Linux

Configuring VLANs in Linux

Turn off the Network Manager

#chkconfig NetworkManager off

goto directory “/etc/sysconfig/network-scripts/” and edit ifcfg-eth0 or ifcfg-eth1.

#cd /etc/sysconfig/network-scripts/
#vi ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
HWADDR=00:0C:29:CA:19:29
HOTPLUG=no
IPADDR=10.10.1.230
PREFIX=24
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=no
NAME="Ethernet1"
VLAN=yes

For creating VLAN with ID=300

#cp ifcfg-eth0 ifcfg-eth.300          //copy file and rename it to eth.vlanid
#vi ifcfg-eth.300
DEVICE=eth0.300
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
HWADDR=00:0C:29:CA:19:29
HOTPLUG=no
IPADDR=10.10.2.230
PREFIX=24
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=no
NAME="VLAN300"
VLAN=yes

Then

#service network restart

You can create more VLANs by creating more files ifcfg-eth0.VLANID and replacing it with VLAN ID.

Identify Real CPU Cores in linux

Before I begin software installation I usually need to cross check the hardware specification of the provided hardware with requirements communicated to project owners. During this phase identification of CPU cores is mandatory to avoid performance issues in production environment.

Finding the number of CPU cores on a Linux server can be challenging. The way /proc/cpuinfo displays information makes it hard to distinguish between real CPU cores and logical hyperthreading CPU’s.
For example, consider if I run the following command on linux OS

$ cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
processor : 2
processor : 3

The above output explains I have 4 CPU Cores however in reality there are only 2 CPU Cores , the other 2 Cores are virtual Cores which appears if hyper threading is enabled on your system

Using the following command we can tie all of this together to show the number of cores on a system:

$ cat /proc/cpuinfo | egrep "core id|physical id" | tr -d "\n" | sed s/physical/\\nphysical/g | grep -v ^$ | sort | uniq | wc -l

CentOS Command Line Installing Guide from Basic

After Installing CentOS, you will need to login on the screen:
login: user
password: root

For logging into root where you can change the configuration you need to write “su -”
The root password will be the one that is set at the time of the setup.
 

STEP -1
Setting Ethernet Interface Configuration:

For DHCP

[root@xomolinux network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:0E:BB:33
TYPE=Ethernet
UUID=e474a928-f297-4d28-a5be-6af5a0a86831
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp

For Static IP
DEVICE=eth0
HWADDR=00:0C:29:0E:BB:33
TYPE=Ethernet
UUID=e474a928-f297-4d28-a5be-6af5a0a86831
ONBOOT=yes
IPADDR=192.168.8.105
NETMASK=255.255.255.0
GATEWAY=192.168.8.1
DNS=8.8.4.4
NM_CONTROLLED=no
BOOTPROTO=none

To re-start the service

service network restart

 

STEP-2

Enabling Telnet
root@server ~]# yum install telnet telnet-server -y
Now the telnet has been installed in your server. Next open the telnet configuration /etc/xinetd.d/telnetand set disable = no:
[root@server ~]# vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}

Save and quit the file. Now restart the telnet service using the following command:

[root@server ~]# service xinetd start
Starting xinetd: [ OK ]
Make this service to start automatically on every reboot
[root@server ~]# chkconfig telnet on
[root@server ~]# chkconfig xinetd on

Allow the telnet default port 23 through your firewall and Router. To allow the telnet port through firewall, open the file /etc/sysconfig/iptables and enter the lines as shown in red color:

[root@server ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 23 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 23 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Save and exit the file. Restart iptables service:

[root@server ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

Thats it. Now telnet server is ready to use.

Create a test user called “sk” with password “centos“:

[root@server ~]# useradd sk
[root@server ~]# passwd sk

Changing password for user sk.

New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.

Check the Service Configuration
chkconfig --list

Historical Data Records Push Failure

The historical data records are the Comma separated files generated by Oracle Session border controller to maintain traffic statistics.This also include performance statistics like CPU utilization , Memory Consumption etc.

 

These historical data records (commonly known as HDRs) are pushed out of the hardware for performance reporting. In order to get nicely presentable graphical reports you should have Net-Net Central in your network.

 

The Net-Net Central (commonly known as NNC) is a elemantery managment system for Oracle Session border controllers.
It includes Device Manager, Configuration Manager , Report Manager , Security Manager and Fault Manager.

