How to: Apache authentication using LDAP Server

Posted on in Categories Apache, Linux, UNIX last updated October 31, 2007

Network administrators frequently use the Lightweight Directory Access Protocol (LDAP) to implement a centralized directory server. You can use LDAP to authenticate users in Apache. Two popular open source LDAP solutions are OpenLDAP and Red Hat Directory Server. According to the Apache documentation, Novell LDAP and iPlanet Directory Server are also supported. This article focuses on OpenLDAP, but the concepts and examples should be applicable to the others.

=> Apache authentication and authorization using LDAP

How to: Linux Play DivX .avi video codec file

Posted on in Categories Debian Linux, Linux, Linux desktop, Linux distribution, Ubuntu Linux last updated October 31, 2007

From my mail bag:

I’ve downloaded .avi files which is compressed into small sizes while maintaining relatively high visual quality using DivX format. How do I play DivX compressed files under Debian / Ubuntu Linux?

The current version of the DivX Community Codec for the Windows platform is version 6.6, and for Mac OS X is 6.6x. There is no Linux version available however with the help of VLC and DivX for Linux codec, you should able to play all sort of DivX files.

Download and Install DivX Linux Codec

Open terminal and type the following command to download DivX codec:
$ cd /tmp
$ wget http://download.divx.com/labs/divx611-20060201-gcc4.0.1.tar.gz

Untar DivX 6.1.1 codec for Linux:
$ tar -zxvf divx611-20060201-gcc4.0.1.tar.gz
Install divx611 codec:
$ cd divx611-20060201-gcc4.0.1
$ sudo ./install.sh

Press Q after reading agreement, please type yes to install codes.

Install vlc player

The VLC media player can be installed using apt-get command, type:
$ sudo apt-get update
$ sudo apt-get install vlc

How do I play files?

Open VLC player by Visiting Applications > Sound and Video > VLC Player. You can also open terminal and type the command:
$ vlc /path/to/my-downloaded-movie.avi

Further readings:

CentOS / Red Hat Linux: Install and manage iSCSI Volume

Posted on in Categories Backup, CentOS, Linux, RedHat/Fedora Linux, Storage last updated October 30, 2007

Internet SCSI (iSCSI) is a network protocol s that allows you to use of the SCSI protocol over TCP/IP networks. It is good alternative to Fibre Channel-based SANs. You can easily manage, mount and format iSCSI Volume under Linux. It allows access to SAN storage over Ethernet.

Open-iSCSI Project

Open-iSCSI project is a high-performance, transport independent, multi-platform implementation of iSCSI. Open-iSCSI is partitioned into user and kernel parts.

Instructions are tested on:
[a] RHEL 5
[b] CentOS 5
[c] Fedora 7
[d] Debian / Ubuntu Linux

Install Required Package

iscsi-initiator-utils RPM package – The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks. This package is available under Redhat Enterprise Linux / CentOS / Fedora Linux and can be installed using yum command:
# yum install iscsi-initiator-utils

A note about Debian / Ubuntu Linux

If you are using Debian / Ubuntu Linux install open-iscsi package, enter:
$ sudo apt-get install open-iscsi

iSCSI Configuration

There are three steps needed to set up a system to use iSCSI storage:

  1. iSCSI startup using the init script or manual startup. You need to edit and configure iSCSI via /etc/iscsi/iscsid.conf file
  2. Discover targets.
  3. Automate target logins for future system reboots.
  4. You also need to obtain iSCSI username, password and storage server IP address (target host)

Step # 1: Configure iSCSI

Open /etc/iscsi/iscsid.conf with vi text editor:
# vi /etc/iscsi/iscsid.conf
Setup username and password:
node.session.auth.username = My_ISCSI_USR_NAME
node.session.auth.password = MyPassword
discovery.sendtargets.auth.username = My_ISCSI_USR_NAME
discovery.sendtargets.auth.password = MyPassword

