Fix a dual boot Windows Vista and Linux problem

Posted on in Categories Howto, Linux desktop, RedHat/Fedora Linux, Troubleshooting, Ubuntu Linux, Windows last updated November 22, 2006

How do you fix a dual boot system if you had to reinstall Windows Vista and you can no longer boot to Fedora Core 6 (FC6) or Fedora Linux ? Nobody wants to reinstall FC 6 or Fedora Linux again!

Almost all versions of Microsoft Windows (including XP, Vista and old versions) overwrite GRUB bootloader in MBR (master boot record). As a result Windows boot loader becomes a new boot loader and GRUB will not appear on screen (you will not able to see GRUB menu options).

But don’t worry you can easily fix the problem. Please note that if you are using Debian or Ubentu Linux just follow these instructions. Following instuctions are Fedora Linux only and should work with RHEL / CentOS too:

Step # 1: Boot from Fedora Core Linux 1st CD or DVD

Set BIOS to boot from CD/DVD rom. At boot: prompt type command linux rescue
boot: linux rescue

Just follow on screen instructions, when prompted let installer search Linux installation. If the search operation is successful, your old Linux installation will be available at special directory called /mnt/sysimage.

Step # 2: Prepare system for GRUB reinstallation

Type the following commands at shell prompt:
# chroot /mnt/sysimage
# cd /boot/grub

chroot command allows to run rest of all *COMMAND* with root directory set to NEWROOT called /mnt/sysimage. Without chroot environment you will not able to restore GRUB on Fedora Core 6.

Step # 3: Find out your GRUB bootloader installation location

If you have only one IDE hard disk default should be /dev/hda. You can use any of the following command to determine your device name:
# grep '#boot' grub.confOuput:

#boot=/dev/sda

Above output clearly point out that /dev/sda device where my GRUB bootloader was previously installed.

You can also try out fdisk -l command to list partitions and disk information:
# fdisk -l

Step # 4: Reinstall GRUB

Use grub-install command to install GRUB on your drive /dev/sda
# grub-install /dev/sda

Please note that if above command returned any error return with –recheck option to probe a device map even if it already exists
# grub-install --recheck /dev/sda

Step # 5: Reboot system

Exit from chrooted environment and reboot Linux:
# sync;sync;exit;exit
# reboot

Now GRUB will be able to boot both Windows Vista and Fedora Core 6. In UNIX/Linux dd command can be used to backup and restore the MBR ๐Ÿ™‚

How to keep a detailed audit trail of what's being done on your Linux systems

Posted on in Categories Linux, RedHat/Fedora Linux, Security, Suse Linux, Ubuntu Linux, UNIX last updated November 14, 2006

Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands.

It is recommended that you log user activity using process accounting. Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time ๐Ÿ™‚

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

  • The ac command displays statistics about how long users have been logged on.
  • The lastcomm command displays information about previous executed commands.
  • The accton command turns process accounting on or off.
  • The sa command summarizes information about previously executed commmands.

Task: Install psacct or acct package

Use up2date command if you are using RHEL ver 4.0 or less
# up2date psacct
Use yum command if you are using CentOS/Fedora Linux / RHEL 5:
# yum install psacct
Use apt-get command if you are using Ubuntu / Debian Linux:
$ sudo apt-get install acct OR # apt-get install acct

Task: Start psacct/acct service

By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file. But under Red Hat /Fedora Core/Cent OS you need to start psacct service manually. Type the following two commands to create /var/account/pacct file and start services:
# chkconfig psacct on
# /etc/init.d/psacct start

If you are using Suse Linux, the name of service is acct. Type the following commands:
# chkconfig acct on
# /etc/init.d/acct start

Now let us see how to utilize these utilities to monitor user commands and time.

