Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

Posts Tagged ‘Server’

FireFTP – Firefox Add-on

Posted by madhavkobal on 03/11/2009

FireFTP is a free, secure, cross-platform FTP client for Mozilla Firefox which provides easy and intuitive access to FTP Servers. Along with transferring your files quickly and efficiently, FireFTP also includes more advanced features such as: directory comparison, syncing directories while navigating, SFTP, SSL encryption, search/filtering, integrity checks, remote editing, drag & drop, file hashing, and much more!

Download FireFTP from here

Screenshot

fireftp

Advertisements

Posted in Uncategorized | Tagged: , | Leave a Comment »

Setup a local DNS server to have access to multiple DNS zones like internet and internal net

Posted by madhavkobal on 09/10/2009

You want to have access (name resolution) for the internet and also for an internal network, but neither the name server for the internet (providers name server) nor the internal one take care of the other area.

Solution:

While dns clients usual could try to connect multiple name servers in sequence, they only connect to the second or third name server, if the precursor one did not reply to the dns request. But when a name server tells that it could not solve the request the dns client does not ask any further servers.

This can be solved by a local running dns server. This local dns server will be configured to serve both areas (called zones in the bind language).

This cool solution is based on SLE10.

Procedure

The dns domain names (example.com, example.org) in the following steps are example values used for documentation (see also RFC 2606, Section 3).

Package installation

You need the packages bind and bind-chrootenv.

Starting the YaST configuration module

As user root start the yast dns server configuration module:

 yast dns-server

If you configure your dns server the first time the yast screens could be a bit different. If you come back to the dns server configuration once more the following screen shots should match.

Configure DNS-Startup

In our sample we select to startup the dns server during system boot.

Configure DNS Forwarders

To have access to the internet name resolution we first add the name server addresses of this default area and zones. We do not add the internal name server here, this will be done when configuring an additional special zone.

Configure DNS Basic Options

Check the following screen shot for some sample basic options.

Configure DNS-Logging, ACLs and TSIG-Keys

In our sample setup we do not change the setting of the sections “DNS-Logging”, “ACLs” and “TSIG-Keys”.

Configure DNS Zones

In this step we define the internal zone, which is resolved by an internal name server. Our sample zone is “example.com”. Select zone type “forward”. Just add the zone then use the edit button to add the details like the internal name server address.

We can now add an additional optional internal zone, which will be handled by the local name server itself. First we add the zone “example.org”.

In the next step you might configure the contents of your additional zone like acl, name service entries.

Click to view.

Original Author :  fmherschel

Posted in Uncategorized | Tagged: , | Leave a Comment »

Tornado – An Open Source Web Server, Courtesy Of Facebook

Posted by madhavkobal on 14/09/2009

Facebook has released one of its core piece of infrastructure called Tornado under an open source license.

From the Facebook announcement:

Tornado is a relatively simple, non-blocking Web server framework written in Python, designed to handle thousands of simultaneous connections, making it ideal for real-time Web services.


Tornado was originally developed by Friendfeed to power its real time web infrastructure prior to it being acquired by Facebook.

Check out the other open source projects from Facebook.

Read in detail about the technology behind Friendfeed’s web server Tornado here

.

Posted in Uncategorized | Tagged: | Leave a Comment »

SMB traffic analyzer for SLE11

Posted by madhavkobal on 06/09/2009

The stad daemon is part of the SMB traffic analyzer software suite, a toolset aiming at visualizing the data flow on one or more Samba servers, providing statistics about the usage of Samba services. The long term goal of the SMB Traffic Analyzer project is to provide a universal remote debugging facility for Samba.

Download options for vfs_smb_traffic_analyzer:

Get a version of Samba newer than 3.2.0. The VFS module is included in the Samba distribution.

Download options for stad:

Distributions:

Posted in Uncategorized | Tagged: , | Leave a Comment »

iSCSI SAN with SUSE

Posted by madhavkobal on 21/08/2009

1. Node2 to create a new partition from the building region. And all the rest.

YaST -> System -> Partitioner click “Create”.

