System Engineering: January 2014

Wednesday, January 29, 2014

Keeping SSH access secure

There are several worms which attempt to exploit vulnerable SSH servers, by logging in to a host with a collection of usernames and passwords such as "admin/admin", "test/test", "root/root", etc. These shouldn't be of much concern if you're keeping good passwords, but there are simple ways to prevent them regardless.

The most obvious way to prevent people connecting to your host is to only allow connections from small number of IP addresses, by the use of a firewall.
If you're currently running a firewall you can add to it to :

Accept incoming SSH connections from a trusted address.
Drop all other connections.

Using the iptables firewall commands you can do this as follows:

# All connectsion from address 1.2.3.4 to SSH (port 22)
iptables -A INPUT -p tcp -m state --state NEW --source 1.2.3.4

--dport 22 -j ACCEPT

# Deny all other SSH connections
iptables -A INPUT -p tcp --dport 22 -j DROP

If you're not running a firewall, or you don't wish to mess with the setup you can look at another way of restricting access. The Debian packages of openSSH are compiled with tcpwrappers support, which means you can specify which hosts are allowed to connect without touching your firewall.

The two important files are:

/etc/hosts.allow
/etc/hosts.deny

The first can contain entries of hosts which are allowed to connect, the second contains addresses which are blocked.

Assuming that you wish to allow the remote addresses 1.2.3.x, and 192.168.0.x to connect but nothing else you would setup the files as follows. Firstly allow access by placing the following inside /etc/hosts.allow:

# /etc/hosts.allow
sshd: 1.2.3.0/255.255.255.0

sshd: 192.168.0.0/255.255.255.0

Then disallow all further access by placing this in /etc/hosts.deny:

# /etc/hosts.deny
sshd: ALL

Finally you can look at the ssh configuration itself, this has several useful security options you can enable.

The ssh server is configured by the file /etc/ssh/sshd_config. If you wish you can restrict remote access to specific users.

For example to only allow "bob" and "chris" to login add the following:

AllowUsers bob chris

With this setting in place (after the server has been restarted with "/etc/init.d/ssh restart") all other users will be unable to connect via SSH even if they login with the correct username and password.

You can also explicitly deny particular users:

DenyUsers badness paula

Probably the most important setting you can change in the sshd_config file is the following:

PermitRootLogin no

With this setting set to "no" remote root logins are denied.

Linux fdisk Command Examples to Manage Hard Disk Partition

On Linux distributions, fdisk is the best tool to manage disk partitions. fdisk is a text based utility.

Using fdisk you can create a new partition, delete an existing partition, or change existing partition.

Using fidsk you are allowed to create a maximum of four primary partition, and any number of logical partitions, based on the size of the disk.

Keep in mind that any single partition requires a minimum size of 40MB.

In this article, let us review how to use fdisk command using practical examples.

Warning: Don’t delete, modify, or add partition, if you don’t know what you are doing. You will lose your data!

1. View All Existing Disk Partitions Using fdisk -l

Before you create a new partition, or modify an existing partition, you might want to view all available partition in the system.

Use fdisk -l to view all available partitions as shown below.

# fdisk -l

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5   *        1960        2661     5638752   83  Linux
/dev/sda6            2662        2904     1951866   83  Linux
/dev/sda7            2905        3147     1951866   83  Linux
/dev/sda8            3148        3264      939771   82  Linux swap / Solaris
/dev/sda9            3265        5283    16217586    b  W95 FAT32

The above will list partitions from all the connected hard disks. When you have more than one disk on the system, the partitions list are ordered by the device’s /dev name. For example, /dev/sda, /dev/sdb, /dev/sdc and so on.

2. View Partitions of a Specific Hard Disk using fdisk -l /dev/sd{a}

To view all partitions of the /dev/sda hard disk, do the following.

# fdisk -l /dev/sda

View all fdisk Commands Using fdisk Command 'm'

Use fdisk command m, to view all available fdisk commands as shown below.

# fdisk  /dev/sda

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

3. Delete a Hard Disk Partition Using fdisk Command 'd'

Let us assume that you like to combine several partitions (for example, /dev/sda6, /dev/sda7 and /dev/sda8) into a single disk partition. To do this, you should first delete all those individual partitions, as shown below.

