≡ Menu

apt-get command

Finally Debian GNU/Linux 4.0 updated.

The Debian project has updated the stable distribution Debian GNU/Linux 4.0 (codename Etch). This update adds security updates to the stable release, together with a few corrections to serious problems. As always, the first point release also corrects a few issues that have been noticed too late in the release process to stop the release, but still should be fixed.

As usual, upgrading to this revision online is done by running the apt-get / aptitude package tool.

Download Debian 4.0r1

=> Visit official site.

I’m little surprised to find that Ubuntu Linux skips development man pages by default. A quick search using apt-cache pointed out to manpages-dev package. It includes manual pages about using GNU/Linux for development.

Install development man pages

Use apt-get command:
$ sudo apt-get install manpages-dev
To view library calls (functions within program libraries), enter:
$ man 3 function-name
$ man 3 putc

How do you install and use rsync to synchronize files and directories from one location (or one server) to another location? - A common question asked by new sys admin.
[click to continue…]

Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands.

It is recommended that you log user activity using process accounting. Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time :)

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

  • The ac command displays statistics about how long users have been logged on.
  • The lastcomm command displays information about previous executed commands.
  • The accton command turns process accounting on or off.
  • The sa command summarizes information about previously executed commmands.

Task: Install psacct or acct package

Use up2date command if you are using RHEL ver 4.0 or less
# up2date psacct
Use yum command if you are using CentOS/Fedora Linux / RHEL 5:
# yum install psacct
Use apt-get command if you are using Ubuntu / Debian Linux:
$ sudo apt-get install acct OR # apt-get install acct

Task: Start psacct/acct service

By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file. But under Red Hat /Fedora Core/Cent OS you need to start psacct service manually. Type the following two commands to create /var/account/pacct file and start services:
# chkconfig psacct on
# /etc/init.d/psacct start

If you are using Suse Linux, the name of service is acct. Type the following commands:
# chkconfig acct on
# /etc/init.d/acct start

Now let us see how to utilize these utilities to monitor user commands and time.

Task: Display statistics about users' connect time

ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:
$ acOutput:

total       95.08

Display totals for each day rather than just one big total at the end:
$ ac -dOutput:

Nov  1  total        8.65
Nov  2  total        5.70
Nov  3  total       13.43
Nov  4  total        6.24
Nov  5  total       10.70
Nov  6  total        6.70
Nov  7  total       10.30
.....
..
...
Nov 12  total        3.42
Nov 13  total        4.55
Today   total        0.52

Display time totals for each user in addition to the usual everything-lumped-into-one value:
$ ac -pOutput:

        vivek                             87.49
        root                                 7.63
        total       95.11

Task: find out information about previously executed user commands

Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.

Display command executed by vivek user:
$ lastcomm vivekOutput:

userhelper        S   X vivek  pts/0      0.00 secs Mon Nov 13 23:58
userhelper        S     vivek  pts/0      0.00 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.01 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.00 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.01 secs Mon Nov 13 23:45
gcc                     vivek  pts/0      0.00 secs Mon Nov 13 23:45
which                   vivek  pts/0      0.00 secs Mon Nov 13 23:44
bash               F    vivek  pts/0      0.00 secs Mon Nov 13 23:44
ls                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
rm                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
vi                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
cat                     vivek  pts/0      0.00 secs Mon Nov 13 23:42
netstat                 vivek  pts/0      0.07 secs Mon Nov 13 23:42
su                S     vivek  pts/0      0.00 secs Mon Nov 13 23:38

For each entry the following information is printed. Take example of first output line:
userhelper S X vivek pts/0 0.00 secs Mon Nov 13 23:58
Where,

  • userhelper is command name of the process
  • S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
    • S -- command executed by super-user
    • F -- command executed after a fork but without a following exec
    • D -- command terminated with the generation of a core file
    • X -- command was terminated with the signal SIGTERM
  • vivek the name of the user who ran the process
  • prts/0 terminal name
  • 0.00 secs - time the process exited

Search the accounting logs by command name:
$ lastcomm rm
$ lastcomm passwd
Output:

rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:36
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:36
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:35
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:35
rm                      vivek    pts/0      0.00 secs Tue Nov 14 00:30
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:30
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:29
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:29

Search the accounting logs by terminal name pts/1
$ lastcomm pts/1

Task: summarizes accounting information

Use sa command to print summarizes information about previously executed commands. In addition, it condenses this data into a summary file named savacct which contains the number of times the command was called and the system resources used. The information can also be summarized on a per-user basis; sa will save this iinformation into a file named usracct.
# saOutput:

     579     222.81re       0.16cp     7220k
       4       0.36re       0.12cp    31156k   up2date
       8       0.02re       0.02cp    16976k   rpmq
       8       0.01re       0.01cp     2148k   netstat
      11       0.04re       0.00cp     8463k   grep
      18     100.71re       0.00cp    11111k   ***other*
       8       0.00re       0.00cp    14500k   troff
       5      12.32re       0.00cp    10696k   smtpd
       2       8.46re       0.00cp    13510k   bash
       8       9.52re       0.00cp     1018k   less

Take example of first line:
4 0.36re 0.12cp 31156k up2date
Where,

  • 0.36re "real time" in wall clock minutes
  • 0.12cp sum of system and user time in cpu minutes
  • 31156k cpu-time averaged core usage, in 1k units
  • up2date command name