Task: Display statistics about users’ connect time

ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:
$ acOutput:

total       95.08

Display totals for each day rather than just one big total at the end:
$ ac -dOutput:

Nov  1  total        8.65
Nov  2  total        5.70
Nov  3  total       13.43
Nov  4  total        6.24
Nov  5  total       10.70
Nov  6  total        6.70
Nov  7  total       10.30
.....
..
...
Nov 12  total        3.42
Nov 13  total        4.55
Today   total        0.52

Display time totals for each user in addition to the usual everything-lumped-into-one value:
$ ac -pOutput:

        vivek                             87.49
        root                                 7.63
        total       95.11

Task: find out information about previously executed user commands

Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.

Display command executed by vivek user:
$ lastcomm vivekOutput:

userhelper        S   X vivek  pts/0      0.00 secs Mon Nov 13 23:58
userhelper        S     vivek  pts/0      0.00 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.01 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.00 secs Mon Nov 13 23:45
rpmq                    vivek  pts/0      0.01 secs Mon Nov 13 23:45
gcc                     vivek  pts/0      0.00 secs Mon Nov 13 23:45
which                   vivek  pts/0      0.00 secs Mon Nov 13 23:44
bash               F    vivek  pts/0      0.00 secs Mon Nov 13 23:44
ls                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
rm                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
vi                      vivek  pts/0      0.00 secs Mon Nov 13 23:43
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
ping              S     vivek  pts/0      0.00 secs Mon Nov 13 23:42
cat                     vivek  pts/0      0.00 secs Mon Nov 13 23:42
netstat                 vivek  pts/0      0.07 secs Mon Nov 13 23:42
su                S     vivek  pts/0      0.00 secs Mon Nov 13 23:38

For each entry the following information is printed. Take example of first output line:
userhelper S X vivek pts/0 0.00 secs Mon Nov 13 23:58
Where,

  • userhelper is command name of the process
  • S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
    • S — command executed by super-user
    • F — command executed after a fork but without a following exec
    • D — command terminated with the generation of a core file
    • X — command was terminated with the signal SIGTERM
  • vivek the name of the user who ran the process
  • prts/0 terminal name
  • 0.00 secs – time the process exited

Search the accounting logs by command name:
$ lastcomm rm
$ lastcomm passwd
Output:

rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:39
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:38
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:36
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:36
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:35
rm                S     root     pts/0      0.00 secs Tue Nov 14 00:35
rm                      vivek    pts/0      0.00 secs Tue Nov 14 00:30
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:30
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:29
rm                      vivek    pts/1      0.00 secs Tue Nov 14 00:29

Search the accounting logs by terminal name pts/1
$ lastcomm pts/1

Task: summarizes accounting information

Use sa command to print summarizes information about previously executed commands. In addition, it condenses this data into a summary file named savacct which contains the number of times the command was called and the system resources used. The information can also be summarized on a per-user basis; sa will save this iinformation into a file named usracct.
# saOutput:

     579     222.81re       0.16cp     7220k
       4       0.36re       0.12cp    31156k   up2date
       8       0.02re       0.02cp    16976k   rpmq
       8       0.01re       0.01cp     2148k   netstat
      11       0.04re       0.00cp     8463k   grep
      18     100.71re       0.00cp    11111k   ***other*
       8       0.00re       0.00cp    14500k   troff
       5      12.32re       0.00cp    10696k   smtpd
       2       8.46re       0.00cp    13510k   bash
       8       9.52re       0.00cp     1018k   less

Take example of first line:
4 0.36re 0.12cp 31156k up2date
Where,

  • 0.36re “real time” in wall clock minutes
  • 0.12cp sum of system and user time in cpu minutes
  • 31156k cpu-time averaged core usage, in 1k units
  • up2date command name

Display output per-user:
# sa -uOutput:

root       0.00 cpu      595k mem accton
root       0.00 cpu    12488k mem initlog
root       0.00 cpu    12488k mem initlog
root       0.00 cpu    12482k mem touch
root       0.00 cpu    13226k mem psacct
root       0.00 cpu      595k mem consoletype
root       0.00 cpu    13192k mem psacct           *
root       0.00 cpu    13226k mem psacct
root       0.00 cpu    12492k mem chkconfig
postfix    0.02 cpu    10696k mem smtpd
vivek      0.00 cpu    19328k mem userhelper
vivek      0.00 cpu    13018k mem id
vivek      0.00 cpu    13460k mem bash             *
lighttpd   0.00 cpu    48240k mem php              *

