How send email attachments from a command prompt?

With Mutt tool you can perform this task.

Make sure Mutt RPM are installed on your systems.

Use following command to check RPM.

#rpm -qa | grep mutt

You can check the status.


Now...... Use following command to send a attachment file.

# mutt -s "Test mail" -a /root/install.log raman36127@gmail.com < /tmp/mailmessage.txt


:--raman36127@gmail.com - is the recipient
:--/tmp/mailmessage.txt - is the main body of the e-mail (read message from the file "mailmessage.txt")
:--/root/install.log - is an attachment (with option -a)
:-- "Test mail" - is a subject line (option -s)

Hope this work for you.............

Enjoy.............

Read More

Mysql databses Backup & restore

Database backup command.
You can use mysqldump command to take backup of your databases.
#mysqldump -h mysqlpc -u raman -p kumar testdata > testdata.sql
[-h] = host machine ..specify if u want.
[-u] = this is your database username
[-p] = this is the password for your database
[testdata] = the name of your database
[testdata.sql] = the file to which the backup should be written.

Multiple database backup.

If you want to specify the databases to backup, you can use the --databases parameter followed by the list of databases you would like to backup. Each database name has to be separated by at least one space when you type in the command. So if you have to backup 3 databases, let say Customers, Orders and Comments, you can issue the following command to back them up.
#mysqldump -u root -p pass21 --databases Customers Orders Comments > multibackup.sql

This is okay if you have a small set of databases you want to backup. Now how about backing up all the databases in the server? That's an easy one, just use the --all-databases parameter to backup all the databases in the server in one step.
#mysqldump --all-databases> alldatabases.sql

A Shell Script for Automating Backups?
You can automate the backup process by making a small shell script which will create a daily backup file. How do you get cron to back up your database without overwriting the older backup? You can use a tiny shell script to add the date to your backup file. An example of a shell script you could use is shown below.
#!/bin/sh
date=`date -I`
mysqldump --all-databases gzip > /var/backup/backup-$date.sql.gz

Restore your databases.
Make sure database name available on your machine.. To check use folowing command.
#mysql -u root -p (mysql password)
After login use following command to check databases name.
mysql>show databases;
If database name available that fine if not the create database ..use following command to create database
mysql > create database testdata;
After that quit from mysql....now use followig command to restore your database.
#mysql -u root -p **** testdata < /opt/backup/testdata.sql
Your database restore sucessfully...now u can check.

mysql> create database raman;
Query OK, 1 row affected (0.00 sec)

mysql> grant usage on raman.* to vendor@localhost identified by 'addbnm#83';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on raman.* to vendor@localhost;
Query OK, 0 rows affected (0.00 sec)


[root@raman ~]# mysql -u vendor -p raman
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show tables;
Empty set (0.00 sec)

Read More

SSL Certificate » SSL on XAMPP

Self Signed Certificate It is supposed you have already installed XAMPP wit apache and SSL support and you just wish to change certificate detailsIt means:-your server will display what you will write in your certificate-your certificate will be presented as been untrusted. It is not the case if your company is registered as being SSL provider. You need access as root on the server.Open ssh connection or open a console and login as root.
1) Create a temporary folder and go to that folder (it is not mandatory as long as you know where you are and what filw will be created)
# mkdir temp-ssl
#cd temp-ssl
2) create private key file (PK)Will be created server.key file
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus....++++++............++++++e is 65537 (0x10001)
Enter pass phrase for server.key: HERE YOU MUST ENTERE A PHARSE (keep in mind, you will need it lated !!!!)Verifying - Enter pass phrase for server.key:
3) create a certificate request file (CSR)Will be created server.csr
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: ENTER THE SAME PHARSE as aboveYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:NSWLocality Name (eg, city) []:SydneyOrganization Name (eg, company) [Internet Widgits Pty Ltd]:OLALA.COM.AU(TM)Organizational Unit Name (eg, section) []:SSLCommon Name (eg, YOUR name) []:AdministratorEmail Address []:ssladmin@olala.com.auPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:ENTERE A PASSWORDAn optional company name []:OLALA.COM.AU