# fdisk /dev/sda                                                 

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)                               

Command (m for help): p

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5   *        1960        2661     5638752   83  Linux
/dev/sda6            2662        2904     1951866   83  Linux
/dev/sda7            2905        3147     1951866   83  Linux
/dev/sda8            3148        3264      939771   82  Linux swap / Solaris
/dev/sda9            3265        5283    16217586    b  W95 FAT32

Command (m for help): d
Partition number (1-9): 8

Command (m for help): d
Partition number (1-8): 7

Command (m for help): d
Partition number (1-7): 6

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

4. Create a New Disk Partition with Specific Size Using fdisk Command 'n'

Once you’ve deleted all the existing partitions, you can create a new partition using all available space as shown below.

# fdisk  /dev/sda

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): n
First cylinder (2662-5283, default 2662):
Using default value 2662
Last cylinder, +cylinders or +size{K,M,G} (2662-3264, default 3264):
Using default value 3264

In the above example, fdisk n command is used to create new partition with the specific size. While creating a new partition, it expects following two inputs.

Starting cylinder number of the partition to be create (First cylinder).
Size of the partition (or) the last cylinder number (Last cylinder, +cylinders or +size ).

Please keep in mind that you should issue the fdisk write command (w) after any modifications.

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

5. View the Size of an existing Partition Using fdisk -s

As shown below, fdisk -s displays the size of the partition in blocks.

# fdisk -s /dev/sda7
4843566

The above output corresponds to about 4900MB.

6. Toggle the Boot Flag of a Partition Using fdisk Command a

fdisk command displays the boot flag of each partition. When you want to disable or enable the boot flag on the corresponding partition, do the following.
If you don’t know why are you are doing this, you’ll mess-up your system.

# fdisk /dev/sda

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)                               

Command (m for help): p

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5   *        1960        2661     5638752   83  Linux
/dev/sda6            3265        5283    16217586    b  W95 FAT32
/dev/sda7            2662        3264     4843566   83  Linux

Partition table entries are not in disk order

Command (m for help): a
Partition number (1-7): 5

Command (m for help): p

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5            1960        2661     5638752   83  Linux
/dev/sda6            3265        5283    16217586    b  W95 FAT32
/dev/sda7            2662        3264     4843566   83  Linux

Partition table entries are not in disk order

Command (m for help):

As seen above, the boot flag is disabled on the partition /dev/sda5.

7. Fix Partition Table Order Using fdisk Expert Command 'f'

When you delete a logical partition, and recreate it again, you might see the “partition out of order” issue. i.e “Partition table entries are not in disk order” error message.

For example, when you delete three logical partitions (sda6, sda7 and sda8), and create a new partition, you might expect the new partition name to be sda6. But, the system might’ve created the new partition as sda7. This is because, after the partitions are deleted, sda9 partition has been moved as sda6 and the free space is moved to the end.

To fix this partition order issue, and assign sda6 to the newly created partition, execute the expert command f as shown below.

$ fdisk  /dev/sda

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)                               

Command (m for help): p

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed                     

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5   *        1960        2661     5638752   83  Linux
/dev/sda6            3265        5283    16217586    b  W95 FAT32
/dev/sda7            2662        3264     4843566   83  Linux          

Partition table entries are not in disk order

Command (m for help): x

Expert command (m for help): f
Done.

Expert command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Once the partition table order is fixed, you’ll not get the “Partition table entries are not in disk order” error message anymore.

# fdisk -l

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xf6edf6ed

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1959    15735636    c  W95 FAT32 (LBA)
/dev/sda2            1960        5283    26700030    f  W95 Ext'd (LBA)
/dev/sda3            5284        6528    10000462+   7  HPFS/NTFS
/dev/sda4            6529        9729    25712032+   c  W95 FAT32 (LBA)
/dev/sda5   *        1960        2661     5638752   83  Linux
/dev/sda6            2662        3264     4843566   83  Linux
/dev/sda7            3265        5283    16217586    b  W95 FAT32

8. Format the Partitions Using mkfs Command

After the partition is created, format it using the mkfs command as shown below.

         #mkfs.ext4 /dev/sda5

9. Mount the Partitions Using mount Command

After the partition is formated then it can be mounted using the mount command as shown below.

Create the mount point.
# mkdir <mount_point>

         #mkdir /test1

Mount the mount point.