2 Click Add Primary Partition “OK”.

Image

Image

4, Configuring iSCSI target to the node2.

Image

5. The tab “Targets” to remove demo iSCSI target and then left click “Add”  iSCSI target.

Image

Image

7 Click Finish | answer Yes in the window warning Restart iSCSI.

Image

# Shutdown-hr now.

Open YaST -> Network Services -> iSCSI Initiater | Select When Booting.

Image

IP Address : 10.0.0.12 | Next IP Address: 10.0.0.12 | Next.

Image

Image

11, the tab “Cnonected Target” button and then click Select “Toggle Start-Up” button and then click Finish.

Image

12. Partitioning the iSCSI Lun via node1 Partitioning the iSCSI Lun via node1.

Image

Image

Image

Image

14. 14. Create a third partition Create a third partition.

Image

Image

Image

16 Click “Quit” is completed.

Image

Image
// <![CDATA[//
// <![CDATA[//

Posted in Uncategorized | Tagged: , | Leave a Comment »

Configuring a TFTP/PXE Server

Posted by madhavkobal on 20/08/2009

Pre-eXecution Environment (PXE) is a method of booting computers off of a network card independent of local storage devices such as a hard drive or a DVD. PXE is very useful in thin client environments or as a quick way to deploy a new operating system to any computer. PXE is dependent on several network protocols:

  • IP: A network layer protocol in the Internet Protocol Suite. IP provides the service of communicable unique global addressing amongst computers.
  • UDP: A core of protocol of the Internet Protocol Suit. UDP allows programs to send short messages sometimes know as datagrams.
  • DHCP: A method for networked computers to obtain IP addresses and other necessary networking parameters.
  • TFTP: A simple file transfer protocol that can be implement in a very small amount of memory

Setting up a TFTP server will allow you to easily deploy operating systems to machines without having to boot them from a CD or a DVD. Since most, if not all, laptops have an auto-sensing NICs these days, it is very convenient to setup a TFTP server on your machine. This will allow you to connect your laptop to another machine by a standard Ethernet cable and deploy a new operating system. If your machine doesn’t have an auto-sensing nic you can use a ethernet crossover cable or a switch/hub.

All of the components required for setting up a TFTP server are included in SUSE Linux Enterprise Server (SLES). While unsupported, you can install the necessary component packages from SLES on a SUSE Linux Enterprise Desktop (SLED).

A TFTP server requires the following things:

  • A dhcp server
  • Atftp (I prefer atftp because of advanced features and support for KIWI)
  • An installation source. This can either be an image that you created using KIWI or in the case of this article a SLED DVD or ISO.
  • A method of serving the installation source, in this case Apache.

DHCP. Before a PXE booted machine can do anything it needs to get an an IP address. This means you must setup a DCHP server. Go into the YaST Software Management module and install the “DHCP and DNS Server” pattern. This includes dhcp, dhcp6, dhcp-relay, dhcp-server, dhcp-tools. Next configure your /etc/dhcpd.conf file. Here is what mine looks like:
default-lease-time 14400;
ddns-update-style none;
subnet 192.168.2.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.2.50;
default-lease-time 14400;
filename "pxelinux.0";
next-server 192.168.2.50;
max-lease-time 172800;
range 192.168.2.51 192.168.2.160;
}

The key values for PXE booting are “filename” and “next-server”. Pxelinux.0 is a SYSLINUX derivative, for booting Linux off a network server, using a network ROM conforming to the Intel PXE specification. We will discuss more in a bit. For more information visit here. Next-server defines the ip address of the TFTP boot server. In this case the DHCP server and TFTP server are running on the same machine. Next we will have to configure a static IP address on our machine so that it matches the next-server value. In this example that address is 192.168.2.50 and the subnet mask is 255.255.255.0. To setup a static IP address go into yast and choose the “network card” module. Restart or start your dhcp server by running rcdhcpd start or rcdhcpd restart

