分类目录归档:Linux

Linux

Linux下进程/程序网络带宽占用情况查看工具 — NetHogs

nethogs命令

有很多适用于Linux系统的开源网络监视工具。比如说,你可以用命令iftop来检查带宽使用情况。netstat用来查看接口统计报告,还有top监控系统当前运行进程。但是如果你想要找一个能够按进程实时统计网络带宽利用率的工具,那么NetHogs值得一看。

NetHogs是一个开源的命令行工具(类似于Linux的top命令),用来按进程或程序实时统计网络带宽使用率。

来自NetHogs项目网站:

NetHogs是一个小型的net top工具,不像大多数工具那样拖慢每个协议或者是每个子网的速度而是按照进程进行带宽分组。NetHogs不需要依赖载入某个特殊的内核模块。如果发生了网络阻塞你可以启动NetHogs立即看到哪个PID造成的这种状况。这样就很容易找出哪个程序跑飞了然后突然占用你的带宽。

本文为你介绍如何在Unix/Linux操作系统下如何安装和使用NetHogs按进程监控网络带宽使用率。

在RHEL、CentOS和Fedora下安装NetHogs

要安装NetHogs,你必须要启用你所用Linux下的EPEL源。然后运行下面的yum命令下载安装NetHogs包。
# yum install nethogs

在Ubuntu、Linux mint和Debian下安装NetHogs

键入apt-get命令安装NetHogs包:
$ sudo apt-get install nethogs

NetHogs用法

在基于RedHat系统下键入如下命令启动NetHogs工具。
# nethogs

在Debian/Ubuntu/Linux Mint下要执行NetHogs你必须拥有root权限:
$ sudo nethogs

nethogs

Ubuntu 12.10 下的NetHogs预览

正如上图所示,send列和received列显示的是按照每个进程的流量统计。总的收发数据带宽在最下方,而且可以用交互命令控制排序,下面将要讨论这些交互命令。

NetHogs 命令行参数

以下就是NetHogs命令行的参数,用-d来添加刷新频率参数,device name 用来检测给定的某个或者某些设备的带宽(默认是eth0)。例如:设置5秒钟的刷新频率,键入如下命令即可:
# nethogs -d 5

$ sudo nethogs -d 5

如果只用来监视设备(eth0)的网络带宽可以使用如下命令:
# nethogs eth0

$ sudo nethogs eth0

如果要同时监视eth0和eth1接口,使用以下命令即可:
# nethogs eth0 eth1

$ sudo nethogs eth0 eth1

其他参数和用法
-d : 刷新间隔
-h : 帮助
-p : promiscious 模式
-t : trace模式
-V : 版本

交互命令

以下是NetHogs的一些交互命令(键盘快捷键)
• m : 修改单位
• r : 按流量排序
• s : 按发送流量排序
• q : 退出命令提示符

关于NetHogs命令行工具的完整参数列表,可以参考NetHogs的手册,使用方法是在终端里输入man nethogs或者sudo man nethogs,更多信息请参考NetHogs项目主页

之前VPS侦探曾经介绍过流量带宽相关的工具如:iftop、vnstat,这几个都是统计和监控网卡流量的。但是当我们的服务器或 VPS的带宽被大量占用或占满,却没找不到称心的工具或程序来查看到底是哪个程序或进程占有率多少带宽。虽然在Windows上查看进程占用带宽情况的软件很多,像某3**、某Q家的电脑管家、IP雷达等。但是Linux下这一类软件很少,今天我们介绍的就是Linux的一款查看进程带宽网络占用的软件:NetHogs。

安装
Debian/Ubuntu下安装很简单,执行:apt-get install nethogs 就可以安装。

CentOS/RHEL下建议先安装上EPEL,再执行:yum install libpcap nethogs 进行安装。

具体使用参数说明:

[root@vpser ~]# nethogs -h
usage: nethogs [-V] [-b] [-d seconds] [-t] [-p] [device [device [device …]]] //nethogs可以使用的参数
-V : prints version.//打印版本信息
-d : delay for update refresh rate in seconds. default is 1. //延迟刷新时间,单位秒,默认1秒
-t : tracemode. //跟踪模式
-b : bughunt mode – implies tracemode. //bughunt模式
-p : sniff in promiscious mode (not recommended). //混合模式下嗅探,不推荐
device : device(s) to monitor. default is eth0 //监听的设备,默认是eth0,也就是网卡设备名称,如果是openvz的vps一般都是venet0,具体可以ifconfig进行查看,lo为本地回环,用不到。多个网卡可以一块写上,空格隔开。