         #mount /dev/sda5 /test1

10. Add the Partition entry to the '/etc/fstab' file

Add the partition entry to the “/etc/fstab” file

        /dev/sda5        /test1      ext4    default     0    0

Sunday, January 26, 2014

TCPDUMP (Packet Analyzer) Command Examples

tcpdump command is also called as packet analyzer. tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command.

We can also use open source software like wireshark to read the tcpdump pcap files. In this tcpdump tutorial.

let us discuss some practical examples on how to use the tcpdump command.

1. Capture packets from a particular ethernet interface using tcpdump -i

When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular ethernet interface.

$ tcpdump -i eth1

14:59:26.608728 IP xx.domain.netbcp.net.52497 > valh4.lell.net.ssh:

 . ack 540 win 16554
14:59:26.610602 IP resolver.lell.net.domain > valh4.lell.net.24151:

 4278 1/0/0 (73)
14:59:26.611262 IP valh4.lell.net.38527 > resolver.lell.net.domain:

 26364+ PTR? 244.207.104.10.in-addr.arpa. (45)

In this example, tcpdump captured all the packets flows in the interface eth1 and displays in the standard output.

Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format.

2. Capture only N number of packets using tcpdump -c

When you execute tcpdump command it gives packets until you cancel the tcpdump command. Using -c option you can specify the number of packets to capture.

$ tcpdump -c 2 -i eth0

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:38:38.184913 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006:

 P 1457255642:1457255758(116) ack 1561463966 win 63652
14:38:38.690919 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006:

 P 116:232(116) ack 1 win 63652
2 packets captured
13 packets received by filter
0 packets dropped by kernel

The above tcpdump command captured only 2 packets from interface eth0.

Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with wireshark network analyzer distribution.

3. Display Captured Packets in ASCII using tcpdump -A

The following tcpdump syntax prints the packet in ASCII.

$ tcpdump -A -i eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:34:50.913995 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006:

P 1457239478:1457239594(116) ack 1561461262 win 63652
E.....@.@..]..i...9...*.V...]...P....h....E...>{..U=...g.
......G..7\+KA....A...L.
14:34:51.423640 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006:

 P 116:232(116) ack 1 win 63652
E.....@.@..\..i...9...*.V..*]...P....h....7......X..!....Im.S.g.u:*..O&....^#Ba...
E..(R.@.|.....9...i.*...]...V..*P..OWp........

Note: Ifconfig command is used to configure network interfaces

4. Display Captured Packets in HEX and ASCII using tcpdump -XX

Some users might want to analyse the packets in hex values. tcpdump provides a way to print packets in both ASCII and HEX format.

$tcpdump -XX -i eth0

18:52:54.859697 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 232 win 16511
        0x0000:  0050 569c 35a3 0019 bb1c 0c00 0800 4500  .PV.5.........E.
        0x0010:  0028 042a 4000 7906 c89c 10b5 aaf6 0f9a  .(.*@.y.........
        0x0020:  69c4 f999 0016 57db 6e08 c712 ea2e 5010  i.....W.n.....P.
        0x0030:  407f c976 0000 0000 0000 0000            @..v........
18:52:54.877713 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]
        0x0000:  0050 569c 35a3 0000 0000 0000 0800 4600  .PV.5.........F.
        0x0010:  0024 0000 0000 0102 3ad3 0a00 0000 e000  .$......:.......
        0x0020:  0001 9404 0000 1101 ebfe 0000 0000 0300  ................
        0x0030:  0000 0000 0000 0000 0000 0000            ............

5. Capture the packets and write into a file using tcpdump -w

tcpdump allows you to save the packets to a file, and later you can use the packet file for further analysis.

$ tcpdump -w 08232010.pcap -i eth0

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
32 packets captured
32 packets received by filter
0 packets dropped by kernel

-w option writes the packets into a given file. The file extension should be .pcap, which can be read by any network protocol
analyzer.

6. Reading the packets from a saved file using tcpdump -r

You can read the captured pcap file and view the packets for analysis, as shown below.

