≡ Menu

configuration file

HP-UX UNIX: Start / Stop and Configure Cron Services

Q. I need to run a backup and other stuff everyday. How do I check and start cron service under HP-UX UNIX operating system? How do I write cron jobs?
[click to continue…]

Q. I'm getting following error on my Debian Linux system:

mv cannot move /etc/resolv.conf.dhclient-new to /etc/resolv.conf: Operation not permitted

How do I fix this problem?
[click to continue…]

Stop Ubuntu / Debian Linux From Deleting /tmp Files on Boot

Q. I know /tmp as it named is a temporary dircory, Debian policy is to clean /tmp at boot. However, I'd like to configure my Ubuntu Server to stop deleting files from /tmp on boot due to custom configuration issue. How do I configure behavior of boot scripts to stop deleting files on boot?
[click to continue…]

How to: Log connections made by user for any service under Linux

Q. I'd like to log information about selected incoming and outgoing TCP/IP connections to a log file. For example, log connection made by user "tom" for the service ftp or ssh? How do I configure Linux to log connections?

A. You can write a perl or shell script to monitor and log all connection. However, there is an easy way out. Use the tool called tcpspy. As name suggest it can spy on users. tcpspy logs information about selected incoming and outgoing TCP/IP connections to syslog. The following information is logged:

a) Username
b) Local address and port
c) Remote address, port, and optionally the filename of the executable

It only support the IPv4 protocol.

Install tcpspy

Use apt-get or yup or ports collection:
apt-get install tcpspy

Configuration file

The default configuration file is located at /etc/tcpspy.rules.

Sample configuration

Open /etc/tcpspy.rules file:
# vi /etc/tcpspy.rules
To log connections made by user "tom" for the service "ssh", enter:
user "jom" and rport "ssh"
You can also enter above rule at command prompt:
# tcpspy -e 'user "tom" and rport "ssh"'
Log connections made by user "tom" for the service "ftp", enter:
# tcpspy -e 'user "tom" and rport "ftp"'
Following will log connections made by users "vivek" and "tom" to remote port 25 (SMTP) on machines not on a "intranet"
# tcpspy -e 'not raddr and rport 25 and (user "vivek" or user "tom")'
Log connections made by /usr/bin/ftp:
# tcpspy -e 'exe "/usr/bin/ftp"'
OR combine monitoring for ftp and telnet binary:
# tcpspy -e 'exe "/usr/bin/ftp and /usr/bin/telnet"'

The -e option is used to set a rule. It can be used to log information about connections matching this rule, overriding the default of logging all connections.

tcpspy rules

  • user "username" - True if the local username / user initiating or accepting the connection has the effective user id uid.
  • rport "port" - It Compares the port number of the remote end of the connection i.e outgoing connections
  • lport "port" - True if the local end of the connection has port number port.
  • exe "pattern" - True if the full filename (including directory) of the executable that created/accepted the connection matches pattern, a UNIX (glob) style wildcard pattern.
  • or - Define logical or (expr1 or expr2)
  • and - Define logical and (expr1 and expr2)
  • not - Define logical not (not user "vivek")

Refer to tcpspy man page for more syntax option.
$ man tcpspy

Linux change the directory for kdump to put its vmcore files

Q. How can I change the directory for kdump to put its vmcore files under CentOS Linux 5.0 operating system?

A. Kdump is a kexec based crash dumping mechansim for Linux. Kdump functionality is broken mainly in two components, user space and kernel space. Kdump support included in all modern Linux distro such as Suse, RHEL, CentOS and Debian. By default, kdump dumps its vmcore files in /var/crash directory. You can easily change this location by modifying kdump configuration file /etc/kdump.conf.

Change the directory for kdump

Open config file:
# vi /etc/kdump.conf
You need to set path using path command:
path -
You need to append path to the filesystem device which you are dumping to. Ignored for raw device dumps. If unset, will default to /var/crash. Set new path to /dumps directory:
path /dumps
Save and close the file.

Further readings:

Ubuntu Linux Install Apache 2 Web-Server Software

How do I install Apache 2 software on Ubuntu Linux using command line options?
[click to continue…]

Red Hat / Centos Install Denyhosts To Block SSH Attacks / Hacking

How do I block and stop attacks on ssh server under CentOS Linux or Red Hat Enterprise Linux server 5.x?
[click to continue…]

HP-UX start or stop / restart OpenSSH SSHD service

Q. I’ve HP-UX installed on my HP UX UNIX server. But I’m not able to start or restart the OpenSSH ssh server. How do I stop or restart sshd under HP-UX?
A. HP-UX Secure Shell uses Pluggable Authentication Module for password authentication. Server configuration file is located at /opt/ssh/etc/sshd_config.

HP-UX SSHD System Startup and Shutdown script:

/sbin/init.d/secsh {start|stop}

System startup configuration file


Stop HP UX SSH Service

Type the command:
# /sbin/init.d/secsh stop

Start HP UX SSH Service

Type the command:
# /sbin/init.d/secsh start

Linux / UNIX killing a process and restarting the same

Q. How do I kill a process called inetd or foo and restart the same so that configuration file get updated?

A. Both UNIX and Linux supports POSIX reliable signals and POSIX real-time signals. Each signal has a current disposition, which determines how the process behaves when it is delivered the signal.

Generally following command is used
kill -1 process-pid

First get pid of inetd:
ps -e | grep inetd
Now force read inetd.conf:
kill -1 xinetd-pid

You can also use pkill command used to send signals. The pkill command allows the use of extended regular expression patterns and other matching criteria.
pkill -HUP process-name

Make syslog reread its configuration file
# pkill -HUP syslogd

Make xinetd reread its configuration file
# pkill -HUP inetd

Find subnet mask on UNIX

Q. How do I find out subnet mask on UNIX operating system? Can you tell us the name of command and configuration file to store subnetmask under UNIX?

A. A subnetwork/ subnet is a range of logical addresses within the address space that is assigned to an organization. Subnetting is a hierarchical partitioning of the network address space of an organization (and of the network nodes of an autonomous system) into several subnets. Routers constitute borders between subnets. Communication to and from a subnet is mediated by one specific port of one specific router, at least momentarily.

Under UNIX / Linux, you need to use the ifconfig utility to assign an address to a network interface
and/or configure network interface parameters. Same command can display subnet. Just type command ifconfig:
$ ifconfig
$ /sbin/ifconfig
$ /sbin/ifconfig interface-name

lnc0: flags=108843 mtu 1500
        inet netmask 0xfffffff8 broadcast
        ether 00:0c:29:32:8a:8c
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet netmask 0xff000000

Look for inet line you will see an IP address, followed by netmask.