When nethogs is running, press: //nethogs运行是可以使用以下按键进行操作
q: quit //运行时,按 q 键退出
m: switch between total and kb/s mode //按 m 键,切换单位或显示进程占用速度或已统计使用的流量。切换顺序是KB/sec->KB->B->MB
r : Sort by received. //按received进行排序
s : Sort by sent. //按send进行排序

使用例子:nethogs venet0

如上图,PID一列就是进程的PID,PROGRAM就是显示进程或连接双方的端口号,前面红框是服务器的IP:端口,后面红框是客户端的IP:端口,如图根据端口可以判断,目前有7700端口,如果不知道端口对应的进程可以通过lsof来进行查看。

lsof -i:被占用的端口号 如: lsof -i:80

ps aux|grep PID

DEV列显示设备名,SEND是服务器发送的流量,RECEIVED服务器接收的流量。 // 按 m 可以切换统计方式 : 流量速度KB/sec 或 总数{KB /B /m}

How to Install and Configure ‘Cache Only DNS Server’ with ‘Unbound’ in RHEL/CentOS 7

Version:1.0 StartHTML:000000222 EndHTML:000042418 StartFragment:000012983 EndFragment:000042312 StartSelection:000012983 EndSelection:000042308 SourceURL:https://www.tecmint.com/setup-dns-cache-server-in-centos-7/ How to Install and Configure ‘Cache Only DNS Server’ with ‘Unbound’ in RHEL/CentOS 7

Caching name servers using ‘Unbound‘ ( is a validating, recursive, and caching DNS server software ), back in RHEL/CentOS 6.x (where x is version number), we used bind software to configure DNS servers.

Here in this article, we are going to use ‘unbound‘ caching software to install and configure a DNS Server in RHEL/CentOS 7 systems.

Setup Cahing DNS Server in RHEL/CentOS 7

DNS cache servers are used to resolve any DNS query they receive. If the server caches the query and in future the same queries requested by any clients the request will be delivered from DNS ‘unbound‘ cache, this can be done in milliseconds than the first time it resolved.

Caching will only act as a agent to resolve the query of client from any one of the forwarders. Using caching server, will reduce the loading time of webpages by keeping the cache database in unbound server.

My Server and Client Setup

For demonstration purpose, I will be using two systems. The first system will act as a Master (Primary) DNS server and the second system will act as a local DNS client.

Master DNS Server
Operating System   :    CentOS Linux release 7.0.1406 (Core)
IP Address	   :	192.168.0.50
Host-name	   :	ns.tecmintlocal.com
Client Machine
Operating System   :	CentOS 6
IP Address	   :	192.168.0.100
Host-name	   :	client.tecmintlocal.com

Step 1: Check System Hostname and IP

1. Before setting up a caching DNS server, make sure that you’ve added correct hostname and configured correct static IP address for your system, if not set the system static IP address.

2. After, setting correct hostname and static IP address, you can verify them with the help of following commands.

# hostnamectl
# ip addr show | grep inet

Check IP Address

Step 2: Installing and Configuring Unbound

3. Before installing ‘Unbound’ package, we must update the our system to latest version, after that we can install the unbound package.

# yum update -y
# yum install unbound -y

4. After package has been installed, make a copy of the unbound configuration file before making any changes to original file.

# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original

5. Next, use any of your favorite text editor to open and edit ‘unbound.conf‘ configuration file.

# vim /etc/unbound/unbound.conf
Copy Unbound DNS Configuration

Once the file is opened for editing, make the following changes:

Interfaces

Search for Interface and enable the interface which we going to use or if our server have multiple interfaces we have to enable the interface 0.0.0.0.

Here Our server IP was 192.168.0.50, So, i’am going to use unbound in this interface.

Interface 192.168.0.50
Enable IPv4 and Protocol Supports

Search for the following string and make it ‘Yes‘.

do-ip4: yes
do-udp: yes
do-tcp: yes
Enable the logging

To enable the log, add the variable as below, it will log every unbound activities.

logfile: /var/log/unbound
Hide Identity and Version

Enable following parameter to hide id.server and hostname.bind queries.

hide-identity: yes

Enable following parameter to hide version.server and version.bind queries.

hide-version: yes
Access Control

Then search for access-control to allow. This is to allow which clients are allowed to query this unbound server.