You can see the details of this CSR by using following command
#openssl req -noout -text -in server.csr

4) Remove password protection from server.key You need it unless you wish to enter it any time apache start.
Do not do it so ... save secured key in a safe place, make a copy of it and unprotect itYou will have two files:server.key.secure (keep it in a safe place)server.key - you will need it
# cp server.key server.key.secure
# openssl rsa -in server.key.secure -out server.key

How do I verify that a private key matches its Certificate?

The `modulus' and the `public exponent' portions in the key and the Certificate must match

#openssl x509 -noout -modulus -in server.crt | openssl md5
#openssl rsa -noout -modulus -in server.key | openssl md5

(For wildcard commadn used ***
#openssl pkcs12 -in rkwild.pfx -out rkwild.pem
viriawild.pem
vi server.key
#openssl rsa -in server.key -out server.key ) wildcard ssl.



5) Generate the certificate file (CRT)you will have server.crt - you will need it
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature oksubject=/C=AU/ST=NSW/L=Sydney/O=OLALA.COM.AU(TM)/OU=SSL/CN=Administrator/emailAddress=ssladmin@olala.com.auGetting Private keyEnter pass phrase for server.key: ENTER PHARSE - the same like you entered at point 2) and 3
(6) Based on assumption you have /opt/lamppcopy as following (OVERWRITE)
#cp server.key in /opt/lampp/etc/ssl.key/server.key
#cp server.crt in /opt/lampp/etc/ssl.crt/server.crt
7) Restart apache
#/opt/lampp/lampp restart apache
Now all your websites hosted and accessed via https will show your self signed SSL certificate.

For test cert (30-09-08)
for certificate key generation from csr
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout server.key -out cert.crt
************************************************************************************

1) make sure use dedicated ip for ssl.

take the back up of original httpd-ssl.conf, & make ur httpd-ssl.conf

#vi httpd-ssl.conf

Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
# SSLLog /usr/local/apache/logs/ssl_engine_log
# SSLLogLevel info
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

NameVirtualHost 192.168.11.238

ServerAdmin webmaster@abc.com
DocumentRoot /path/of/site
ServerName abc.xyz.com
ServerAlias www.abc.xyz.com
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/of/abc.xyz.crt
SSLCertificateKeyFile /server/server.key
SSLCACertificateFile /path/of/CA_bundle.crt
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


And in host file make sure entry like this,

NameVirtualHost 192.168.11.235:80

ServerAdmin webmaster@infoproworld.com
DocumentRoot /a/b/c/site.com
ServerName site.com
ErrorLog logs/www.site.com-error_log
CustomLog logs/www.site.com-access_log common




Save the file .... restart the services




#/opt/lampp/lampp restart

Read More

How to Add swap file in LInux

In my exapmle i increase 512mb RAM and create 1 gb swap space for it. Not use another hdd. But i strongly recommend alwayz use HDD.

create swap file use this cmd.
#dd if=/dev/zero of=/swapfile bs=1024 count=1022976 (*999mb)
#mkswap /swapfile
enable swap file immeditae
#swapon /swapfile

For parament save entry in /etc/fstab file. like this
/swapfile swap swap defaults 0 0

This work for you.

P.S :- Keep it Simple.

Read More

Concurrent Version System (CVS)

CVS Installation.

