Admins eHow SysAdmin Tips & Tricks

May 21, 2015

Block Torrent Trackers on Linux

Filed under: linux,Security,Torrent — Tags: , , , — admin @ 2:38 am

Create “/etc/trackers” with a list of trackers which you want to be blocked.
My current file contains:

9.rarbg.com
announce.torrentsmd.com
bigfoot1942.sektori.org
bt.careland.com.cn
bttrack.9you.com
bttracker.crunchbanglinux.org
coppersurfer.tk
explodie.org
i.bandito.org
mgtracker.org
open.demonii.com
opensharing.org
torrent.fedoraproject.org
torrent.gresille.org
tracker.best-torrents.net
tracker.blucds.com
tracker.btzoo.eu
tracker.coppersurfer.tk
tracker.dler.org
tracker.istole.it
tracker.leechers-paradise.org
tracker.nwps.ws
tracker.openbittorrent.com
tracker.publicbt.com
tracker.tfile.me
tracker1.wasabii.com.tw

You can have duplicates in the list, script will take care of that.

Now create “/usr/bin/blocktrackers” script:

#!/bin/bash

IFS=$'\n'
L=$(/usr/bin/sort /etc/trackers | /usr/bin/uniq)
for fn in $L; do
        /sbin/iptables -D INPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -D FORWARD -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -D OUTPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A INPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A FORWARD -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A OUTPUT -d $fn -j DROP -m comment --comment "Tracker"
done

Make it executable and create a cronjob to run it daily because trackers change IP address very often.

March 22, 2015

Linux dig utility for Windows x64

Filed under: dns,General,linux,Windows — Tags: , , , — admin @ 5:00 pm

I have created an installer for Linux DNS dig utility for Windows x64. it is extracted from BIND 9.10.2.x64.
It installs dig into system32 folder of Windows so it is already included in PATH and can be invoked from anywhere in command prompt.

Download : DIG_9.10.2.x64

September 6, 2014

Send weekly reports of IPs logged into vsftpd

Filed under: linux — Tags: , , , — admin @ 10:25 am
root@X:[/etc/logrotate.d]: cat /etc/logrotate.d/vsftpd

/var/log/vsftpd.log
{
        create 640 root adm

        # ftpd doesn't handle SIGHUP properly
        missingok
        notifempty
        rotate 4
        weekly
        prerotate
                echo "<html><body><table>$(grep "OK LOGIN" /var/log/vsftpd.log | awk '{print $8" "$12'} | sort | uniq -c | awk '{print "<tr><td>"$2"</td><td>"$3"</td><td>"$1"</td></tr>"}')</table></body></html>" | mail -a "Content-type: text/html" -s 'FTP REPORT' mail@domain.com
        endscript
}

September 1, 2014

Filter out comments and empty lines from config files

Filed under: Bash,linux — Tags: , , , , , — admin @ 12:38 pm
egrep -v "^[[:blank:]]*(#|$)" filename

Send email alerts if Adaptec raid fails in Linux

Filed under: linux — Tags: , , , , — admin @ 10:56 am

For Adaptec Raid you need arcconf tool to check the raid status, you can install it based on the instructions provided on this link (For Debian) :
http://hwraid.le-vert.net/wiki/DebianPackages
After you have arcconf installed, create /usr/bin/raidcheck with following content and make it executable :

#!/bin/bash
RESULT=$(arcconf GETCONFIG 1 | grep Status | grep -v "Not Installed" | grep -v Optimal)
if [ -n "$RESULT" ]; then
    wget http://domain.com/notify.php?m=RAID_ERROR -O /dev/null
    else echo "Raid is OK"
fi

Note : In my script I have chosen to use a php script on another server to send the alert, this way I wont need to install a mail server on every server which I am monitoring. you can do the same or change the wget line to whatever you want.
Put the script in the cron to check the raid status every 12 hours :

0 */12 * * * /usr/bin/raidcheck

Disable ipv6 on Linux

Filed under: linux — Tags: , , — admin @ 10:17 am

To disable ipv6 on Linux, add following line to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1

Now apply the change :

sysctl -p

August 22, 2014

Kill a process with high CPU usage in Linux

Filed under: linux — Tags: , , , , , — admin @ 5:19 pm

Sometimes you may need to kill hanged processes with high CPU usage automatically. the following script can help you to do it :

#!/bin/bash
PROCESSNAME=''
HL=10

IFS=$'\n'
L=$(ps aux | grep $PROCESSNAME)
for fn in $L; do
        PID=$(echo $fn | awk '{print $2'})
        LOAD=$(echo $fn | awk '{print $3'})
        if [ $(echo "$LOAD > $HL" | bc -l ) -eq 1 ]
        then
                kill -9 $PID
                echo "Killed $PID"
        fi
done

Set PROCESSNAME to the process name which you want to be checked and HL to high load threshold.
Please note the load is based what ‘ps’ command reports and not what you see inside ‘top’.

