Linux and UNIX interactive, process and users monitoring tool

Posted on in Categories Howto, Linux, Monitoring, OpenBSD, UNIX last updated November 26, 2007

whowatch is a interactive, ncurses-based, process and users monitoring tool, which updates information in real time. This is a perfect tool for local and remote servers. With this tool you can easily answer following question:
How do I know who are logged on in using telnet , ssh, ftp etc and what resources are they are using?

Output of whowatch command

It displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user’s process), the type of the connection (ie. telnet or ssh) is shown. Display of users command line can be switch
to tty idle time. Certain user can be selected and his processes tree may be viewed as well as tree of all system processes. Tree may be displayed with additional column that shows owner of each process. In the process tree mode SIGINT and SIGKILL signals can be sent to the selected process. Killing processes is just as simple and fun as deleting lines on the screen.

How do I install whowatch tool?

If you are using Debian Linux, type the following command:
# apt-get install whowatch

If you are using FreeBSD, type the any one of the following command:
# pkg_add -r -v whowatch

You can also use ports collection under FreeBSD:
# cd /ports/sysutils/whowatch
# make; make install; make clean

ALTERNATIVELY, download from official website.

How do I use whowatch?

Simply type whowatch at command prompt:
$ whowatch

Default output:
Who watch output

Detailed information about process / user

who-watch-output-3.png

Menu (press F9 key to activate menu option)

who-watch-output-4.png

Monitoring hard disk health with smartd under Linux or UNIX operating systems

Posted on in Categories Howto, Linux, Monitoring, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated July 4, 2007

smartd is SMART Disk Monitoring Daemon for Linux. SMART is acronym for Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA-3 and later ATA, IDE and SCSI-3 hard drives. The purpose of SMART is to monitor the reliability of the hard drive and predict drive failures, and to carry out different types of drive self-tests.

smartd works with following operating systems:

  1. Linux
  2. *BSD
  3. Windows
  4. Solaris etc

How do I Install smartd?

However, smartd is not installed by default. Following are distribution specific steps to install smartd:

Debian Linux:
# apt-get install smartmontools
Red hat/Fedora Linux:
# rpm –ivh kernel-utils
OR
# up2date kernel-utils
OR if you are using Fedora Linux
# yum kernel-utils
FreeBSD:
# pkg_add -r -v smartmontools

Before configuring hard disk for SMART monitoring make sure your hard disk is SMART capable:
# smartctl -i /dev/hda
Output:

smartctl version 5.34 [i686-pc-linux-gnu] Copyright (C) 2002-5 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model:     SAMSUNG SV2002H
Serial Number:    0395J1FR904324
Firmware Version: RA100-04
User Capacity:    20,060,651,520 bytes
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   6
ATA Standard is:  ATA/ATAPI-6 T13 1410D revision 1
Local Time is:    Tue May  2 15:44:09 2006 IST

SMART support is: Available - device has SMART capability.
SMART support is: Enabled

You can configure the smartd daemon by editing the file /etc/smartd.conf. 

In above output the lines:
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

Indicates that it is SMART capable and it is enabled.

Configure SMARTD

Debian Linux

  • Enable smart by editing /etc/default/smartmontools file.
  • Smart Configuration file: /etc/smartd.conf
  • Start/Stop smart: /etc/init.d/smartmontools start | stop

Red Hat Linux

  • Enable smart by editing /etc/smartd.conf file.
  • Smart Configuration file: /etc/smartd.conf
  • Start/Stop smart: /etc/init.d/smartd start | stop

FreeBSD

  • Enable smart by editing /etc/rc.conf file (add line smartd_enable=”YES”).
  • Smart Configuration file: /etc/smartd.conf
  • Start/Stop smart: /usr/local/etc/rc.d/smartd.sh start | stop

Example

You can put following directives in Smart Configuration file:
(a) Send an email to [email protected] for /dev/sdb:
/dev/sdb -m [email protected]
(b) Read error log:
# smartctl -l error /dev/hdb
(c) Testing hard disk (short or long test):
# smartctl -t short /dev/hdb
# smartctl -t long /dev/hdb

Caution smartd is a monitoring tool not a backup solution. Always perform data backup.

See also:

  • More information on the smarttool see official home page.
  • Read man page of smartd and smartd.conf for configuration help.

Debian Linux How to find out if installed package is from stable or testing environment

Posted on in Categories Debian Linux, Howto, Linux, Linux distribution, Tips, Ubuntu Linux last updated October 20, 2007

I install many packages for Debian / Ubuntu Linux from both stable/testing environment but some time I need to find out installed package is from stable or testing environment. I can use dpkg status file to get this information. But Debian comes with perl script called apt-show-versions which lists available package versions with distribution.

apt-show-versions parses the dpkg status file and the APT lists for the installed and available package versions and distribution and shows upgrade options within the specific distribution of the selected package. apt-show-versions uses caching for the status information of installed and available packages. If you run apt-show-versions as root the cache is updated as needed. If you run as non-root uses the newest available information, but can’t update the cache. If you run as root with the option -i the cache is initialized or updated only.

This is really useful if you have a mixed stable/testing environment and want to list all packages which are from testing and can be upgraded in testing.