ATFP: There isn’t much that needs to be configured beyond the defaults. Here is my /etc/sysconfig/atftpd file:

## Path: Network/FTP/Atftpd
## Description: ATFTP Configuration
## Type: string
## Default: "--daemon "
#
# atftpd options
#
ATFTPD_OPTIONS="--daemon --no-multicast" #I use --no-multicast to increase reliability of blasting down KIWI images, but it is not necessary

## Type: yesno
## Default: no
#
# Use inetd instead of daemon
#
ATFTPD_USE_INETD="no"
## Type: string
## Default: "/tftpboot"
#
# TFTP directory must be a world readable/writable directory.
# By default /tftpboot is assumed.
#
ATFTPD_DIRECTORY="/tftpboot"
## Type: string
## Default: ""
#
# Whitespace seperated list of IP addresses which ATFTPD binds to.
# One instance of the service is started on each IP address.
# By default atftpd will listen on all available IP addresses/interfaces.
#
ATFTPD_BIND_ADDRESSES=""

Note that the default location of of the ATFTP directory is /tftpboot. Start/restart ATFTP by entering atftpd start or atftpd restart

/tftptpboot is the directory where you store all the files necessary for PXE booting a machine. My /tftpboot directory contains the following files and directories:

-rw-r--r-- 1 root root 13148 Jul 11 06:35 pxelinux.0
drwxr-xr-x 2 root root 4096 Sep 24 16:33 pxelinux.cfg/
drwxr-xr-x 2 root root 4096 Jul 11 06:36 sled10x86/

Let’s address each of these files and directories individually.

pxelinux.0: We addressed this file previously in the dhcp section. You can get this file from /usr/share/syslinux/pxelinux.0

pxelinux.cfg: This directory contains a file named “default”. Here is the contents of my default file:
prompt 1 #this will bring up a boot prompt on the PXE booted machine and force the user to enter the label of the system they want to boot into. This a a good way to prevent people from accidentally blowing away their computer.
# sled10
label sled10 #enter this label (sled10) into the boot prompt
kernel /sled10x86/linux
append initrd=/sled10x86/initrd install=http://192.168.2.50/install/sled10x86 splash=silent showopts

By utilizing “prompt 1″ you can setup several different installation environments (SLES, SLED, openSUSE, SLE ThinClient etc.) To do this add multiple enteries. Each entry should point to the correct initrd, linux and installation source for that system. Each label should be unique.

sled10×86: This directory contains two files:

  • initrd
  • linux

You can get these files off of the SLED or SLES installation dvd in /media/boot/i386/loader/. Simply copy over the initrd and linux files to your /tftpboot/sled10×86 directory.

Installation source: As seen in the /tftpboot/pxelinux.cfg/default file we point to an installation source hosted on the same machine (install=http://192.168.2.50/install/sled10x86 splash=silent showopts)

  • Open up the “installation Server” yast module
  • Choose the appropriate protocol (in this case http)
  • Select a directory where you want to keep your installation source (in this case /install/).
  • Choose an alias for your directory (install)
  • Click Finish
  • Copy over the contents of SLED or SLES iso or dvd to the directory you just specified.
  • Check and make sure you can browse to your source through firefox

At this point you should be able to pxe boot a machine off of your laptop or desktop. Make sure that the machine to be PXE booted supports PXE and has it enabled in the BIOS. Some computers will refer to it as “network boot”. On most machines hitting F12 after powering on will force the machine to PXE boot. After the machine PXE boots enter “sled10″ at the boot prompt, hit enter, and then go forward with your installation.