Here I have used 0.0.0.0, that means anyone send query to this server. If we need to refuse query for some range of network we can define which network need to be refuse from unbound queries.

access-control: 0.0.0.0/0 allow

Note: Instead of allow, we can replace it with allow_snoop this will enable some additional parameters like dig and it support both recursive and non recursive.

Domain Insecure

Then search for domain-insecure. If our domain is works with DNS sec keys, we need to define our server available for domain-insecure. Here our domain will be treated as insecure.

domain-insecure: "tecmintlocal.com
Forward Zones

Then change the forwarders for our requested query not fulfilled by this server it will forward to root domain (. ) and resolve the query.

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

Finally, save and quit the configuration file using wq!.

6. After making the above configuration, now verify the unbound.conf file for any errors using the following command.

# unbound-checkconf /etc/unbound/unbound.conf

Check Unbound DNS Configuration

7. After file verification over without any errors, you can safely restart the ‘unbound’ service and enable it at system startup.

# systemctl start unbound.service
# sudo systemctl enable unbound.service

Start Unbound DNS Service

Step 3: Test DNS Cache Locally

8. Now it’s time to check our DNS cache, by doing a ‘drill’ (query) one ‘india.com‘ domain. At first the ‘drill‘ command results for ‘india.com‘ domain will take some milliseconds, and then do a second drill and have a note on Query time it takes for both drills.

drill india.com @192.168.0.50

Check DNS Cache Locally

Did you see in the above output, the first query taken almost 262 msec to resolve and the second query takes 0 msec to resolve domain (india.com).

That means, the first query gets cached in our DNS Cache, so when we run ‘drill’ second time the query served from our local DNS cache, this way we can improve loading speed of websites.

Step 4: Flush Iptables and Add Firewalld Rules

9. We can’t use both iptables and firewalld at same time on same machine, if we do both will conflict with each other, thus removing ipables rules will be a good idea. To remove or flush the iptables, use the following command.

# iptables -F

10. After removing iptables rules permanently, now add the DNS service to firewalld list permanently.

# firewall-cmd --add-service=dns
# firewall-cmd --add-service=dns --permanent

11. After adding DNS service rules, list the rules and confirm.

# firewall-cmd --list-all

Add DNS to Firewalld

Step 5: Managing and Troubleshooting Unbound

12. To get the current server status, use the following command.

# unbound-control status

Check Unbound DNS Status

Dumping DNS Cache

13. If in-case you would like to have a dump of a DNS cache information in a text file, you can redirect it to some file using below command for future use.

 # unbound-control dump_cache > /tmp/DNS_cache.txt

Backup DNS Cache

14. To restore or import the cache from the dumped file, you can use following command.

# unbound-control dump_cache < /tmp/DNS_cache.txt

Restore DNS Cache

Flushing DNS Records

15. To check whether the specific address was resolved by our forwarders in unbound cache Server, use the below command.

# unbound-control lookup google.com

Check DNS Lookup

16. Some times if our DNS cache server will not reply our query, in mean time we can use to flush the cache to remove information such as A, AAA, NS, SO, CNAME, MX, PTR etc.. records from DNS cache. We can remove all information using flush_zone this will remove all informations.

# unbound-control flush www.digitalocean.com
# unbound-control flush_zone tecmintlocal.com

17. To check which forwards are currently used to resolve.

# unbound-control list_forwards

Check Current DNS Forwards

Step 6: Client Side DNS Configuration

18. Here I’ve used a CentOS 6 server as my client machine, IP for this machine is 192.168.0.100 and I’m going to use my unbound DNS server IP (i.e Primary DNS) in it’s interface configuration.

Log-into the Client machine and set the Primary DNS server IP to our unbound server’s IP.

Run the setup command and choose network configuration from TUI network manager.

Then choose DNS configuration, insert the unbound DNS server’s IP as Primary DNS, but here i have used both in Primary and Secondary because I don’t have any other DNS server.

Primary DNS	: 192.168.0.50
Secondary DNS	: 192.168.0.50

Select Network Configuration

Select DNS Configuration

Enter DNS IP Address

Click OK –> Save&Quit –> Quit.