Display the number of processes and number of CPU minutes on a per-user basis
# sa -mOutput:

                                      667     231.96re       0.17cp     7471k
root                                  544      51.61re       0.16cp     7174k
vivek                                 103      17.43re       0.01cp     8228k
postfix                                18     162.92re       0.00cp     7529k
lighttpd                                2       0.00re       0.00cp    48536k

Task: Find out who is eating CPU

By looking at re, k, cp/cpu (see above for output explanation) time you can find out suspicious activity or the name of user/command who is eating up all CPU. An increase in CPU/memory usage (command) is indication of problem.

Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

Red Hat enterprise Linux Install lighttpd and Fastcgi PHP

Posted on in Categories Howto, lighttpd, RedHat/Fedora Linux last updated October 2, 2006
Lighttpd logo

I have received many queries regarding how to configure and install Lighttpd web server under Red Hat Enterprise Linux version 4.0. Mark asks:

RHEL 64 bit v4.0 does not support PHP as FastCGI. Lighttpd is not available from RHN (up2date command). How do I configure and install lighttpd with FastCGI?

Ok let me answer these questions and other queries systematically. I have installed Lighttpd under both RHEL v4.0 32/64 bit version couple of times. In all cases, you need to compile both PHP and Lightttpd. Do not worry steps are quite easy.

Install and configure Lighttpd under RHEL

RedHat Linux use RHN to provide stable version of all software(s) including PHP/Apache and for some weird reasons it does not come with lighttpd web server. However, I have tested RHEL v.5.0 (beta) which comes with lots of goodies such as caching software, fastcgi etc.

Step #1: Install and configure Lighttpd under RHEL 64 bit v4.0

First, you need to remove installed PHP version. Use rpm -qa | grep php command to find out list of all installed PHP rpm files:
# rpm -qa | grep phpRemove all PHP files:# rpm -e php php-devel php-imap php-ldap php-pear

Step #2: Download lighttpd source code

There is no official RPM file available from Red Hat itself for 64/32 bit version. You can download and compile Lighttpd as follows:
# wget http://lighttpd.net/download/lighttpd-1.4.16.tar.gz
# tar -zxvf lighttpd-1.4.16.tar.gz
# cd lighttpd-1.4.16

Step #3: Compile and install lighttpd:

Following commands will compile lighttpd with OpenSSL support. First, configure lighttpd:
# ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-openssl

Now compile lighttpd
# make

Install lighttpd:
# make install

Step #4: Build PHP RPM as FastCGI

Now recompile PHP and build PHP RPM as FastCGI. Download PHP SRPM from official Red Hat Site or use following command to download PHP source RPM (recommended):
# cd /opt
# up2date -d --src php

Now install downloaded source RPM file:
# rpm -ivh php-4.3.9-3.1.src.rpm

First, install all necessary development libraries:
# up2date aspell-devel libjpeg-devel libpng-devel libc-client-devel mysql-devel postgresql-devel unixODBC-devel net-snmp-devel elfutils-devel libxslt-devel freetype-devel

Open php rpm configuration file:
# cd /usr/src/redhat/SPECS/
Open php.spec file:
# vi php.spec
Find out line, which read as follows:
--enable-force-cgi-redirect

Before that line add:
--enable-fastcgi \
Save and close the file.