In order to setup a Concurrent Versioning System (CVS) server on the system, follow these steps:

1. Make a cvs user with a home directory as well as create a new group called cvs:

   groupadd cvs
   useradd cvs -g cvs
   

2. Create repository # cvs -d /usr/local/cvsroot init *** (my changes)
   

3. Change owner and group of repository and all files to cvs:

   chown -R cvs.cvs /usr/local/cvsroot  *****(my chages)

4. Set the CVSROOT variable. This will be /home/cvs since a cvs user was created and its home directory will be used. Set this variable in /etc/profile by adding the the following to the end of the file:

   export CVSROOT=/home/cvs
   

5. Then set the permissions for /usr/bin/cvs so it can be executed at startup:

   chmod 2755 /usr/bin/cvs
   

6. Finally, add the following to the file /etc/xinetd.d/cvspserver

   service cvspserver
   {
          disable            = no
          socket_type    = stream
          wait                = no
          user                = cvs
          group              = cvs
          log_type          = FILE /var/log/cvspserver
          protocol          = tcp
          env                 = '$HOME=/home/cvs'
          bind                = 10.10.10.10
          log_on_failure  += USERID
          port                = 2401
          server             = /usr/bin/cvs
          server_args     = -f --allow-root=/usr/local/cvsroot pserver
   }
   

   Note: On the line that states the bind IP address: "bind = 10.10.10.10", replace "10.10.10.10" with the IP address to be used.
   
7. Make sure restart service : service xinetd restart or /etc/rc.d/rc5.d/S56xinetd restart
8. Check the CVS using the following command telnet 2401 or check port open with Brut (port scanning tool)
9. Add the users allowed to access the cvs into the cvs group by doing the following:

   make passwd file in usr/local/cvsroot/CVSROOT/passwd

10. add user with htpasswd command & make sure with cvs group. passwd file format is username:passwd:group
    

11. To access this CVS server from another computer, do the following:

    export CVSROOT=:pserver:abc@*.*.*.*:/usr/local/svcroot
    cvs login

Another command which i used.

import project (1st time)

#cvs -d /usr/local/cvsroot import samba(my e.g) samba21072008 start

#ls -l /usr/local/current/samba

now move or delete project (samba) to avoide bypass.

#pwd
/etc/samab/
#cd ..
#cvs co samba

now u can work on /etct/samba

after do chages in any files run

#cvs checkout samba

#cvs update

# cvs commit ( for parmament save and add ur comment)

for see changes u can use this command.

#cvs -nq update


How add dir and files in cvs.

suppose u work in /etc/samba/

#mkdir new
#cvs add new

Message show /usr/local/cvsroot/samaba/new added to repository.


For add any file.
# cd new
#touch a.text
#cvs add a.txt (use * for multiple text file)
#cvs update
#cvs commit (add ur comment)

now your text file sucessfully added in repository.



help full links are ( www.in.redhat.com,http://www.taursys.com/howto/cvs/,http://www.idevelopment.info/)

Read More

Recover / Changes Root password in Mysql

First stop the mysql service.
#/etc/init.d/mysqld stop
start server mysql without password.
#mysqld_safe --skip-grant-tables &
#mysql -u root
mysql > use mysql;
mysql > update user set password=passwd(******) where user="root";
>flush privileges;
>quit;

Now start the services.
#/etc/init.d/mysqld start
Now you can login with new passwd.
#mysql -u root -p

Read More

Script for Tar your backup and SCP

Use this script as it is as..only chage ur host and backup location.

vi backup.sh (give it exectuable permission )
#chmod 755 backup.sh (for execute)

vi backup.sh
HOST=1.2.3.4
USER=root
PASSWD=*******
DATE=`/bin/date +%Y%m%d`
TIME=`/bin/date +%H`
HOSTNAME=`/bin/hostname`
#mysqldump -c -B -uroot -pfoobar DB1 DB2 mysql > data.sql && (in case if u use mysql database ) in my case i am not use so use # (disable)
tar zcvf $DATE.$TIME.$HOSTNAME.tar.gz /tmp > /dev/null && (i use /tmp dir which i used for my backup)
scp *.tar.gz $HOST:/home/raman/ (remot path)
#$DATE.$TIME.$HOSTNAME.tar.gz ;: (disable)

Just drop me a mail if you face any problem.....at..... raman38192@gmail.com

Read More

SSH and SCP Without Password

SSH and scp without password.