19. After adding Primary and Secondary DNS IP addresses, now it’s time to restart the network using following command.

# /etc/init.d/network restart

Restart Network

20. Now time to access any one of the website from client machine and check for the cache in unbound DNS server.

# elinks aol.com
# dig aol.com

Check Website

Query Website

Conclusion

Earlier we were used to setup DNS cache server using bind package in RHEL and CentOS systems. Now, we have seen how to setup a DNS cache server using unbound package. Hope this will resolve your query request quicker than the bind pacakge.

Linux 磁盘IO性能测试工具:FIO

1、FIO安装

CentOS下:

$ yum install fio

2、FIO简介

FIO是测试IOPS的非常好的工具,用来对硬件进行压力测试和验证。
项目主页:https://github.com/axboe/fio
FIO输出结果详细解释可参见:https://tobert.github.io/post/2014-04-17-fio-output-explained.html
注:fio用于测试磁盘性能,不是文件系统,测试之前需要先把要测试的磁盘卸载掉,测试完后需格式化一遍再挂载上去。相关命令如下:

# 卸载磁盘
umount /mnt/datadir1
# 格式化磁盘
mkfs.ext4 /dev/sdd
# 挂载磁盘
mount -t ext4 /dev/sdd /mnt/datadir1

# 自动挂载,在里面添加该盘
vim /etc/fstab

3、FIO参数

例如:

$ fio -filename=/dev/sda -direct=1 -iodepth 1 -thread -rw=read -ioengine=psync -bs=16k -size=200G -numjobs=30 -runtime=1000 -group_reporting -name=mytest1

说明:
filename=/dev/sdd 测试文件名称,通常选择需要测试的盘的data目录。
direct=1 测试过程绕过机器自带的buffer。使测试结果更真实。
rw=randwrite 测试模式
=read 顺序读
=write 顺序写
=randwrite 随机写
=randread 随机读
=rw,readwrite 顺序混合读写
=randrw 随机混合读写

bs=4k 单次io的块文件大小为4k
bsrange=512-2048 同上,提定数据块的大小范围
size=5G 本次的测试文件大小为5g,以每次4k的io进行测试。
numjobs=30 本次的测试线程为30个
runtime=1000 测试时间为1000秒,如果不写则一直将5g文件分4k每次写完为止
iodepth 队列深度,只有使用libaio时才有意义。这是一个可以影响IOPS的参数。
ioengine=psync io引擎使用psync方式
=libaio Linux专有的异步IO

rwmixwrite=30 在混合读写的模式下,写占30%
group_reporting 关于显示结果的,汇总每个进程的信息。
lockmem=1G 只使用1g内存进行测试。
zero_buffers 用0初始化系统buffer。
nrfiles=8 每个进程生成文件的数量。

点击查看更多详细参数说明

4、FIO测试示例

fio工具使用特别注意:

  1. 请不要在系统盘上进行 fio 测试,避免损坏系统重要文件
  2. fio测试建议在空闲的、未保存重要数据的硬盘上进行,并在测试完后重新制作文件系统。请不要在业务数据硬盘上测试,避免底层文件系统元数据损坏导致数据损坏
  3. 测试硬盘性能时,推荐直接测试裸盘(如 vdb);测试文件系统性能时,推荐指定具体文件测试(如 /data/file)

4.1 顺序读测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=read -filename=/dev/sdd -name=”BS 4KB read test” -iodepth=16 -runtime=601

4.2 顺序写测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=write -filename=/dev/sdd -name=”BS 4KB write test” -iodepth=16 -runtime=601

4.3 随机读测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randread -filename=/dev/sdd -name=”BS 4KB randread test” -iodepth=16 -runtime=601

4.4 随机写测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randwrite -filename=/dev/sdd -name=”BS 4KB randwrite test” -iodepth=16 -runtime=601

4.5 随机读写混合测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randrw -rwmixread=70 -filename=/dev/sdd -name=”BS 4KB randrw 70 test” -iodepth=16 -runtime=601

5、FIO输出结果

例如:

BS 4KB randread test: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=libaio, iodepth=1
fio-2.1.10
Starting 1 thread