August 20, 2014

Force public key authentication on SSH daemon (disable password authentication)

Filed under: Debian,linux,Security — Tags: , , , , , , — admin @ 2:18 pm

It is a very good security practice to completely disable password authentication on your Linux server and use public key authentication method.
In order to do that you need to create your own public/private key pair and put the public key in ~/.ssh/authorized_keys

mkdir -p ~/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHV80zPWjPAwKo8Be0k1ypBRMdYDC0H2eQchu3MFsEp8av2F/18GNuHsbyMWp0p1uovP5LGZ/oPZ1ISJxLxxOBiqv0fOyb8uTDYWUUITgGvq9Fppj3BNYTjnLCUAVMKdP3VJ7IPk69ygYR1nhAXiv3dSfeG74f2eo3ZYhrylsVS2G84DUh47FuEFOsfn5s2wXVjwAgqdKBhiVQZWrptf6TEK3fZTVg4rCiRJ+YiIwTZr/CfFHbdqOiwDlGR5fWo0PHHq31lrQXzkASfi3C+ahQFnHsy4+8LdCq+TjzC3J6PbuXP1wpLdm1iP35f61hU1wX2hwhyxdvE+SBXT/PpSVB' >> ~/.ssh/authorized_keys

DISCLAIMER : The above key is my public key, if you put it on your server, I will be able to login into your server 😀
Now add/change the following config to /etc/ssh/sshd_config

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PubkeyAuthentication yes

and restart ssh service :

service ssh restart

Note : Before closing your current SSH session, I highly recommend you to test that actually you can login into your server by new method. otherwise you may be locked out of your server.

August 7, 2014

Send email alerts if PERC H200 raid fails in Linux

Filed under: Debian,linux — Tags: , , — admin @ 11:18 pm

Recently I have bought a Dell PowerEdge R210 server which is equipped by PERC H200 raid controller.
As I have setup a raid 1 on this server, I needed to monitor its raid status, Here is what I did :
First you need “sas2ircu” utility which can be found on following website :
http://hwraid.le-vert.net/wiki/DebianPackages
Running “sas2ircu 0 STATUS” give you following output :

root@x:/# sas2ircu 0 STATUS
LSI Corporation SAS2 IR Configuration Utility.
Version 16.00.00.00 (2013.03.01)
Copyright (c) 2009-2013 LSI Corporation. All rights reserved.

Background command progress status for controller 0...
IR Volume 1
  Volume ID                               : 79
  Current operation                       : None
  Volume status                           : Enabled
  Volume state                            : Optimal
  Volume wwid                             : xxxxxxxxxxxxxx
  Physical disk I/Os                      : Not quiesced
SAS2IRCU: Command STATUS Completed Successfully.
SAS2IRCU: Utility Completed Successfully.

What we are interested in is “Optimal” status. so if Optimal changes to anything, we want to be notified.
You can use the following script to do that (change MAIL variable to your own email address) :

#!/bin/bash
MAIL=mail@domain.com
RESULT=`sas2ircu 0 STATUS | grep Optimal`
if [ -z "$RESULT" ]; then
    echo "RAID ERROR ON SERVER" | mail -s 'Raid Error' "$MAIL"
    else echo "Raid is OK"
fi

as always do not forget to test if your server is actually able to send mails and you receive them.
Finally save the script in a file and put it in cronjob. I have chosen to run it every 12 hours :

0 */12 * * * /usr/bin/raidcheck

July 20, 2014

Send email alerts when HP Proliant RAID fails in Linux

Filed under: linux — Tags: , , , , , , , — admin @ 7:51 pm

As a minimalist person, I am not a fan of running heavy monitoring tools of HP on my server. so I have written a very small bash script to monitor my server RAID status and send me email alerts if it fails.
For this script to work, first you need to install hpacucli (HP Array Configuration Utility) on your server. you can download it from HP website for your Linux distribution.
The script is very easy to understand but you may need to tweak it a little bit to fit your server.
The heart is this line :

hpacucli ctrl slot=1 pd all show

which returns following on my server :

\\ EMPTY LINE
Smart Array P222 in Slot 1

   array A

      physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SATA, 3 TB, OK)
      physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SATA, 3 TB, OK)
      physicaldrive 2I:1:3 (port 2I:box 1:bay 3, SATA, 3 TB, OK)
      physicaldrive 2I:1:4 (port 2I:box 1:bay 4, SATA, 3 TB, OK)

but we only need lines 6-9 which are showing the drives status. It is where you may need to tweak it as you may have more or less drives.
So it may not be 6-9 for you and you may need to change 6,9 in sed command.
Here is the final script :

#!/bin/bash
MAIL=mail@domain.com
RESULT=`hpacucli ctrl slot=1 pd all show | sed -n '6,9 p' | grep -v OK`
if [ -n "$RESULT" ]; then
	echo "$RESULT" | mail -s 'Raid Error' "$MAIL"
	else echo "Raid is OK"
fi

Dont forget to change MAIL variable to your own email address.
You may test the script once to make sure your server is able to send emails and you actually receive them.
Finally save the script in a file and put it in cronjob. I have chosen to run it every 12 hours :

0 */12 * * * /usr/bin/raidcheck
Older Posts »

Powered by WordPress