on “I’ll be careful, I promise“
3. Use the search bar above to look for network.http.pipelining and double click on it to set it’s value to True.
4. Create a new boolean value named network.http.pipelining.firstrequest and set that to True, as well.
5. Find network.http.pipelining.maxrequests, double click on it, and change its value to 8.
6. Look for network.http.proxy.pipelining and set it to True.
7. Create two new integers named nglayout.initialpaint.delay and content.notify.interval, set them to 0.
8. Restart your browser.
All done. You should feel the browser is 5x more responsive than before while navigating websites.
Mrtg on Linux................
1. Introduction
2. SNMP server
2.1 Installation
Initially we install the packets needed for SNMP. Yum makes this job a lot easier.
Next we make snmpd service to start automatically for the runlevels we want.
And we start the server.
We can see that it is running in port 199.
2.2 Configuration
We run ‘snmpwalk’ which creates a “tree” of information for our network.
If you see an output like this one you may proceed with the MRTG installation. Else you should make some configuration first.
We keep a backup of snmpd.conf just in case anything goes wrong
We open it
And do the follow changes:
with those
where 10.0.0.0/8 we put what our network is
with those
with this one
with those
with something like this
2.3 Check
We restart the server to take affect of the notices
And we run again
Now we should see something like that
Where 10.103.0.33 is your ip address.
3. MRTG
3.1 Installation
We again use yum
3.2 Configuration
We create the folder in which our graphs and html pages will be kept
And we run ‘cfgmaker’ for the configuration file to be created.
3.2.1 Apache configuration
3.3 Check
We run the following command
In case you get an error like this
you have to run the above command more than once till it runs without any error. This is normal.
Finally we open our browser and type
You should see something like this
And by clicking on it something like this
With the same way it is possible to add as many computers as we want and therefore have a general overview of our network. Enjoy! ;)
MRTG (Multi Router Traffic Grapher) is an application that allows us to observe the traffic of a network. It generates html pages with graphs which are refreshed according to our network’s current state. Its source is written in Perl and C which means that it can be installed in every Operating System we like. We will also need SNMP daemon (Simple Network Management Protocol) which gives us information for a network. The following installation was accomplished under Linux and specifically Fedora Core 6. With some little changes it can be used and under other distros.
2. SNMP server
2.1 Installation
Initially we install the packets needed for SNMP. Yum makes this job a lot easier.
Next we make snmpd service to start automatically for the runlevels we want.
| # yum install net-snmp-utils net-snmp |
And we start the server.
| # chkconfig --level 345 snmpd |
We can see that it is running in port 199.
| # service snmpd start |
| # netstat -natv | grep ':199' tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN |
2.2 Configuration
We run ‘snmpwalk’ which creates a “tree” of information for our network.
If you see an output like this one you may proceed with the MRTG installation. Else you should make some configuration first.
| # snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex |
| ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.127.0.0.1 = 1 ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.192.168.0.3 = 2 |
We keep a backup of snmpd.conf just in case anything goes wrong
| # cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.original |
We open it
| # nano /etc/snmp/snmpd.conf |
And do the follow changes:
- we change this line
| com2sec notConfigUser default public |
with those
| com2sec local localhost public com2sec mynetwork 10.0.0.0/8 public |
where 10.0.0.0/8 we put what our network is
- we change those lines
| group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser |
with those
| group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork group MyROGroup usm mynetwork |
- we change those lines
| view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 |
| view all included .1 80 |
- we change this line
| access notConfigGroup "" any noauth exact systemview none none |
with those
| access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none |
- and finally we change those lines
| syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root (configure /etc/snmp/snmp.local.conf) |
with something like this
| syslocation Linux, Fedora Core 6 syscontact Root root@localhost |
We restart the server to take affect of the notices
| # service snmpd restart |
And we run again
| # snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex |
Now we should see something like that
| IP-MIB::ipAdEntIfIndex.10.103.0.33 = INTEGER: 2 IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1 |
3. MRTG
3.1 Installation
We again use yum
| # yum install mrtg |
3.2 Configuration
We create the folder in which our graphs and html pages will be kept
| # mkdir /var/www/html/mrtg/ |
And we run ‘cfgmaker’ for the configuration file to be created.
| # cfgmaker --global "workdir: /var/www/mrtg" -ifref=ip --output /etc/mrtg/mrtg.cfg --global 'options[_]: growright,bits' public@localhost |
Here you should pay notice to --output /etc/mrtg/mrtg.cfg as long as to public@localhost. With this command we tell MRTG to create a configuration file with the name ‘mrtg.cfg’ for the traffic of our computer (localhost). Instead of localhost you may put the address of any computer you may monitor as long as it runs SNMP.