 

The HDRs are push to NNC every 15minutes(this is a default value can be changed to accommodate your needs) however the records are collected and written to a CSV every 5mins (default values).

 

In order to configure session border control a.k.a SBC to generate HDRs , collection group need to configured i.e

 

system->system-config->collect->push-receiver.

 

Following details are mandatory to configure push-receiver from SBC CLI.

* address
* user-name
* password
* data-store
* protocol

 

Sample Configuration

collect
sample-interval 5
push-interval 15
boot-state enabled
start-time now
end-time never
red-collect-state enabled
red-max-trans 1000
red-sync-start-time 5000
red-sync-comp-time 1000
push-receiver
address x.x.x.x
user-name nncentral
password ********
data-store /opt/collect
protocol sftp
push-success-trap-state disabled

In case if configuration has been done using NNC ,you will require additional password i.e acmepacket

It is also recommended to restart collection service , you can use following command

request collect restart

At this stage you have configured HDRs correctly however I am sure it will not work until you configure server public key in SBC.
Please note SBC use SSH2 however most of the linux servers use OpenSSH, this will cause incompatiabilty as both have different key format.

 

The best way is to convert your server public key to SSh2 using following , excute command where OpenSSH is installed otherwise it will fail.

ssh-keygen -e -f /etc/ssh/id_rsa.pub

Now copy the output of this command and import this key in using following command

ssh-public-key import known-hosts <any-name-to-identify>
save-config
activate-config

Oracle recommends to import both RSA and DSA keys in SBC.

To verify if HDRs are pushed correctly execute following command

show logfile log.collect

To verify NNC has received CSV files , look for the files at data-store location (mention above while configuring collection service)

Quick Fix for NTP DDoS Attack (Reflection Attack)

All you need to do is add few lines in linux ntp configuration file i.e ntp.conf

Here’s how your ntp.conf will look like- this is just one way of blocking the NTP reflection attacks.

restrict default ignore // Config to Restrict all by default

restrict NTP Server IP Address mask 255.255.255.255 nomodify notrap noquery
 // Deny any queries or modification requests from the NTP Server

restrict Client Subnet mask 255.255.255.0 //Needed only if the Linux Machine 
is acting as server to other clients.

server NTP Server IP Address

server 127.127.1.0

fudge 127.127.1.0 stratum 10 

Again this is just one way of doing it quick.

For more information read the security bulletin from the ntp.org.

ExplainShell Breaks Down Long, Confusing Linux Commands

ExplainShell Breaks Down Long, Confusing Linux Commands

 

Ever come across a tutorial online that tells you to run a long terminal command, but want to know what each part of it actually means? ExplainShell does exactly that: paste in the command, and it’ll tell you what each portion of the code does.

 

Obviously, you could do this yourself by searching through man pages—and we still recommend you read the man pages to learn more—but this is a really fast, helpful way to understand what you’re doing rather than just copying and pasting commands willy-nilly. For example, if a tutorial tells you to run:

 

ssh -i keyfile -f -N -L 1234:www.google.com:80 host

 

ExplainShell would explain that “-i keyfile” selects the file containing your key, “-f” runs it in the background, and so on. It doesn’t work with every command you’ll ever come across, but it’s a pretty handy tool to have in your arsenal.

[Read More: Full article by Whitson Gordon]

50 Most Frequently Used UNIX / Linux Commands (With Examples)

This article provides practical examples for 50 most frequently used commands in Linux / UNIX.

This is not a comprehensive list by any means, but this should give you a jumpstart.

 

1. tar command examples common Linux commands. 

Create a new tar archive.

$ tar cvf archive_name.tar dirname

Extract from an existing tar archive.

$ tar xvf archive_name.tar

View an existing tar archive.

$ tar tvf archive_name.tar

More tar examples: The Ultimate Tar Command Tutorial with 10 Practical Examples

 

 2. grep command examples

Search for a given string in a file (case in-sensitive search).

$ grep -i "the" demo_file

Print the matched line, along with the 3 lines after it.

$ grep -A 3 -i "example" demo_text

Search for a given string in all files recursively

$ grep -r "ramesh" *

More grep examples: Get a Grip on the Grep! – 15 Practical Grep Command Examples

[Read More: Full article by Ramesh Natarajan]