Display output per-user:
# sa -uOutput:

root       0.00 cpu      595k mem accton
root       0.00 cpu    12488k mem initlog
root       0.00 cpu    12488k mem initlog
root       0.00 cpu    12482k mem touch
root       0.00 cpu    13226k mem psacct
root       0.00 cpu      595k mem consoletype
root       0.00 cpu    13192k mem psacct           *
root       0.00 cpu    13226k mem psacct
root       0.00 cpu    12492k mem chkconfig
postfix    0.02 cpu    10696k mem smtpd
vivek      0.00 cpu    19328k mem userhelper
vivek      0.00 cpu    13018k mem id
vivek      0.00 cpu    13460k mem bash             *
lighttpd   0.00 cpu    48240k mem php              *

Display the number of processes and number of CPU minutes on a per-user basis
# sa -mOutput:

                                      667     231.96re       0.17cp     7471k
root                                  544      51.61re       0.16cp     7174k
vivek                                 103      17.43re       0.01cp     8228k
postfix                                18     162.92re       0.00cp     7529k
lighttpd                                2       0.00re       0.00cp    48536k

Task: Find out who is eating CPU

By looking at re, k, cp/cpu (see above for output explanation) time you can find out suspicious activity or the name of user/command who is eating up all CPU. An increase in CPU/memory usage (command) is indication of problem.

Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

Lighttpd logo

If you are new to Lighttpd, please see how to install and configure Lighttpd web server.

The Webalizer is a fast, free, web-server log files analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
Statistics commonly reported by Webalizer include: hits; visits; referers; the visitors' countries; and the amount of data downloaded. These statistics can be viewed graphically and presented by different time frames, such as per day, hour, or month.

Install Webalizer

If you are using Fedora Core or Cent Os, type the following command to install
# yum install webalizer

If you are using Debian Linux Os, type the following command to install
# apt-get install webalizer

Webalizer configuration

Let us see how to configure Webalizer for the domain theos.in:

  • Domain name: theos.in
  • Webroot: /home/lighttpd/theos.in/
  • Webalizer Webroot: /home/lighttpd/theos.in/stats
  • Webalizer Reports directory: /home/lighttpd/theos.in/stats/out
  • Webalizer configuration file: /home/lighttpd/theos.in/stats/webalizer.conf
  • Webalizer state log file: /home/lighttpd/theos.in/stats/webalizer.current (This file stored incremental processing state for logs. This is useful for large sites that have to rotate their log files more than once a month [using logrotate] )
  • Webalizer the history file: /home/lighttpd/theos.in/stats/webalizer.hist (keeps the data for up to 12 months worth of logs i.e. you will be able to see last 12 months stats)
    Lighttpd log file location: /var/log/lighttpd/theos.in/access.log

To configure Webalizer, copy /etc/webalizer.conf file to your webroot/stats directory. Type the following commands:
# mkdir -p /home/lighttpd/theos.in/stats
# cp /etc/webalizer.conf /home/lighttpd/theos.in/stats/webalizer.conf

Now open /home/lighttpd/theos.in/stats/webalizer.conf file:
# vi /home/lighttpd/theos.in/stats/webalizer.conf

Setup LogFile location:
LogFile /var/log/lighttpd/theos.in/access.log

Make sure LogType is set to Lighttpd’s Combined web server log format:
LogType clf

Setup statistics report directory where you want to put the output files:
OutputDir /home/lighttpd/theos.in/stats/out

Setup the name of the history file:
HistoryName /home/lighttpd/theos.in/stats/webalizer.hist

Make sure you get stats for last 12 months:
Incremental yes

Specify the filename for saving the incremental data:
IncrementalName /webroot/home/lighttpd/theos.in/stats/webalizer.current

Define the hostname of report:
HostName theos.in

Setup DNSCache file name. Use the same file name for all your domains. This will speed up DNS name lookup (you need to create a directory /var/cache/webalizer):
DNSCache /var/cache/webalizer/dns_cache.db

To get accurate stats you need to hide your own site from stats:
HideSite theos.in

In addition, you need to hide your own site from referrals as it gives most referrals:
HideReferrer theos.in

Save and close the file.

Create a directory to store DNS cache file:
# mkdir -p /var/cache/webalizer

Generate test stats:
$ webalizer -c /home/lighttpd/theos.in/stats/webalizer.conf

Map /home/lighttpd/theos.in/stats/ directory to url:
Since /home/lighttpd/theos.in/stats directory is out of your default webroot (/home/lighttpd/theos.in/html) you will not able to see the stats by visiting url http://theos.in/stats/. You can take the help of Lighttpd's mod_alias to map urls. Open your configuration file and type following line:
# vi /etc/lighttpd/lighttpd.conf
Append following config directives:
alias.url = (
"/stats/" => "/home/lighttpd/theos.in/stats/out/"
)

Save and close the file. Restart the Lighttpd server:
# /etc/init.d/lighttpd restart

View your stats by visiting http://yourdomain.com/stats/ url . Here is sample stat from my own personal website (Click to enlarge images):

Lighttpd Webalizer stats # 1

Lighttpd Webalizer stats # 2

Lighttpd Webalizer stats # 3

Security

Since your log contains lots of personal information of your visitors (such as IP address, Search string query and much more), it is a good idea to put statistic folder/directory in a password protected directory.

Rotating log files

Finally, you need to configure logrotate to rotate logs files with Lighttpd

If you are using hot swappable hard disk and created new partition using fdisk then you need to reboot Linux based system to get partition recognized. Without reboot you will NOT able to create filesystem on your newly created or modified partitions with the mke2fs command.

However with partprobe command you should able to create a new file system without rebooting the box. It is a program that informs the operating system kernel of partition table changes, by requesting that the operating system re-read the partition table.
[click to continue…]

After few months or years later, you will notice unnecessary files, libraries and/or documentation eating up your disk space On Debian or Ubuntu Linux. Try the following tips to free up disk space.
[click to continue…]