BS 4KB randread test: (groupid=0, jobs=1): err= 0: pid=26408: Mon Feb 27 16:43:07 2017
read : io=19908KB, bw=339689B/s, iops=82, runt= 60013msec
# fio做了19908KB的IO,bandwidth速率为339689B/s,总IOPS为82,运行时间为60013毫秒

slat (usec): min=18, max=97, avg=23.60, stdev= 2.79
# slat (submission latency):代表 盘需要多久将IO提交到kernel做处理
# usec 微秒

clat (msec): min=1, max=23, avg=12.03, stdev= 3.79
# clat (completion latency):命令提交到kernel到IO做完之间的时间,不包括submission latency

 lat (msec): min=1, max=23, avg=12.05, stdev= 3.79
# 从IO结构体创建时刻开始,直到紧接着clat完成的时间

clat percentiles (usec):
 |  1.00th=[ 4080],  5.00th=[ 5984], 10.00th=[ 7136], 20.00th=[ 8640],
 | 30.00th=[ 9920], 40.00th=[10944], 50.00th=[11840], 60.00th=[12992],
 | 70.00th=[14016], 80.00th=[15296], 90.00th=[17024], 95.00th=[18560],
 | 99.00th=[20864], 99.50th=[21632], 99.90th=[22400], 99.95th=[22912],
 | 99.99th=[23168]
# Completion latency百分数

bw (KB  /s): min=  276, max=  373, per=100.00%, avg=331.54, stdev=18.83
# 带宽(bandwidth)

lat (msec) : 2=0.02%, 4=0.82%, 10=30.32%, 20=66.75%, 50=2.09%
# 30.32%的request延迟在4~10毫秒,66.75%的request延迟在10~20毫秒,以此类推

cpu : usr=0.10%, sys=0.25%, ctx=5057, majf=0, minf=8
# 用户/系统CPU占用率,进程上下文切换(context switch)次数,主要和次要(major and minor)页面错误数量(page faults)。由于测试是配置成使用直接IO,page faults数量应该极少。

IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
# iodepth设置,用来控制同一时刻发送给OS多少个IO。这完全是纯应用层面的行为,和盘的IO queue不是一回事

 submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
 complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
 #submit和complete代表同一时间段内fio发送上去和已完成的IO数量

 issued    : total=r=4977/w=0/d=0, short=r=0/w=0/d=0
 # 发送的IO数量

 latency   : target=0, window=0, percentile=100.00%, depth=1
 # Fio可以配置一个延迟目标值,这个值可以调节吞吐量直到达到预设的延迟目标

Run status group 0 (all jobs):

Fio支持把不同的测试聚合

READ: io=19908KB, aggrb=331KB/s, minb=331KB/s, maxb=331KB/s, mint=60013msec, maxt=60013msec
# 汇总输出吞吐量和时间。
# io=表示总共完成的IO数量。在基于时间的测试中这是一个变量,在基于容量的测试中,这个值能匹配size参数。
# aggrb是所有进程/设备的汇总带宽。
# minb/maxb表示测量到的最小/最大带宽。
# mint/maxt表示测试的最短和最长耗时。和io=参数类似,时间值对于基于时间的测试应该能匹配runtime参数,对于基于容量的测试是一个变量。

Disk stats (read/write):
sdd: ios=4969/0, merge=0/0, ticks=59703/0, in_queue=59702, util=99.51%

Lynis:面向Linux系统的安全审查和扫描工具

 

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis 2.2.0 :面向Linux系统的安全审查和扫描工具

Lynis是最可靠的自动化审查工具之一,可用于基于Unix/Linux的系统中的软件补丁管理、恶意软件扫描和安全漏洞检测。这款工具适用于审查人员、网络及系统管理员、安全专家和渗透测试人员。

经过几个月开发后,现在发布了一个新的主要升级版:Lynis 2.2.0,它随带一些新的功能和测试以及许多小的改进之处。我鼓励所有Linux用户测试并升级到Lynis的这个最新版本。

我们在本文中将介绍在Linux系统中如何使用tarball源文件安装Lynis 2.2.0(Linux审查工具)。 继续阅读

Nginx配置WebService、MySQL、SQL Server、ORACLE等代理

nginx配置webservice

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    upstream esbServer {   
        server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;   
    }

    #gzip  on;

    server {
        listen       8081;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /ladder_web {
            proxy_set_header X-real-ip $remote_addr;
            proxy_pass http://esbServer;
        }

       
    }

}

nginx 配置mysql代理 — 基于nginx1.9以上 stream module 继续阅读

CentOS / RHEL 7 : How to disable IPv6

https://wiki.centos.org/FAQ/CentOS7

Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

To disable in the running system:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

or

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

Additional note #1: If problems with X forwarding are encountered on systems with IPv6 disabled, edit /etc/ssh/sshd_config and make either of the following changes:

(1) Change the line

#AddressFamily any

to

AddressFamily inet

(inet is ipv4 only; inet6 is ipv6 only)

or

(2) Remove the hash mark (#) in front of the line

#ListenAddress 0.0.0.0

Then restart ssh.

