Linux Howtos, Linux Tutorials for Administration and Discussion Forum

Grep in Linux
Have you ever faced a problem grepping (Parsing) for a pattern from a file, Definately being a Linux Administrator you have done it several times but have you came across a situation where from a huge file you only have to parse the first instance of the pattern, grepping the whole file for a pattern will be tedious and will be using more system resources especially when you are doing it using a script (Using Loop for, while, until)

The easy solution to tackle the problem is to use grep with inbuilt option which will display only the first instances instead of checking the whole file and than printing the first line using head command.

Command :
grep -m 1 "pattern" filename.txt

The "-m" option when passed with grep will search for the first matching pattern from the file and print the output same-way if you want to look for first 2 instances pass option "grep -m 2 "pattern" yourfilename.log"

Enjoy...

Maintaining a MailServer is really a all time headache for Mail Server Admins, specifically to prevent SPAM relayed from you Server or delivered to your server.

In this article we would use some inbuilt feature of Sendmail to block users from sending mail to specific users or domains, this can be attained in many ways but i have done it in the below manner. For any issues please comment at the bottom of the post.

Sendmail is Oldest Mail transfer agent used by major of the MSP's (Mail Service Providers) all over the world, with its huge forum, mailing list and IRC Support and help it has gained high name within its competitors.

When Do i need to block a user or IP?
Reasons Are Many
1. Spamming done from your domain.
2. Spamming happening from outside to your server.
3. Spamming from a particular IP.
4. Wants to reject relaying mail for a user (Used incase allowed to just fetch mails, no sending allowed)
5. Any Many More...........

To block the user or IP we will be using access file / database included in the sendmail, Access Database provides a single, central database with rules to accept, reject, and discard messages based on the sender name, address, or IP number. It is enabled with the access_db configuration feature.

1. Enable the Access Database in Sendmail
You have to make add or declare the following lines in your sendmail.mc file

FEATURE(`access_db')

The above line added in the sendmail.mc enables use of the access database, and enables the default database type and path as:

hash /etc/mail/access

2. Create the access Database
Edit the File /etc/mail/access, the entries should be inorder

key	value

The lefthand column is the key which is composed of a prefix and an address expression, this can contain hostname, email address, IP address, networks etc

The righthand column contains the value, which can be keywords or values that determine what should be done with the item described on the left or in a layman langauge the action to be executed, the preferable values are OK, RELAY, REJECT, DISCARD, SKIP, ERROR:XYZ text.

Eg :

spam@goo.gle.com REJECT
10.0.0.35 REJECT
192.168.1.100/255.0.0.0 REJECT
From:spammer@somedomain.com REJECT
To:trusteddomain.org RELAY
Connect:2trusteddomain.com OK
Connect:ashwin.com RELAY
From:good@domain.com OK
From:anotherbaddomain.com REJECT

To be able to block specific sender to specific recipient you need to add the following line in sendmail.mc to enable compat.

FEATURE(`check_compat')

Then make the following entries in access file (Location : /etc/mail/access)

Compat:extsender@mydomain.com<@>recipient@outdomain.com DISCARD

After confirming all the entries as per your requirement in access file, we have to recreate the access in hash database for which execute the below command

cd /etc/mail

makemap hash access < access

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart the sendmail service

/etc/init.d/sendmail restart

Testing

telnet to_your_mailserver_ip 25
mail from:internaluser@example.com
Ok
rcpt to:spam@goo.gle.com
REJECTED

Enjoy..

Many a times Linux System Admin2 face problem in network latency, connectivity the servers hampers the services which impact to the business. Using linux basic tools can not really solve it but you can identify the issues faced by the host to host or host to the device.

Here we will be using tcpdump tool to capture packet after which you can analyse the data and conclude with errors host.
If you have installed linux properly tcpdump is by default installed on to your system, and if not you can install it finding the relevant packages for your distros

RPM Based Linux can google for "tcpdump +rpm" and Debian can google for "tcpdump +deb", you will get enough results to finish installing the TCPDUMP package onto your system.

After installing, check if tcpdump is installed successfully executing the below command

 #>which tcpdump

Should return the binary location of the package installed

/usr/sbin/tcpdump

After confirming you can run tcpdump with various options passing to the command to check for the options

[root@ashwin ~]# tcpdump --help
tcpdump version 3.9.8
libpcap version 0.9.8
Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]
		[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
		[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
		[ -W filecount ] [ -y datalinktype ] [ -Z user ]
		[ expression ]

We will be capturing packets for 2 minutes and analyze for any issues with hosts connecting to and from.

Running the below command will capture all the packets transferring between the hosts through the Network Interface Cards and will be redirected to a file

tcpdump -n -i bond0 -e -vvv > output.log

Once you have captured packets for 5 minutes press Ctrl + z to end and proceed with analyzing the file "output.log"

Example :

2.39.omserv > 11.240.240.141.nfs: ., cksum 0x1eba (correct), 156:156(0) ack 28961 win 30782
18:41:21.397883 00:a0:98:10:7a:05 > 00:21:5a:4c:a6:3e, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 64, id 26738, offset 0, flags [DF], proto: TCP (6), length: 1500) 11.240.240.141.2049 > 11.240.240.39.33554432: reply ERR 1448

In the above line its clear that a partition is mounted on the host using NFS protocol from other hosts having IP 11.240.240.141 which is having issues while transferring data to host bearing IP 11.240.240.39 Error "reply ERR 1448"

You can find great detail in the output of tcpdump, Also you can use wireshark to read the output.txt and get a better clarity of the data transmission hence lot of network latency can be resolved.

Enjoy.

