Archives

All posts for the month June, 2009

Killing a process in Linux and windows

Published June 29, 2009 by Siva

Linux:

Finding the process ID for a process

ps aux | grep processname

pidof processname

Example :  pidof   httpd

Output :  3698

Killing a process:

#  kill 3698 or kill -9 3698

Where,

  • -9 is special Kill signal, which will kill the process.

Windows :

Finding a process , port no with ID

netstat -aon

Killing a process in windows Xp / 2003

taskkill /PID /f 827

….

How to audit user access of files, folders, and printers in Windows 2003 / XP

Published June 25, 2009 by Siva

Auditing User Access of Files, Folders, and Printers

The audit log appears in the Security log in Event Viewer. To enable this feature:

  1. Click Start, click Control Panel, click Performance and Maintenance, and then click Administrative Tools.
  2. Double-click Local Security Policy.
  3. In the left pane, double-click Local Policies to expand it.
  4. In the left pane, click Audit Policy to display the individual policy settings in the right pane.
  5. Double-click Audit object access.
  6. To audit successful access of specified files, folders and printers, select the Success check box.
  7. To audit unsuccessful access to these objects, select the Failure check box.
  8. To enable auditing of both, select both check boxes.
  9. Click OK.

Specifying Files, Folders, and Printers to Audit

After you enable auditing, you can specify the files, folders, and printers that you want audited. To do so:

  1. In Windows Explorer, locate the file or folder you want to audit. To audit a printer, locate it by clicking Start, and then clicking Printers and Faxes.
  2. Right-click the file, folder, or printer that you want to audit, and then click Properties.
  3. Click the Security tab, and then click Advanced.
  4. Click the Auditing tab, and then click Add.
  5. In the Enter the object name to select box, type the name of the user or group whose access you want to audit. You can browse the computer for names by clicking Advanced, and then clicking Find Now in the Select User or Group dialog box.
  6. Click OK.
  7. Select the Successful or Failed check boxes for the actions you want to audit, and then click OK.
  8. Click OK, and then click OK.

—-

Adding Linux Swap File System – How to

Published June 18, 2009 by Siva

You need to use dd command to create swapfile. Next you need to use mkswap command to set up a Linux swap area on a device or in a file.

a) Login as the root user

b) Type following command to create 512MB swap file
# dd if=/dev/zero of=/swapfile1 bs=1M count=512

c) Set up a Linux swap area:
# mkswap /swapfile1

d) Activate /swapfile1 swap space immediately:
# swapon /swapfile1

e) To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using text editor such as vi:
# vi /etc/fstab

Append following line:
/swapfile1 swap swap defaults 0 0

So next time Linux comes up after reboot, it enables the new swap file for you automatically.

g) How do I verify swap is activated or not?
Simply use free command:
$ free -m

Linux Server Administration Commands

Published June 16, 2009 by Siva

All commands in Linux are equally important to manage Linux system / server.
Here I have listed some important commands that are widely used in Linux system / server administration.

Checking running Process on the server. [ ps, pstree ]

ps
This command is used to check the process running on the server. ” ps ” command will list all the running process with there respective process ID.

Example:
root@server [~]$ ps
PID TTY TIME CMD
22438 pts/3 00:00:00 su
22439 pts/3 00:00:00 bash
22517 pts/3 00:00:00 ps

Use the following option to get more process information from the ” ps ” commands,
root@server [~]$ ps -aux

Also you can grep any particular process on the server.
root@server [~]$ ps -aux | grep exim

pstree
This command is also used the check the process on the server. ” pstree ” command will list all the running process in the form of a tree structure.