Additional note #2: If problems with starting postfix are encountered on systems with IPv6 disabled, either

(1) edit /etc/postfix/main.cf and comment out the localhost part of the config and use ipv4 loopback.

#inet_interfaces = localhost
inet_interfaces = 127.0.0.1

or

(2) take out the ipv6 localhost from /etc/hosts .

Additional Note #3 : To disable RPCBIND ipv6 (rpcbind, rpc.mountd, prc.statd) remark out the udp6 and tcp6 lines in /etc/netconfig:

udp        tpi_clts      v     inet     udp     -       -
tcp        tpi_cots_ord  v     inet     tcp     -       -
#udp6       tpi_clts      v     inet6    udp     -       -
#tcp6       tpi_cots_ord  v     inet6    tcp     -       -
rawip      tpi_raw       -     inet      -      -       -
local      tpi_cots_ord  -     loopback  -      -       -
unix       tpi_cots_ord  -     loopback  -      -       -

继续阅读

How To Setup SSH Keys on a Linux / Unix System

I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?

I am assuming that you are using Linux or Unix-like server and client with the following software:

  • OpenSSH SSHD server
  • OpenSSH ssh client and friends on Linux (Ubuntu, Debian, {Free,Open,Net}BSD, RHEL, CentOS, MacOS/OSX, AIX, HP-UX and co).

继续阅读

CentOS / RHEL 7 : How to modify Network Interface names

On CentOS / RHEL 7, a new naming scheme is introduced.
For instance:

# ip addr show
.....
eno1: [BROADCAST,MULTICAST,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 6c:0b:84:6c:48:1c brd ff:ff:ff:ff:ff:ff
inet 10.10.10.11/24 brd 10.10.10.255 scope global eno1
inet6 2606:b400:c00:48:6e0b:84ff:fe6c:481c/128 scope global dynamic
valid_lft 2326384sec preferred_lft 339184sec
inet6 fe80::6e0b:84ff:fe6c:481c/64 scope link
valid_lft forever preferred_lft forever

This post describes how to revert to legacy naming scheme with Network Interface names as eth0, eth1, etc. 继续阅读

Linux audit files to see who made changes to a file

How do I audit file events such as read / write etc? How can I use audit to see who changed a file in Linux?

The answer is to use 2.6 kernel’s audit system. Modern Linux kernel (2.6.x) comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. The default file is good enough to get started with auditd.

In order to use audit facility you need to use following utilities
=> auditctl – a command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system. Setting a watch on a file is accomplished using this command:

=> ausearch – a command that can query the audit daemon logs based for events based on different search criteria.

=> aureport – a tool that produces summary reports of the audit system logs.

Note that following all instructions are tested on CentOS 4.x and Fedora Core and RHEL 4/5 Linux. 继续阅读

HOWTO configure the auditing of the system (auditd)

Introduction

The audit service is provided for system auditing. By default, this service audits about SELinux AVC denials and certain types of security-relevant events such as system logins, account modifications, and authentication events performed by programs such as sudo.

Under its default configuration, auditd has modest disk space requirements, and should not noticeably impact system performance. The audit service, configured with at least its default rules, is strongly recommended for all sites, regardless of whether they are running SELinux. Networks with high security level often have substantial auditing requirements and auditd can be configured to meet these requirements:

  • Ensure Auditing is Configured to Collect Certain System Events
  • Information on the Use of Print Command (unsuccessful and successful)
  • Startup and Shutdown Events (unsuccessful and successful)
  • Ensure the auditing software can record the following for each audit event:
    • When the event appears
    • Who initiated the event
    • Type of the event
    • Success or failure of the event
    • Origin of the request (example: terminal ID)
    • For events that introduce an object into a user’s address space, and for object deletion events, the name of the object, and in MLS systems, the objects security level.
  • Ensure daily of the audit logs
  • Ensure that the audit data files have restrictive permissions (at least 640).

继续阅读