Recently faced a issue while installing a package using yum

[root@back ~]# yum install mod-security
rpmdb: Lock table is out of available locker entries
rpmdb: Unknown locker ID: 3077
error: db4 error(22) from db->close: Invalid argument
error: cannot open Packages index using db3 - Cannot allocate memory (12)
error: cannot open Packages database in /var/lib/rpm
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.main(sys.argv[1:])
  File "/usr/share/yum-cli/yummain.py", line 85, in main
    base.getOptionsConfig(args)
  File "/usr/share/yum-cli/cli.py", line 163, in getOptionsConfig
    disabled_plugins=self.optparser._splitArg(opts.disableplugins))
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 164, in _getConfig
    self._conf = config.readMainConfig(startupconf)
  File "/usr/lib/python2.4/site-packages/yum/config.py", line 685, in readMainConfig
    yumvars['releasever'] = _getsysver(startupconf.installroot, startupconf.distroverpkg)
  File "/usr/lib/python2.4/site-packages/yum/config.py", line 752, in _getsysver
    idx = ts.dbMatch('provides', distroverpkg)
TypeError: rpmdb open failed

Googling and Searching on this topic got it resolved

[root@back ~]# ll /var/lib/rpm/
Basenames       __db.000        __db.002        Dirnames        Group           Name            Providename     Pubkeys         Requireversion  Sigmd5
Conflictname    __db.001        __db.003        Filemd5s        Installtid      Packages        Provideversion  Requirename     Sha1header      Triggername
[root@back ~]# ll /var/lib/rpm/
Basenames       __db.000        __db.002        Dirnames        Group           Name            Providename     Pubkeys         Requireversion  Sigmd5
Conflictname    __db.001        __db.003        Filemd5s        Installtid      Packages        Provideversion  Requirename     Sha1header      Triggername

[root@back ~]# rm /var/lib/rpm/_db.00*
rm: cannot lstat `/var/lib/rpm/_db.00*': No such file or directory
[root@back ~]# rm /var/lib/rpm/__db.00*
rm: remove regular empty file `/var/lib/rpm/__db.000'? y
rm: remove regular file `/var/lib/rpm/__db.001'? y
rm: remove regular file `/var/lib/rpm/__db.002'? y
rm: remove regular file `/var/lib/rpm/__db.003'? y

[root@back ~]# rpm --rebuilddb

[root@back ~]# yum install mod-security
utterramblings            100% |=========================|  951 B    00:00
primary.xml.gz            100% |=========================|  22 kB    00:00
utterrambl: ################################################## 64/64
extras                    100% |=========================| 2.1 kB    00:00
primary.sqlite.bz2        100% |=========================| 184 kB    00:38
updates                   100% |=========================| 1.9 kB    00:00
primary.sqlite.bz2        100% |=========================| 254 kB    00:28
base                      100% |=========================| 2.1 kB    00:00
primary.sqlite.bz2        100% |=========================| 1.6 MB    00:17
c5-testing                100% |=========================| 1.9 kB    00:00
addons                    100% |=========================|  951 B    00:00
Setting up Install Process
Parsing package install arguments
No package mod-security available.
Nothing to do
[root@back ~]# yum install mod_security
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package mod_security.i386 0:2.5.9-1.jason.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 mod_security            i386       2.5.9-1.jason.1  utterramblings    1.2 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)         

Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): mod_security-2.5.9 100% |=========================| 1.2 MB    00:03
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 0d4306ef
Importing GPG key 0x0D4306EF "Jason Litka (http://www.jasonlitka.com) " from http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: mod_security                 ######################### [1/1] 

Installed: mod_security.i386 0:2.5.9-1.jason.1
Complete!

This problem occurs when rpm accesses the Berkeley database files, it makes temporary locker entries within the tables while it searches for data. If you control-c your rpm processes often, this issue will occur much sooner because the locks are never cleared.

ModSecurity is a free open source Firewall for Web application which can help you to guard against Intrusion on your webservers like local file inclusion attacks, Cross Site Scripting, and SQL injection vulnerabilities and many more.

The easiest way to install mod_security is using yum, to get the latest package of modsecurity refer to jason litka rpms.
Lets Start

Install the gpg Key

You need to be Root to run this:

[ashwin@ashwin ~]$ rpm –import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

Create a File

[ashwin@ashwin ~]$ touch /etc/yum.repos.d/utterramblings.repo

Open the File using your favorite editor and add the contents

[ashwin@ashwin ~]$ vim /etc/yum.repos.d/utterramblings.repo

[utterramblings]
name=Jason’s Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

Save the File and exit

Now you can Install Mod-Security

[root@ashwin ~]# yum install mod_security
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package mod_security.i386 0:2.5.9-1.jason.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
mod_security            i386       2.5.9-1.jason.1  utterramblings    1.2 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): mod_security-2.5.9 100% |=========================| 1.2 MB    00:03
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 0d4306ef
Importing GPG key 0x0D4306EF "Jason Litka (http://www.jasonlitka.com) <jasonlitka@verizon.net>" from http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: mod_security                 ######################### [1/1]

Installed: mod_security.i386 0:2.5.9-1.jason.1
Complete!

Great You have installed mod security Restart HTTPD service and Roll. Check the Logs and you will find the magic.

Issues :

1. Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/mod_security.conf: Cannot load /etc/httpd/modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_banner

Solution :

[root@ashwin ~]#  yum remove httpd mod_perl mod_perl-devel mod_security
[root@ashwin ~]#  mv /etc/yum.repos.d/CentOS-Base.repo /tmp ( move base centos repo to /tmp )
[root@ashwin ~]#  yum install httpd ( This will install apache from utterramblings.repo )
[root@ashwin ~]#  yum install mod_perl mod_perl-devel
[root@ashwin ~]#  yum install mod_security