Example:
root@server [~]$ pstree
init─┬─agetty
├─antirelayd
├─bdflush
├─chkservd
├─4*[courierlogger───couriertcpd]
├─courierlogger───authdaemond───5*[authdaemond───authProg]
├─cpanellogd
├─cpdavd
├─cphulkd.pl
├─cpsrvd-ssl───cpsrvd-ssl
├─crond
├─entropychat
├─exim───exim─┬─3*[exim]
│ └─spamc
├─2*[exim]
├─exim───20*[exim]
├─eximstats
├─hpt_wt
├─httpd───56*[httpd]
├─interchange
├─keventd
├─7*[kjournald]
├─klogd
├─ksoftirqd_CPU0
├─ksoftirqd_CPU1
├─ksoftirqd_CPU2
├─ksoftirqd_CPU3
├─kswapd
├─kupdated
├─mailmanctl───8*[python2.4]
├─mdrecoveryd
├─6*[mingetty]
├─mysqld_safe───mysqld───mysqld───26*[mysqld]
├─named───named───6*[named]
├─portsentry
├─pure-authd
├─pure-ftpd
├─10*[python2.4]
├─scsi_eh_0
├─spamd───2*[spamd]
├─ssh
├─sshd─┬─sshd───sshd───bash───su───bash
│ └─sshd───sshd───bash───su───bash───pstree
├─syslogd
└─xinetd

Also try the following options for ” pstree “.
root@server [~]$ pstree -p
init(1)─┬─agetty(7480)
├─antirelayd(8658)
├─bdflush(8)
├─chkservd(6224)
├─courierlogger(6833)───couriertcpd(6834)
├─courierlogger(6840)───couriertcpd(6841)
├─courierlogger(6846)───couriertcpd(6847)
├─courierlogger(6852)───couriertcpd(6853)
├─courierlogger(6858)───authdaemond(6859)─┬─authdaemond(6873)
│ ├─authdaemond(6874)───authProg(26164)
│ ├─authdaemond(6875)───authProg(17488)
│ ├─authdaemond(6876)───authProg(8194)
│ └─authdaemond(6877)───authProg(29956)

Load on a server [ top, w , uptime ]

top

This command is used to find the load on the server. ” top ” command can also be used to find the process and users that causes load on the server. It gives information about the total process, sleeping process, the zombie process etc.

Example:

root@server [~]$ top -cd3

11:32:03 up 15 days, 23:57, 2 users, load average: 4.95, 5.13, 5.94

220 processes: 219 sleeping, 1 running, 0 zombie, 0 stopped

CPU states: cpu user nice system irq softirq iowait idle

total 1.5% 1.6% 2.4% 0.0% 0.0% 0.0% 94.3%

cpu00 3.4% 2.8% 2.8% 0.0% 0.0% 0.0% 90.9%

cpu01 0.3% 3.1% 0.0% 0.0% 0.0% 0.0% 96.5%

cpu02 2.5% 0.3% 6.5% 0.0% 0.0% 0.0% 90.6%

cpu03 0.0% 0.3% 0.3% 0.0% 0.0% 0.0% 99.3%

Mem: 3104932k av, 2909432k used, 195500k free, 0k shrd, 284548k buff

1201588k active, 1558304k inactive

Swap: 3004112k av, 499936k used, 2504176k free 1015264k cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND

3754 root 16 0 1252 1252 896 R 1.4 0.0 0:01 2 top -cd3

3620 nobody 9 0 61460 45M 28768 S 0.6 1.4 2:23 0 /usr/local/apache/bin/httpd -DSSL

3604 mailnull 9 0 4204 4116 2816 S 0.2 0.1 0:00 0 /usr/sbin/exim -bd -q60m

29956 root 9 0 4684 3384 2640 S 0.1 0.1 0:31 0 /etc/authlib/authProg

1 root 8 0 468 440 416 S 0.0 0.0 0:34 2 init [3]

From the above example you can see the load average, total processes, sleeping processes and the CPU usage. You can find the load average ( here the load average is ” 4.95 ” ), the memory usage, stats, swap and the list of process and its users.

w

This command is also find the load and users on the server. ” w ” command will provide a brief description about the load, time, number of users and the uptime of the server.