Make sure id_rsa.pub key available in your destination.

For eg. you connect A to B

Run
#ssh-keygen -t rsa (A box)

Generated keys in /root/.ssh dir

copy id_rsa.pub key

and paste it in box B.

make sure /root/.ssh/authorized_keys file is avaialble if not u create it manually.

and paste in this file.


Now u can login in box without asking a password.

Hope this doc work for you.

Read More

LINUX,APACHE,PHP & MYSQL

For intsallation
#yum install apache
#yum install php
#yum install mysql-server mysql

Open configuration file of apache server.
#vi /etc/httpd/conf/httpd.conf
a)search Load module
LoadModule php4_module modules/libphp4.so
b)Search directoryIndex
DirectoryIndex index.html index.html.var index.php
c) search AddType
AddType application/x-httpd-php.php
save the file
and restart apche service.
Open config file of PHP
#vi /etc/php.ini
a) search doc_root
doc_root="/var/www/html"
b) search file_uploads
file_uploads=off
Open config file of mysql
#vi /etc/my.cnf
service restart.
you can point your browser to http://localhost and you should see a welcome page

To test if php is running, go to /var/www/html and create an index.php file with the content belowand refresh your browser again

Read More

SEND MAIL SERVER

MTA:-> Mail transport agentProtocol used in mail server.
SMTP:- Simple mail transfer protocol..which work on 25 port number. Used for sending the mail.
Incoming mail :-- user have mail account on mail server, then user connect to via a mail server using a MUA i.e mail user agent like outlook,evolution and command line tool like mutt.
protocol used for pop 110 (popst office protocol) or imap 143 (internet mail access protocol).

Installing Sendmail.
packages are required sendmail-cf, sendmail
#service sendmail restart
configuration file for sendmail.
/etc/mail/sendmail.cf original conf file but very hard to configure understand.
/etc/mail/sendmail.mc This is macro file which is used to configure mail server.

edit this file... vi sendmail.mc
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl
DAEMON_OPTIONS(`Port=smtp,Addr=ur server ip, Name=MTA') dnl
save the file and run this command
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

#Service sendmail retstart
#pgrep sendmail
#netstat -an grep : 25

For test sendmail working or not
#telnet ur server ip 25
quit

#/etc/mail/access :- This file control for which network can use this mail server as an outgoing mail server.This file has two coloume
1st for ip or hostname and 2nd used for action in which keyboard like RELAY,OK,REJECT,DISCARD
#/etc/mail/localhostname
raman.net.in
whenever you change in anyfile run this cmd #make
#/etc/aliases :-- used for redirect your mail. two field
1 for actual user: 2 for which user
To activate the changes run this command #newaliases
Install Dovecot for pop or imap
#/etc/dovecot.conf
protocol = imap imaps pop3 pop3s
service dovecot restart

Read More

Making an initrd Image

An initrd image is needed for loading your SCSI module at boot time or if you are compiling the kernel with ext3 support as a module. If you do not need an initrd image, do not make one and do not edit lilo.conf or grub.conf to include this image.
Use the /sbin/mkinitrd shell script to build an initrd image for your machine. To use this command, the loopback block device must be available.
To build the new initrd image, run /sbin/mkinitrd with parameters such as this:
/sbin/mkinitrd /boot/initrd-2.4.18-0.12-jul2001.img 2.4.18-0.12-jul2001
In the above example, /boot/initrd-2.4.18-0.12-jul2001.img is the file name of the new initrd image. 2.4.18-0.12-jul2001 is the kernel whose modules (from /lib/modules) should be used in the initrd image. This is not necessarily the same as the version number of the currently running kernel.
Refer:- http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/custom-guide/s1-custom-kernel-initrd.html