Next we create our default index page | # indexmaker --output=/var/www/html/mrtg/index.html /etc/mrtg/mrtg.cfg |
3.2.1 Apache configuration
Next we have to configure apache for MRTG to work correctly. MRTG creates a file ‘mrtg.cfg’ under /etc/httpd/conf.d we contains all the necessary for Apache. We change it to contain the ips we want to have access to our MRTG graphs. Here I have added all my network.
| Alias /mrtg /var/www/mrtg Order deny,allow Deny from all Allow from 127.0.0.1 10.0.0.0/8 |
We run the following command
In case you get an error like this
| # mrtg /etc/mrtg/mrtg.cfg |
| ERROR: Mrtg will most likely not work properly when the environment variable LANG is set to UTF-8. Please run mrtg in an environment where this is not the case. Try the following command to start: env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg |
| # env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg 23-02-2007 17:28:53, Rateup WARNING: /usr/bin/rateup Can't remove localhost_2.old updating log file # env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg # |
| http://127.0.0.1/mrtg |
You should see something like this
And by clicking on it something like this
There are daily, weekly, monthly and yearly graphs which aren’t shown in the screenshot. By changing the .cfg file we can alter the information displayed to what we just want.
4. Outroduction With the same way it is possible to add as many computers as we want and therefore have a general overview of our network. Enjoy! ;)
Avast Antivirus for Ubuntu Desktop
avast! Home Edition is a complete anti-virus package, that is is free for registered home non-commercial users. It contains an on-demand scanner with two interfaces (simple for novices and advanced for experienced users), an on-access scanner with Standard Shield (which protects against execution and opening malware programs) and an embedded e-mail scanner which scans incoming and outgoing email messages.
Install Avast Antivirus in Ubuntu
First you need to download the .deb package from here
wget http://files.avast.com/files/linux/avast4workstation_1.0.6-2_i386.deb
Now you have avast4workstation_1.0.6-2_i386.deb package.Install .deb package using the following command
sudo dpkg -i avast4workstation_1.0.6-2_i386.deb
This will complete the installation now you need to get the registration key for this you need to fill the online form available here and they will send registration key to your mail address
Applications Menu Setup
or this you need to run a script from the following location
cd /usr/lib/avast4workstation/share/avast/desktop
sudo ./install-desktop-entries.sh install
This will complete the application menu setup.
If you want to access you need to go to Applications—>Accessories—>avast!Antivirus
First time it will prompt for license key enter your license key you have got in our previous steps
Avast Antivirus Interface
Avast Antivirus database is updating.If you want to update click on update database
You can select the virus scan here and click on start scan
Avast antivirus version details
Top memory consuming processes
You can check for top memory consuming processes by issuing the following commands:
1) Displaying top CPU_consuming processes:
ps aux | head -1; ps aux | sort -rn | head -10
2) Displaying top 10 memory-consuming processes:
ps aux | head -1; ps aux | sort -rn | head
3) Displaying process in order of being penalized:
ps -eakl | head -1; ps -eakl | sort -rn
4) Displaying process in order of priority:
ps -eakl | sort -n | head
5) Displaying process in order of nice value
ps -eakl | sort -n
6) Displaying the process in order of time
ps vx | head -1;ps vx | grep -v PID | sort -rn | head -10
7) Displaying the process in order of real memory use
ps vx | head -1; ps vx | grep -v PID | sort -rn | head -10
8) Displaying the process in order of I/O
ps vx | head -1; ps vx | grep -v PID | sort -rn | head -10
9) Displaying WLM classes
ps -a -o pid, user, class, pcpu, pmem, args
10) Determinimg process ID of wait processes:
ps vg | head -1; ps vg | grep -w wait
11) Wait process bound to CPU
ps -mo THREAD -p
Subscribe to:
Posts (Atom)