$tcpdump -tttt -r data.pcap

2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) >

Broadcast, ethertype Unknown (0xcafe), length 74:
        0x0000:  0200 000a ffff 0000 ffff 0c00 3c00 0000  ............<...
        0x0010:  0000 0000 0100 0080 3e9e 2900 0000 0000  ........>.).....
        0x0020:  0000 0000 ffff ffff ad00 996b 0600 0050  ...........k...P
        0x0030:  569c 6938 0000 0000 8e07 0000            V.i8........
2010-08-22 21:35:26.571797 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570:

 P 800464396:800464448(52) ack 203316566 win 71
2010-08-22 21:35:26.571800 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570:

P 52:168(116) ack 1 win 71
2010-08-22 21:35:26.584865 IP valh5.lell.net.ssh > 11.154.12.255.netbios-ns:

NBT UDP PACKET(137): QUERY; REQUEST; BROADC

7. Capture packets with IP address using tcpdump -n

In all the above examples, it prints packets with the DNS address, but not the ip address. The following example captures the packets and it will display the IP address of the machines involved.

$ tcpdump -n -i eth0

15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh:

 P 105:157(52) ack 18060 win 16549
15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497:

 P 23988:24136(148) ack 157 win 113
15:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497:

 P 24136:24380(244) ack 157 win 113

8. Capture packets with proper readable timestamp using tcpdump -tttt

$ tcpdump -n -tttt -i eth0

2010-08-22 15:10:39.162830 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 49800 win 16390
2010-08-22 15:10:39.162833 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50288 win 16660
2010-08-22 15:10:39.162867 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50584 win 16586

9. Read packets longer than N bytes

You can receive only the packets greater than n number of bytes using a filter ‘greater’ through tcpdump command

$ tcpdump -w g_1024.pcap greater 1024

10. Receive only the packets of a specific protocol type

You can receive the packets based on the protocol type. You can specify one of these protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example captures only arp packets flowing through the eth0 interface.

$ tcpdump -i eth0 arp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:41:52.809642 arp who-has valh5.lell.net tell valh9.lell.net
19:41:52.863689 arp who-has 11.154.12.1 tell valh6.lell.net
19:41:53.024769 arp who-has 11.154.12.1 tell valh7.lell.net

11. Read packets lesser than N bytes

You can receive only the packets lesser than n number of bytes using a filter ‘less’ through tcpdump command

$ tcpdump -w l_1024.pcap  less 1024

12. Receive packets flows on a particular port using tcpdump port

If you want to know all the packets received by a particular port on a machine, you can use tcpdump command as shown below.

$ tcpdump -i eth0 port 22

19:44:44.934459 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897:

 P 18932:19096(164) ack 105 win 71
19:44:44.934533 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897:

 P 19096:19260(164) ack 105 win 71
19:44:44.934612 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897:

 P 19260:19424(164) ack 105 win 71

13. Capture packets for particular destination IP and Port

The packets will have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. The following command captures packets flows in eth0, with a particular destination ip and port number 22.

$ tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22

14. Capture TCP communication packets between two hosts

If two different process from two different machines are communicating through tcp protocol, we can capture those packets using tcpdump as shown below.

$tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22

You can open the file comm.pcap using any network protocol analyzer tool to debug any potential issues.

15. tcpdump Filter Packets – Capture all the packets other than arp and rarp

In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets accordingly.

$ tcpdump -i eth0 not arp and not rarp

20:33:15.479278 IP resolver.lell.net.domain > valh4.lell.net.64639:  26929 1/0/0 (73)
20:33:15.479890 IP valh4.lell.net.16053 > resolver.lell.net.domain:  56556+ PTR? 255.107.154.15.in-addr.arpa. (45)
20:33:15.480197 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 540:1504(964) ack 1 win 96
20:33:15.487118 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 540 win 16486
20:33:15.668599 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]

Thursday, January 23, 2014

Linux route Add Command Examples

I am a new Linux user. How do I add a new or default gateway using route command on Linux operating systems? How can I use route command to show or set a new route on Linux based server or desktop system?

You can use any one of the following tool to add, display, delete Linux kernel routing table:

(a) route command : show / manipulate the IP routing table on Linux.
(b) ip command : show / manipulate routing, devices, policy routing and tunnels on Linux.