Compile and build RPM file:
# rpmbuild -bb php.spec

Now install all newly rebuild RPM files. Go to /usr/src/redhat/RPMS/x86_64 directory, where all newly build RPMs are stored:
# cd /usr/src/redhat/RPMS/x86_64
# rpm -ivh php-4.3.9-3.18.x86_64.rpm php-gd-4.3.9-3.18.x86_64.rpm php-imap-4.3.9-3.18.x86_64.rpm php-mysql-4.3.9-3.18.x86_64.rpm php-mbstring-4.3.9-3.18.x86_64.rpm php-pear-4.3.9-3.18.x86_64.rpm

Make sure php is installed with fastcgi:
# php -vOutput:

PHP 4.3.9 (cgi-fcgi) (built: Oct  2 2006 15:31:07)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

If you do not have development environment installed or if you are too lazy to compile download AMD x86_64 RPM files. Please note that these files are provided as it is.

Basic Lighttpd configuration

a) Add a lighttpd user
# adduser -s /sbin/nologin lighttpd

b) Create a lighttpd.conf file
# mkdir /etc/lighttpd
# cd /etc/lighttpd
# vi lighttpd.conf
Add following config code:
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_auth",
"mod_status",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_accesslog" )
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
mimetype.assign = (
".rpm" => "application/x-rpm",
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)
########## BASE CONFIG - EDIT BELOW #########################
server.tag = "lighttpd (RedHat)"
accesslog.filename = "/var/log/lighttpd/access_log"
server.errorlog = "/var/log/lighttpd/error_log"
server.document-root = "/var/www/html/"
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.port = 80
server.bind = "202.54.xxx.xxx"
server.error-handler-404 = "/errorr404.php"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/bin/php",
"max-procs" => 2,
)
)
)

c) Create a lighttpd sysconfig file:
# vi /etc/sysconfig/lighttpd
Add following line:
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
Save and close the file.

d) Create a lighttpd startup file (init.d script)
# vi /etc/init.d/lighttpd
Append following line:
#!/bin/sh
#
# lighttpd Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lighttpd web server
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Source function library
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/lighttpd ]; then
. /etc/sysconfig/lighttpd
fi
if [ -z "$LIGHTTPD_CONF_PATH" ]; then
LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi
prog="lighttpd"
lighttpd="/usr/sbin/lighttpd"
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $lighttpd -f $LIGHTTPD_CONF_PATH
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $lighttpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
reload() {
echo -n $"Reloading $prog: "
killproc $lighttpd -HUP
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
reload)
reload;;
status)
status $lighttpd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
RETVAL=1
esac
exit $RETVAL

Save and close the file.

e) Create necessary directories and set correct permissions:
# mkdir -p /var/log/lighttpd
# mkdir -p /tmp/lighttpd/cache/compress/
# chown lighttpd:lighttpd /var/log/lighttpd
# chown lighttpd:lighttpd /tmp/lighttpd/cache/compress/

f) Start the lighttpd, but first stop Apache if running:
# chkconfig httpd off
# /etc/init.d/httpd stop
# chkconfig --add lighttpd
# chkconfig lighttpd on
# /etc/init.d/lighttpd start

Verify that Lighttpd is running:
# netstat -tulpn | grep :80

Update: See how to use lighttpd and FastCGI configuration under RHEL 5.0 / CentOS 5.0.

Comparison: Linux vs FreeBSD (Bsd) oses

Posted on in Categories FreeBSD, Linux, OpenBSD last updated June 11, 2006

If you would like to compare FreeBSD and Linux, then keep in mind following points:

* SMP support

* Portability

* Reliability/robust

* Performance

* Security

* Filesystem

* Support (community and vendor)

* Clean code and well documented API

* Amount of software/applications

* 3rd party apps support

FeatureFreeBSDLinux
SMP supportGood (v5.x/6.x+)Very Good (2.6+)
Reliability/robustVery GoodGood
PerformanceVery GoodGood
Security (out of box)Very goodGood
FilesystemGoodGood
Oracle/ERP appsNot supportedVery good
Package managementExcellent (ports & binary)Depends on distribution (Debian – excellent, RPM based – ok (go for yum))
Dell/IBM/HP server supportN/A (FreeBSD works with these vendors systems; at least I have very good experience with HP boxes)Very good
Support (community and vendor)GoodGood

Based upon my personal experience I recommend FreeBSD for Internet server (webserver or mail servers). They are extremely stable. FreeBSD is known to handle heavy load efficiently.