Where,

  • node.session.* is used to set a CHAP username and password for initiator authentication by the target(s).
  • discovery.sendtargets.* is used to set a discovery session CHAP username and password for the initiator authentication by the target(s)

You may also need to tweak and set other options. Refer to man page for more information. Now start the iscsi service:
# /etc/init.d/iscsi start

Step # 2: Discover targets

Now use iscsiadm command, which is a command-line tool allowing discovery and login to iSCSI targets, as well as access and management of the open-iscsi database. If your storage server IP address is 192.168.1.5, enter:
# iscsiadm -m discovery -t sendtargets -p 192.168.1.5
# /etc/init.d/iscsi restart

Now there should be a block device under /dev directory. To obtain new device name, type:
# fdisk -l
or
# tail -f /var/log/messages
Output:

Oct 10 12:42:20 ora9is2 kernel:   Vendor: EQLOGIC   Model: 100E-00           Rev: 3.2
Oct 10 12:42:20 ora9is2 kernel:   Type:   Direct-Access                      ANSI SCSI revision: 05
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: 41963520 512-byte hdwr sectors (21485 MB)
Oct 10 12:42:20 ora9is2 kernel: sdd: Write Protect is off
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: drive cache: write through
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: 41963520 512-byte hdwr sectors (21485 MB)
Oct 10 12:42:20 ora9is2 kernel: sdd: Write Protect is off
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: drive cache: write through
Oct 10 12:42:20 ora9is2 kernel:  sdd: unknown partition table
Oct 10 12:42:20 ora9is2 kernel: sd 3:0:0:0: Attached scsi disk sdd
Oct 10 12:42:20 ora9is2 kernel: sd 3:0:0:0: Attached scsi generic sg3 type 0
Oct 10 12:42:20 ora9is2 kernel: rtc: lost some interrupts at 2048Hz.
Oct 10 12:42:20 ora9is2 iscsid: connection0:0 is operational now

/dev/sdd is my new block device.

Step # 3: Format and Mount iSCSI Volume

You can now partition and create a filesystem on the target using usual fdisk and mkfs.ext3 commands:
# fdisk /dev/sdd
# mke2fs -j -m 0 -O dir_index /dev/sdd1

OR
# mkfs.ext3 /dev/sdd1

Tip: If your volume is large size like 1TB, run mkfs.ext3 in background using nohup:
# nohup mkfs.ext3 /dev/sdd1 &

Mount new partition:
# mkdir /mnt/iscsi
# mount /dev/sdd1 /mnt/iscsi

Step #4: Mount iSCSI drive automatically at boot time

First make sure iscsi service turned on at boot time:
# chkconfig iscsi on
Open /etc/fstab file and append config directive:
/dev/sdd1 /mnt/iscsi ext3 _netdev 0 0
Save and close the file.

Further readings:

Linux assembly language comparison: GNU Assembler (GAS) vs Netwide Assembler (NASM)

Posted on in Categories Howto, Linux, programming, UNIX last updated October 24, 2007

This article explains some of the more important syntactic and semantic differences between two of the most popular assemblers for Linux®, GNU Assembler (GAS) and Netwide Assembler (NASM), including differences in basic syntax, variables and memory access, macro handling, functions and external routines, stack handling, and techniques for easily repeating blocks of code.

Unlike other languages, assembly programming involves understanding the processor architecture of the machine that is being programmed. Assembly programs are not at all portable and are often cumbersome to maintain and understand, and can often contain a large number of lines of code. But with these limitations comes the advantage of speed and size of the runtime binary that executes on that machine. Even though the differences between these two assemblers are substantial, it’s not that difficult to convert from one form to another. You might find that the AT&T syntax seems at first difficult to understand, but once mastered, it’s as simple as the Intel syntax.

=> Linux Assemblers: A Comparison of GAS and NASM

Protect Your Network from spamming, scanning, harvesting and dDoS attacks with DROP List

Posted on in Categories Debian Linux, Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, Tips, UNIX last updated October 24, 2007

DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and routing equipment.