Display your current routing table

Open the Terminal or login to server using ssh/console. Type the following command to display routing table:

# route

OR

# route -n

Sample outputs:

Fig.01: Display routing table using route command

# ip route show

OR

# ip route list

Sample outputs:

Fig.02: ip command in action

Linux add a default route using `route` command

Route all traffic via 192.168.1.254 gateway connected via eth0 network interface:

# route add default gw 192.168.1.254 eth0

Linux add a default gateway (route) using `ip` command

Route all traffic via 192.168.1.254 gateway connected via eth0 network interface:

# ip route add 192.168.1.0/24 dev eth0

Verify newly added route ip in the Linux kernel routing table

To verify new routing table, enter:

# ip route list

OR

# route -n

Verify new route

Use the ping command to verify connectivity to your router or external network:

# ping your-router-ip-here
 # ping your-ISPs-Gateway-ip-here
 # ping 192.168.1.254
 # ping www.cyberciti.biz

How do I make routing changes persistent across reboots?

To make route entry persistent in the Linux kernel routing table, you need to modify config file as per your Linux distributions.

RHEL/CentOS/Fedora/Scientific Linux persistent routing configuration

Edit /etc/sysconfig/network and set default gateway IP address:

# vi /etc/sysconfig/network

Sample outputs:

 
GATEWAY=192.168.1.254

You can add additional static route for eth0 by editing /etc/sysconfig/network-scripts/route-eth0 file as follows:

10.0.0.0/8 via 10.10.29.65

The above config sets static routing for network 10.0.0.0/8 via 10.9.38.65 router.

Debian / Ubuntu Linux persistence static routing configuration

Edit /etc/network/interfaces file, enter:

# vi /etc/network/interfaces

Append the following in eth0 section:

up route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254
down route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254

Save and close the file.

Generic method to add persistent static routing on Linux

The following method works with almost all Linux distributions.

Edit /etc/rc.d/rc.local or /etc/rc.local, enter

# vi /etc/rc.local

Append the following line:

/sbin/ip route add 192.168.1.0/24 dev eth0

Save and close the file.

Usage of grep Command In Linux / UNIX

How do I use grep command on Linux, Apple OS X, and Unix-like operating systems? Can you give me a simple examples of the grep command?

The grep command is used to search text or searches the given file for lines containing a match to the given strings or words. By default, grep displays the matching lines. Use grep to search for lines of text that match one or many regular expressions, and outputs only the matching lines. grep is considered as one of the most useful commands on Unix and other Linux operating systems.

Did you know?

The name, "grep", derives from the command used to perform a similar operation, using the Unix/Linux text editor ed:
g/re/p

The grep command syntax

The syntax is as follows:

 
grep 'word' filename
grep 'word' file1 file2 file3
grep 'string1 string2'  filename
cat otherfile | grep 'something'
command | grep 'something'
command option1 | grep 'data'
grep --color 'data' fileName

How do I use grep command to search a file?

Search /etc/passwd file for boo user, enter:

$ grep boo /etc/passwd

Sample outputs:

foo:x:1000:1000:foo,,,:/home/foo:/bin/ksh

You can force grep to ignore word case i.e match boo, Boo, BOO and all other combination with the -i option:

$ grep -i "boo" /etc/passwd

Use grep recursively

You can search recursively i.e. read all files under each directory for a string "192.168.1.5"

$ grep -r "192.168.1.5" /etc/

OR

$ grep -R "192.168.1.5" /etc/

Sample outputs:

/etc/ppp/options:# ms-wins 192.168.1.50
/etc/ppp/options:# ms-wins 192.168.1.51
/etc/NetworkManager/system-connections/Wired connection 1:addresses1=192.168.1.5;24;192.168.1.2;

You will see result for 192.168.1.5 on a separate line preceded by the name of the file (such as /etc/ppp/options) in which it was found. The inclusion of the file names in the output data can be suppressed by using the -h option as follows:

$ grep -h -R "192.168.1.5" /etc/

OR

$ grep -hR "192.168.1.5" /etc/

Sample outputs:

# ms-wins 192.168.1.50
# ms-wins 192.168.1.51
addresses1=192.168.1.5;24;192.168.1.2;

Use grep to search words only

When you search for boo, grep will match fooboo, boo123, barfoo35 and more. You can force the grep command to select only those lines containing matches that form whole words i.e. match only boo word:

$ grep -w "boo" file

Use grep to search 2 different words

Use the egrep command as follows:

$ egrep -w 'word1|word2' /path/to/file

Count line when words has been matched

The grep can report the number of times that the pattern has been matched for each file using -c (count) option:

$ grep -c 'word' /path/to/file

Pass the -n option to precede each line of output with the number of the line in the text file from which it was obtained:

$ grep -n 'root' /etc/passwd

Sample outputs:

1:root:x:0:0:root:/root:/bin/bash
1042:rootdoor:x:0:0:rootdoor:/home/rootdoor:/bin/csh
3319:initrootapp:x:0:0:initrootapp:/home/initroot:/bin/ksh

Grep invert match

You can use -v option to print inverts the match; that is, it matches only those lines that do not contain the given word. For example print all line that do not contain the word bar:

$ grep -v bar /path/to/file

UNIX / Linux pipes and grep command

grep command often used with shell pipes. In this example, show the name of the hard disk devices:

# dmesg | egrep '(s|h)d[a-z]'

Display cpu model name:

# cat /proc/cpuinfo | grep -i 'Model'

However, above command can be also used as follows without shell pipe:

# grep -i 'Model' /proc/cpuinfo

Sample outputs:

model  : 30
model name : Intel(R) Core(TM) i7 CPU       Q 820  @ 1.73GHz
model  : 30
model name : Intel(R) Core(TM) i7 CPU       Q 820  @ 1.73GHz

How do I list just the names of matching files?

Use the -l option to list file name whose contents mention main():

$ grep -l 'main' *.c

Finally, you can force grep to display output in colors, enter:

$ grep --color vivek /etc/passwd
Sample outputs:

If you enjoyed the grep tutorial, then you would share this tutorial in a proper manner.

Create a permanent virtual IP address in Linux [ permanently ]

In this post, we can see how to create a virtual IP address, based on an existing network interface (permanently).

In Linux you simply create a new, virtual interface in the interfaces file.

1	vi /etc/network/interfaces

And add a network interface, based on an existing interface. The below example is a virtual IP based on eth0 – note if this is your second virtual IP you would use eth0:2, and so on.

auto eth0

iface eth0 inet static

address 192.168.0.211

netmask 255.255.255.0

network 192.168.0.0

broadcast 192.168.0.255

You will need to change the IP addresses to match your network. Notice there is no gateway – usually you can only have one gateway per machine.
Restart networking for the changes to take effect.

Create a Virtual IP Address in Linux [ temporary ]

This post will detail how to set ip a virtual IP address and assign an interface to handle the traffic in the Linux OS. This may not work for all Linux distros but it should be accurate for most.

Run the ifconfig command to see what interfaces are available.

ifconfig

Run the ifconfig command again, however this time create a Virtual IP using the following syntax.

1	ifconfig [INTERFACE] [IP_ADDRESS] netmask [NETMASK]

Example:

1	ifconfig eth0 192.168.0.211 netmask 255.255.255.0

Substitute INTERFACE = the interface which this VIP will be based on, IP_ADDRESS = the new VIP IP address (note: this must exist) and NETMASK = the netmask of the new VIP.
Update the routing table using arping.

1	arping -q -U -c 3 -I [INTERFACE] [VIP_IP_ADDRESS]

Example:

1	arping -q -U -c 3 -I eth0 192.168.0.211

Substitute INTERFACE with the interface to bind this VIP to and VIP_IP_ADDRESS to the VIP IP address which was assigned in the above ifconfig statement.

Note: changes made will be lost when the machine is rebooted.

CentOS 6.3 Step by Step Installation Guide with Screenshots

This post will guide you a step-by-step installation of Community ENTerprise Operating System 6.3 (CentOS) with screenshots. Less than three weeks after the release of Red Hat Enterprise Linux (RHEL) 6.3. The CentOS Project has released its clone of RHEL 6.3 distribution on 09 July 2012.

CentOS 6.3 Features

CentOS Linux Distribution contains some new exciting features like.

OpenOffice 3.2 has been replaced by LibreOffice 3.4, if you update from previous version of CentOS 6 using ‘yum update’ and have openoffice installed, the update will automatically remove openoffice and install libreoffice.
Many drivers have been updated and improved in virtulisation.
Upstream has deprecated the Matahari API for operating system management has been deprecated, and there’s new tools for moving physical and virtual machines into Virtual KVM machine instances. These new tools from Red Hat are virt-p2v and virt-v2v for physical-to-virtual and virtual-to-virtual migration, respectively.