However, if you are looking to run 4 or 8 way SMP server or Oracle database server, use Linux (go for RHEL or Suse enterprise Linux). Linux has excellent support from these vendors.

In addition, OpenBSD is my choice for firewall/NAT/DMZ. ๐Ÿ˜€ If anyone has more information, just comment it below.

Further reading:

Black Screen While Starting X window

Posted on in Categories Debian Linux, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Troubleshooting, Ubuntu Linux, X server last updated April 2, 2006

My friend is new to Linux, everything was fine until he made some changes to X, which result into this problem. Now whenever he types command startx to start X he get a blank screen. Finally, he contacted me me via yahoo and asked me to get rid rid of this problem.

Step # 1: Reset blank X screen

First, get out of Blank screen by pressing combination of keys Ctrl+Alt+Backspace. If this fails, reboot system.

Step # 2: Reconfigure X server display

At shell, prompt type the following command to reconfigure X display.

If you are using Red Hat /Fedora / CentOS Linux type command:
# redhat-config-xfree86
If you are using Debian Linux type command:
# dpkg-reconfigure xserver-xfree86
OR login as the root user and type command:
# XFree86 -configure

Step # 3: Test new setup

Type startx to test your new settings:
# startx
OR if you used XFree86 รขโ‚ฌโ€œconfigure command to reconfigure X, then test it with following command:
# XFree86 -xf86config /etc/X11/XF86Config.new

See also:

Logging to a centralized loghost from Router or other hosts

Posted on in Categories Backup, CentOS, Debian Linux, Howto, Linux, UNIX, Windows server last updated February 16, 2006

It is really a good idea to have one central logging host for security and performance reason. For example monitoring log files will help you to detect:
* Security risks (you can see failed login attempt, port scan etc) analysis
* Troubleshoot user login problem
* Save disk space
* If hard disk crashed on other hosts old logs will be available from centralized loghost

Linux (and other UNIX like systems) use sysklogd (or syslogd) utility. It is system logging facility. It support of both internet and unix domain sockets enables this utility package to support both local and remote logging from DSL/ADSL router or other hosts in your network.

Prepare syslogd to accept remote logging message

Open file /etc/init.d/sysklogd under Debian Linux to configure syslogd to accept remote message.
# vi /etc/init.d/sysklogd
Locate line SYSLOGD and edit it as follows:
SYSLOGD="-r"
The option (-r) will enable the facility to receive message from the network using an internet domain socket with the syslog service. The default is to not receive any messages from the network.

Save file and exit to shell prompt. Restart the sysklogd:
# /etc/init.d/sysklogd restart

A note about RHEL / CentOS / Fedora Linux User

If you are using Red Hat or Fedora Linux, edit file /etc/sysconfig/syslog:
# vi /etc/sysconfig/syslog
Make changes:
SYSLOGD="-r"
Restart syslogd:
# service syslog restart

Open UDP port 514

If you are, using iptables based firewall, insert following rule to your iptables script to accept connection from your network:

MYNET=192.168.1.0/24
SLSERVER=192.168.1.100

iptables -A INPUT -p udp -s $MYNET --sport 1024:65535 -d $SLSERVER --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp -s $SLSERVER --sport 514 -d $MYNET --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

192.168.1.100 is IP address of syslogd server. You need to restrict access to syslogd within your network (192.168.1.0/24) only.

Configure the Router to logging message to a centralized loghost

You can open web configuration interface and type IP address of centralized loghost (192.168.1.100) and port 514. Save configuration and reboot router.