Difference Between LILO and GRUB.
1) GRUB (Grand Unified boot loader) most important ability to navigate file system,so you can read file without loading a kernal.
2)LILO (Linux Loader) has no interactive command interface,whereas GRUB does.
3) LILO does not support booting from a network,whereas GRUB does.
4) LILO stores information regarding the location of the operating systems it can to load physically on the MBR. If you change your LILO config file, you have to rewrite the LILO stage one boot loader to the MBR. Compared with GRUB, this is a much more risky option since a misconfigured MBR could leave the system unbootable. With GRUB, if the configuration file is configured incorrectly, it will simply default to the GRUB command-line interface

Port number list.
Go to this link:-- http://www.iana.org/assignments/port-numbers

Read More

Using TCP Wrappers to secure Linux

The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services. The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library

TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .

Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.

When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:

It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.

It checks the /etc/hosts.deny file and if a matching rule is found, it deny's the connection.

Read More

Password, Shadow and Group files Description in Linux

1) What is Password file?
Passwd file is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc.
2) Password file format
account:password:UID:GID:GECOS:directory:shell

* username
* encrypted password (or x if shadow passwords are in use)
* UID
* default GID
* real name (also known as the GECOS field)
* home directory
* default shell

3) What is Shadow file?
shadow file contains the encrypted password information for user's accounts and optional the password aging information.
4) Shadow file format
smithj:Ep6mckrOLChF.:10063:0:99999:7:::
if shadow passwords are being used, the /etc/shadow file contains users' encrypted passwords and other information about the passwords. It fields are colon-separated as for /etc/passwd, and are as follows:
* username
* encrypted password
* Days since Jan 1, 1970 that password was last changed
* Days before password may be changed
* Days after which password must be changed
* Days before password is to expire that user is warned
* Days after password expires that account is disabled
* Days since Jan 1, 1970 that account is disabled
* A reserved field

The password expiry related fields are modified by the change program.

5) What is Group file?
group file is an ASCII file which defines the groups to which users belong. There is one entry per line, and each line has the format
All three files are located in /etc directory and we will see each one this file detailed
6) Group file format
group_name:passwd:GID:user_list
The /etc/group file consists of group records, one to a line. Each record contains multiple fields, separated by colons (:). The fields are:
* group name
* encrypted group password (or x if shadow passwords are in use)
* GID
* group members' usernames, comma-separated

Read More

How do I telnet as the root user

modify your /etc/pam.d/login and /etc/pam.d/remote files.In this file, the first line:
auth required pam_securetty.so
comment out the first auth line so that your /etc/pam.d/login looks like this:.
#%PAM-1.0
#Commented out below line in order to allow root access for telnet
#auth required pam_securetty.so
Once you save these changes, you should be able to telnet to your system as the root user.

Read More

Linux file Types

"Unix systems,everything is a file: if something is not a file,it is process."A linux system, just like unix ,makes no difference between a file and a directory,since a directory just a file containig names of other files.
File type in a long list:-
- Regular file
d Directory
l Link
c Special file (character (unbuffered) device file special )
s Socket
p Named pipe
b Block device

for more information:- http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

Read More

Access control list

An access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file XYZ gives Alice permission to delete file XYZ.
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether or not to proceed with the operation.



Definitions

User class The conventional POSIX permission concept uses three classes of
users for assigning permissions in the le system: the owner, the owning
group, and other users. Three permission bits can be set for each user
class, giving permission to read (r), write (w), and execute (x). An introduction
to the user concept in Linux is provided in the User Guide in the
section Users and Access Permissions.

Access ACL The user and group access permissions for all kinds of le system
objects (les and directories) are determined by means of access ACLs.

Default ACL Default ACLs can only be applied to directories. They determine
the permissions a le system object inherits from its parent directory
when it is created.

ACL entry Each ACL consists of a set of ACL entries. An ACL entry contains a
type (see Table B.1 on the following page), a qualier for the user or group
to which the entry refers, and a set of permissions. For some entry types,
the qualier for the group or users is undened.

*For more information go through with following link:-

http://www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf

Read More