Install apt-show-versions

Type the following command at shell prompt:
$ sudo apt-get install apt-show-versions
Just type command apt-show-versions:
$ apt-show-versions
Output:

java-common/testing uptodate 0.23
libperl5.8/testing upgradeable from 5.8.7-10 to 5.8.8-2
sysutils/testing upgradeable from 2.0.0-1 to 2.0.1
autoconf/unstable uptodate 2.59a-8

To upgrade all packages in testing you can type command:

# apt-get install $(apt-show-versions -u -b | fgrep testing)

Find out a list of all available versions of postgresql database server:

$ apt-show-versions -a -p postgresql

HowTo: Recovering Linux Grub Boot Loader Password

Posted on in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Troubleshooting, Ubuntu Linux last updated May 7, 2010

If you have, a password protected grub boot loader and you forgot both root and grub password, then you can recover grub-boot loader password using the following method/procedure:

* Use Knoppix cd
* Remove the password from Grub configuration file
* Reboot the system
* Change the root password
* Setup new Grub password if required (optional)

Logging to a centralized loghost from Router or other hosts

Posted on in Categories Backup, CentOS, Debian Linux, Howto, Linux, UNIX, Windows server last updated November 5, 2007

It is really a good idea to have one central logging host for security and performance reason. For example monitoring log files will help you to detect:
* Security risks (you can see failed login attempt, port scan etc) analysis
* Troubleshoot user login problem
* Save disk space
* If hard disk crashed on other hosts old logs will be available from centralized loghost

Linux (and other UNIX like systems) use sysklogd (or syslogd) utility. It is system logging facility. It support of both internet and unix domain sockets enables this utility package to support both local and remote logging from DSL/ADSL router or other hosts in your network.

Prepare syslogd to accept remote logging message

Open file /etc/init.d/sysklogd under Debian Linux to configure syslogd to accept remote message.
# vi /etc/init.d/sysklogd
Locate line SYSLOGD and edit it as follows:
SYSLOGD="-r"
The option (-r) will enable the facility to receive message from the network using an internet domain socket with the syslog service. The default is to not receive any messages from the network.

Save file and exit to shell prompt. Restart the sysklogd:
# /etc/init.d/sysklogd restart

A note about RHEL / CentOS / Fedora Linux User

If you are using Red Hat or Fedora Linux, edit file /etc/sysconfig/syslog:
# vi /etc/sysconfig/syslog
Make changes:
SYSLOGD="-r"
Restart syslogd:
# service syslog restart

Open UDP port 514

If you are, using iptables based firewall, insert following rule to your iptables script to accept connection from your network:

MYNET=192.168.1.0/24
SLSERVER=192.168.1.100

iptables -A INPUT -p udp -s $MYNET --sport 1024:65535 -d $SLSERVER --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp -s $SLSERVER --sport 514 -d $MYNET --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

192.168.1.100 is IP address of syslogd server. You need to restrict access to syslogd within your network (192.168.1.0/24) only.

Configure the Router to logging message to a centralized loghost

You can open web configuration interface and type IP address of centralized loghost (192.168.1.100) and port 514. Save configuration and reboot router.

Configure Linux or Unix host to logging message to a centralized loghost

You need to open syslog configuration file /etc/syslog.conf:
# vi /etc/syslog.conf
Setup syslogd to send all important message related to auth to loghost IP 192.168.1.100 (or use FQDN if configured)

*.*;auth,authpriv.none          @192.168.1.100

OR

*.*;auth,authpriv.none          @loghost.mydomain.com.

Restart sysklogd (Debian Linux):
# /etc/init.d/sysklogd restart
OR
Restart syslogd under Red Hat/Fedora / CentOS Linux
# service syslog restart
If required open outgoing UDP 514 port from other hosts:

# SYSLOG outgoing client request
iptables -A OUTPUT -p udp -s 192.168.1.100 --sport 1024:65535 -d 192.168.1.5 --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p udp -s 192.168.1.5 --sport 514 -d 192.168.1.100 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Windows NT/2000/XP/Vista Desktop system

You can force your Windows NT/2000/XP desktop to log all messages to a centralized loghost. However, Windows do not have in build system to log message to remote Unix syslogd server. You can use NTsyslog program, which runs as a service under Windows NT based operating systems. It formats all System, Security, and Application events into a single line and sends them to a syslogd host.

Verify that message are logged in to your /var/log/messages# tail -f /var/log/messages
Output:

Feb 16 02:08:01 router  kernel: klogd started: BusyBox v1.00 (2005.09.22-19:11+0000)
Feb 16 02:08:01 router  kernel: Linux version 2.6.8.1 ([email protected]) (gcc version 3.4.2) #1 Thu Sep 22 15:07:47 EDT 2005
Feb 16 02:08:01 router  kernel: Total Flash size: 2048K with 39 sectors
Feb 16 02:08:01 router  kernel: 96338L-2M-8M prom init
Feb 16 02:08:01 router  kernel: CPU revision is: 00029010
Feb 16 02:08:01 router  kernel: Determined physical RAM map:
Feb 16 02:08:01 router  kernel:  memory: 007a0000 @ 0000000
..........
...
......
Feb 16 02:08:01 router  kernel: AdslCoreHwReset: AdslOemDataAddr = 0xA07E504C
Feb 16 02:08:01 router  kernel: ip_tables: (C) 2000-2002 Netfilter core team
Feb 16 02:08:01 router  kernel: ip_conntrack version 2.1 (61 buckets, 0 max) - 368 bytes
Feb 16 02:08:06 router  pppd[224]: pppd 2.4.1 started by admin, uid 0
Feb 16 02:08:07 router  pppd[224]: PPP: Start to connect ...
Feb 16 02:08:10 router  dnsprobe[272]: dnsprobe started!