Example:

root@server [~]$ w

11:39:18 up 16 days, 4 min, 2 users, load average: 5.33, 5.37, 5.74

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

user1 pts/0 user – ip1 8:26am 3:13m 0.09s 0.00s sshd: user1 [priv]

user2 pts/3 user – ip2 11:09am 0.00s 0.13s 0.02s sshd: user2 [priv]

uptime

This command gives the basic information about the uptime and load of the server.

Example:

root@server [~]$ uptime

11:42:52 up 16 days, 8 min, 2 users, load average: 4.91, 5.35, 5.67

From the above example you can find the load and the number of days server running with out failure etc..

Killing process on a server [ kill, pkill, killall -9 ]

kill

This command is used to kill a running process on the server. You need to process id to execute the kill command. Consider you run ” pstree -p ” which will list all the process with its respective process id. To kill a particular process use the command ” kill <process-id> “.

Example:

root@server [~]$ kill 27209

or

root@server [~]$ kill -9 27209

The above command will kill the process id 27209.

pkill

This command will kill the child processes of a particular process. Consider you want kill httpd on the server.

Example:

root@server [~]$ pkill httpd

or

root@server [~]$ pkill -9 httpd

or

root@server [~]$ pkill -HUP httpd

The above command will only kill all the child process of ” httpd “. Using this command the parent process will be running and all the child process will be killed.

killall

This command is used to kill all the processes ( parent process and child process ).

Example:

root@server [~]$ killall -9 httpd

//
//

Checking the number of connection’s to the server [ netstat, mysqladmin processlist ]

netstat

This command is used to find the number of connections to the server. ” netstat ” command will list all the connections using httpd, exim, ftp etc. You can grep the needed port and find the number of connections to a particular port. You can find the Local Address, Foreign Address, State, port etc of all the connections.

Example:

root@server [~]$ netstat -plan

or

root@server [~]$ netstat -plan | grep “:80”

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15496/httpd

tcp 0 0 65.254.34.21:80 165.21.14.92:42469 SYN_RECV –

tcp 0 0 65.254.34.21:80 71.7.8.253:3922 SYN_RECV –

tcp 0 0 65.254.34.21:80 165.21.154.10:28343 SYN_RECV –

tcp 0 0 65.254.34.21:80 85.100.25.208:2157 TIME_WAIT –

mysqladmin processlist

This command is used to find the connections to the mysql database. It gives information about Id, User, Host, db, Command, Time, State and Info of a mysql request to the server.

Example:

root@server [~]$ mysqladmin processlist

+——–+—————–+———–+—————————–+———+——-+——-+

| Id | User | Host | db | Command | Time | State | Info |

+——–+—————–+———–+—————————–+———+——-+——-+

| 186678 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 28337 | | |

| 188706 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 27051 | | |

| 195090 | kronosho_usifu | localhost | kroho_sifu | Sleep | 23069 | | |

| 201227 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 19655 | |

Blocking IP [ apf, csf ]

APF and CSF are firewall software’s.

You can use these commands to block a particular IP from connecting to the server. This command is mainly used when you find too many connections from a particular IP. Normally too many connection might be a attack to the server. So it is important to block such IP before it interrupts the balance of the server.

Check which firewall is installed on your server and use it accordingly.

Example:

root@server [~]$ apf -d <IP>

or

root@server [~]$ csf -d <IP>

Checking the port if open or not [ telnet, nmap ]

telnet

TELNET (TELecommunication NETwork) is a network protocol used on the Internet. TELNET is a client-server protocol, based on a reliable connection-oriented transport. This command will help us to find if a particular port on the server is open or not.

Example:

root@server [~]$ telnet google.com 80

Trying 64.233.187.99…

Connected to google.com (64.233.187.99)

From the above example you could find that port 80 is open on google server. If we receive a ” connection refused ” signal, that mean’s the particular port is not open on the server.

nmap

This command nmap is a Network exploration tool and a security scanner.

Installing software’s [ yum ]

yum

This command is used to install software’s to the server without any dependences.

Example:

yum install <software>

If you find any software’s missing on the server, you can directly install it using this yum command. It will install the particular software on the server without dependencies.