DROP is currently available as a simple text list, but will also be available shortly as BGP with routes of listed IPs announced via an AS# allowing networks to then null those routes as being IPs that they do not wish to route traffic for.

The DROP list will NEVER include any IP space “owned” by any legitimate network and reassigned – even if reassigned to the “spammers from hell”. It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations. These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.

When implemented at a network or ISP’s ‘core routers’, DROP will protect all the network’s users from spamming, scanning, harvesting and dDoS attacks originating on rogue netblocks.

Shell script to apply DROP

Here is a shell script, you need to run on Linux based firewall / router / dedicated Linux web / mail server:

#!/bin/bash
FILE="/tmp/drop.lasso"
URL="http://www.spamhaus.org/drop/drop.lasso"
echo ""
echo -n "Applying DROP list to existing firewall..."
[ -f $FILE ] && /bin/rm -f $FILE || :
cd /tmp
wget $URL
blocks=$(cat $FILE  | egrep -v '^;' | awk '{ print $1}')
iptables -N droplist
for ipblock in $blocks
do
 iptables -A droplist -s $ipblock -j LOG --log-prefix "DROP List Block"
 iptables -A droplist -s $ipblock -j DROP
done
iptables -I INPUT -j droplist
iptables -I OUTPUT -j droplist
iptables -I FORWARD -j droplist
echo "...Done"
/bin/rm -f $FILE

Call above script from existing firewall script every 24 hrs to update and block list. Every time it’s run by crontab it will download the list and reapply the changes. You may need to modify above script to delete droplist chain before applying list. Please note that if you are using Cicso routers, use this script for the same purpose. You can also use CISCO ‘null route’ command:

ip route <network> <mask> null0

If you don’t want to play with iptables, null route all bad ips using following route command under Linux syntax:
# route add <IP> gw 127.0.0.1 lo
# route add -net <IP/mask> gw 127.0.0.1 lo

Try this and you will surprise to see how much spam and other bad stuff can be blocked.

Suse Linux: Nagios Basic Installation and Configuration

Posted on in Categories Hardware, Linux, Linux distribution, Monitoring, Networking, Suse Linux, Sys admin last updated October 24, 2007

Nagios is my favorite open source server and network monitoring application software. It watches hosts and services that you specify, alerting you when things go bad and again when they get better.

If you’re planning on installing Nagios, check out this installation guide from Rainer Brunold that gives you step-by-step instructions on how to set it up:

Nagios is a popular host and service monitoring tool used by many administrators to keep an eye on their systems.

Since I wrote a basic installation guide in Jan 2006 on Cool Solutions many new versions were published and many Nagios plugins are now available. Because of that I think it’s time to write a series of articles here that show you some very interesting solutions. I hope that you find them helpful and that you can use them in your environment. If you are not yet and nagios user I hope that I can inspire you and you give it a try.

I don’t want to write here a full documentation about Nagios, I prefer to give you a basic installation guide so you can set it up very easy and play with it yourself. The installation guide will show you how to install Nagios as well as some interesting extensions and how they integrate into each other. During this installation you will make many modifications to the installation that will help to understand how it works, how you can integrate systems and different services. I will also provide some articles about monitoring special services where I describe what they do and what configuration changes are needed. All together should give you a very good overview and documentation on how you can enhance the Nagios installation yourself.

=> Nagios 3.0 – A Extensible Host and Service Monitoring

How to: Enable and Tag Files / Directories in Gnome Linux Desktop

Posted on in Categories Linux, Linux desktop, Ubuntu Linux last updated October 24, 2007

I’ve been looking for something like this. One brand new feature of gutsy is that tracker, a desktop indexer like google desktop, runs by default. Tracker also supports taxonomy for your files and folders but this feature is not yet integrated into gnome. But wait…you can have it anyway in a few simple steps

=> Howto: Enable Tagging in Ubuntu Gutsy in 4 simple steps