Configure Linux or Unix host to logging message to a centralized loghost

You need to open syslog configuration file /etc/syslog.conf:
# vi /etc/syslog.conf
Setup syslogd to send all important message related to auth to loghost IP 192.168.1.100 (or use FQDN if configured)

*.*;auth,authpriv.none          @192.168.1.100

OR

*.*;auth,authpriv.none          @loghost.mydomain.com.

Restart sysklogd (Debian Linux):
# /etc/init.d/sysklogd restart
OR
Restart syslogd under Red Hat/Fedora / CentOS Linux
# service syslog restart
If required open outgoing UDP 514 port from other hosts:

# SYSLOG outgoing client request
iptables -A OUTPUT -p udp -s 192.168.1.100 --sport 1024:65535 -d 192.168.1.5 --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p udp -s 192.168.1.5 --sport 514 -d 192.168.1.100 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Windows NT/2000/XP/Vista Desktop system

You can force your Windows NT/2000/XP desktop to log all messages to a centralized loghost. However, Windows do not have in build system to log message to remote Unix syslogd server. You can use NTsyslog program, which runs as a service under Windows NT based operating systems. It formats all System, Security, and Application events into a single line and sends them to a syslogd host.

Verify that message are logged in to your /var/log/messages# tail -f /var/log/messages
Output:

Feb 16 02:08:01 router  kernel: klogd started: BusyBox v1.00 (2005.09.22-19:11+0000)
Feb 16 02:08:01 router  kernel: Linux version 2.6.8.1 ([email protected]) (gcc version 3.4.2) #1 Thu Sep 22 15:07:47 EDT 2005
Feb 16 02:08:01 router  kernel: Total Flash size: 2048K with 39 sectors
Feb 16 02:08:01 router  kernel: 96338L-2M-8M prom init
Feb 16 02:08:01 router  kernel: CPU revision is: 00029010
Feb 16 02:08:01 router  kernel: Determined physical RAM map:
Feb 16 02:08:01 router  kernel:  memory: 007a0000 @ 0000000
..........
...
......
Feb 16 02:08:01 router  kernel: AdslCoreHwReset: AdslOemDataAddr = 0xA07E504C
Feb 16 02:08:01 router  kernel: ip_tables: (C) 2000-2002 Netfilter core team
Feb 16 02:08:01 router  kernel: ip_conntrack version 2.1 (61 buckets, 0 max) - 368 bytes
Feb 16 02:08:06 router  pppd[224]: pppd 2.4.1 started by admin, uid 0
Feb 16 02:08:07 router  pppd[224]: PPP: Start to connect ...
Feb 16 02:08:10 router  dnsprobe[272]: dnsprobe started!

How to: Linux flush or remove all iptables rules

Posted on in Categories Debian Linux, Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Ubuntu Linux last updated June 20, 2005

Here is a small script that does this. Debian or Ubuntu GNU/Linux does not comes with any SYS V init script (located in /etc/init.d directory). You create a script as follows and use it to stop or flush the iptables rules. Please don’t type rules at the command prompt. Use the script to speed up work.

Warning: All the commands must be executed with root privileges.

Procedure for Debian / Ubuntu Linux (Generic method)

First, create /root/fw.stop script using text editor such as vi:

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
ipt="/sbin/iptables"
## Failsafe - die if /sbin/iptables not found
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt iptables -t raw -F
$ipt -t raw -X

Make sure you can execute the script:
# chmod +x /root/fw.stop

Run the script as root user:
# /root/fw.stop

How do I verify that my firewall rules are flushed out?

Type the following command:
# iptables -L -n -v
Sample outputs:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

A note for RedHat (RHEL), CentOS and friends Linux user

Please note that RedHat Enterprise Linux (RHEL), Fedora and Centos Linux comes with pre-installed rc.d script, which can be used to stop the firewall, enter:
# /etc/init.d/iptables stop
OR
# service iptables stop
Sample outputs:

A note about firewalld on CentOS 7/Fedora (latest)/RedHat Enterprise Linux 7.x+ user

Type the following command to stop and flush all rules:
# systemctl stop firewalld