Download CentOS 6.3 DVD ISO

Download CentOS 6.3 32-bit DVD ISO – (3.6 GB)
Download CentOS 6.3 64-bit DVD ISO – (4.0 GB)
Download both 32-bit and 64-bit DVD ISO.

CentOS 6.3 Step by Step Graphical Installation Guide

Boot Computer with CentOS 6.3 OS Installation CD/DVD.

1. Select Install or Upgrade existing system options.

Select Install or Upgrade

2. Choose skip media test as it may take long time to check media.

Skip CentOS 6.3 Media Test

3. CentOS 6.3 Welcome Screen press Next.

CentOS 6.3 Welcome Screen

4. Language Selection.

CentOS 6.3 Language Selection

5. Select appropriate Keyboard.

CentOS 6.3 Keyboard Selection

6. Select Basic Storage Device if your hard drive is attached locally.

CentOS 6.3 Storage Device Selection

7. You may get Storage Device warning, you can click Yes, discard any data button to Continue.

CentOS 6.3 Storage Device Warning

8. Give a Hostname to the server and click on Configure Network button if you want to configure network while installation.

CentOS 6.3 Hostname and Network Setup

9. Click Wired tab and click on Add button.

CentOS 6.3 Network Setup

10. Select Connect Automatically, go to ipv4 settings tab and select Method and select Manual in drop down. Click on Add tab to fill address box with IP Address, Netmask, Gateway and DNS Server. Here I’m using IP Address 192.168.1.6 and DNS Server is 4.2.2.2 for demo. This IP Address may vary in your environment.

CentOS 6.3 Network Configuration

11. Select Time Zone.

CentOS 6.3 Set Timezone

12. Give a root password.

CentOS 6.3 root Password

13. Select appropriate partitioning as per your requirement.

CentOS 6.3 Partition Selection

14. Verify filesystem. Here, you can edit filesystem If you want.

CentOS 6.3 Partition Verify

15. Disk Format Warning, click on Format.

CentOS 6.3 Disk Format

16. Select Write Changes to disk.

CentOS 6.3 Disk Changes

17. Hard Drive is Formatting.

CentOS 6.3 Disk Formatting

18. Here, you can give Boot loader Password for better security.

CentOS 6.3 Boot Loader Password

19. Select the applications you want to install, you can choose Customize now and click Next.

CentOS 6.3 Package Selection

20. Select the applications you want to install and click Next.

CentOS 6.3 Packages Selection

21. Installation started, this may take several minutes as per selection of packages.

CentOS 6.3 Installation

22. Installation completed, Please remove CD/DVD and reboot system.

CentOS 6.3 Installation Completes

23. Welcome to CentOS 6.3 Login Screen.

CentOS 6.3 Login Screen

24. CentOS 6.3 Desktop Screen.

CentOS 6.3 Desktop Screen

Liked the article? Sharing is the best way to say thank you!

Red Hat Enterprise Linux (RHEL) 6 Installation Guide with Screenshots

This is the article which will guide you step-by-step installation of Red Hat Enterprise Linux 6 (Santiago) with screenshots. Current stable version is 6.3 (mirror update 3). Red Hat Enterprise Linux is one of the best and stable Linux Operating systems.

RHEL 6 Installation Guide

Red Hat Enterprise Linux is a Linux-based operating system developed by Red Hat and targeted the commercial market.

The Red Hat Enterprise Linux 6 is available on the following architectures:

Red Hat Enterprise Linux is released in server versions for x86, x86-64 for Itanium, PowerPC and IBM System z, and Desktop versions. Download center for RHEL 6 DVD/CD from https://access.redhat.com/downloads.
There are numbers of new technology and features are added; some of the important features are listed below:

Ext4 a default filesystem, and the optional XFS filesystem.
XEN is replaced by KVM (Kernel based Virtualization). However, XEN is supported till RHEL 5 life cycle.
Supported future ready Filesystem called Btrfs pronounced “Better F S”.
Upstart event driven which contains scripts that are only activated when they are needed. With Upstart, RHEL 6 has adopted a new and much faster alternative for the old System V boot procedure.

There are number of installation types such as unattended installation called Kickstart, and Text-based Installer, I’ve used Graphical Installer. And I have installed it on my testing environment. Please choose packages during installation as per your need. So, let’s get started. Boot Computer Using Red Hat 6 Installation CD/DVD.