Posted in Uncategorized | Tagged: , | Leave a Comment »

Back In Time – Simple Way to Backup Your Linux

Posted by madhavkobal on 20/08/2009

This tutorial to install Back In Time in Ubuntu. Its a very useful software to backup and restore your Ubuntu encase if there’s any problem with your Ubuntu. Back In Time acts as a “user mode” backup system. This means that you can backup/restore only folders you have write access to (actually you can backup read-only folders, but you can’t restore them). And now, here are the steps to install Back In Time.

1. Edit your sources.list file by typing:

sudo gedit /etc/apt/sources.list

2. Add this following command into your sources.list:

deb http://le-web.org/repository stable main

Then save and exit.

3. Add GPA key information from the terminal:

wget http://le-web.org/repository/le-web.key

sudo apt-key add le-web.key

4. Update your repositories by typing:

sudo apt-get update

5. Install Back In Time!

sudo apt-get install backintime-common backintime-gnome

6. And you’re set to go! You can found Back In Time in System Tools>Back In Time

Screenshots:

Posted in Server | Tagged: , | Leave a Comment »

Five ways to help secure Apache on Linux

Posted by madhavkobal on 20/08/2009

Apache is one of the most popular server available. And most Apache installations are running on Linux servers. Anyone running Linux will tell you that the operating system (be it on a server or desktop) enjoys a level of security operating systems do not enjoy. But does that mean you can just install Apache and assume it 100% safe? No. There are always ways to improve your security on just about every level.

In this article I will show you five simple ways to make your Linux Apache installation more secure. And of course you should always know that even with five new means of making your install more secure, that doesn’t mean it is perfectly safe from attack. Even after securing your installation, you should always keep watch over your server by checking log files and using standard security tools.

With that said, let’s get our Apache security on!

1. Update, update, update! One of the biggest no nos Linux administrators make is to “set it and forget it”. This should not be your standard policy. There are always updates that close new holes and patch security flaws. This holds true for Apache as much as it does any other system or . Keep watch, using your normal means of update, for any security update for Apache or any constituent component you have installed. By doing this you will ensure your web server is safe from any new known issues.

2. Disable modules you do not use. If you check the Apache configuration file. Most often this file is called httpd.conf and its location will depend upon what distribution you are running (For example CentOS has this file in /etc/httpd/conf/ whereas Ubuntu locates it in /etc/apache2). If you examine that file you will see quite a few modules listed. These modules will look like:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so

You might have to look up what some of these modules do to know if you need them or not. But there is no reason to load a module if you are not going to use it. To keep a module from loading place a comment in front of the line. You will have to restart Apache for this change to take effect.

3. Limit the request sizes allowed. Denial of Service attacks remain one of the most popular attacks on web sites because they are the easiest to pull off. One way to protect your site from DoS attacks is to use the following directives wisely: LimitRequestBody, LimitRequestFields, LimitRequestFieldSize, LimitRequestLine, and LimitXMLRequestBody within a Directory tag (the document root is probably the best place for this). By default Apache sets these directives to unlimited which means any size of request can be made. You will want to investigate these directives and configure them to suit your web sites needs. Unless it is absolutely necessary, do not set them to unlimited.

4. Use mod_security. This is the most important module you can use. This one module handles such tasks as: Simple filtering, regular expression filtering, server identity masking, and URL encoding validation. It is likely you will have to install mod_security, because the default Apache install does not include this module. Once installed you will want to make sure you at least add the “unique_id” and “security2″ directives in your Apache module section and then restart Apache. I will deal with this module in its own tutorial coming up very soon.

Figure 1Figure 1

5. Restrict browsing to your document root. The last thing you want is to allow browser to peek outside of the Apache document root (Such as /var/www/html or /var/www/). To do this you will want to configure your document root directory entry as shown in Figure 1. This will

Of course if you want to add options to any directory inside of the document root you will have to give that directory its own Directory entry.

Final thoughts

There are plenty more ways to secure your Apache installation, but these will get you started. Can you think of other ways to secure an Apache installation? If so, share them with your fellow ghacks readers.

Posted in Apache, Security, Server, Web | Tagged: , , , | Leave a Comment »