# Clear any existing firewall stuff before we start
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
# As the default policies, drop all incoming traffic but allow all
# outgoing traffic. This will allow us to make outgoing connections
# from any port, but will only allow incoming connections on the ports
# specified below.
iptables --policy INPUT DROP
iptables --policy OUTPUT ACCEPT
# Allow all incoming traffic if it is coming from the local loopback device
iptables -A INPUT -i lo -j ACCEPT
# Accept all incoming traffic associated with an established
# connection, or a "related" connection
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow incoming connections
# SSH
iptables -A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -j ACCEPT
# HTTP
iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j ACCEPT
# HTTPS
iptables -A INPUT -p tcp -i eth0 --dport 443 -m state --state NEW -j ACCEPT
# Allow icmp input so that people can ping us
iptables -A INPUT -p icmp -j ACCEPT
# Reject all other incoming packets
iptables -A INPUT -j REJECT
How can I force fsck on next boot
You can force an automatic full check by changing the check interval using tune2fs (-c and/or -i).
-c max-mount-counts
Adjust the number of mounts after which the filesystem will be checked by e2fsck(8). If max-mount-counts is 0 or -1, the number of times the filesystem is mounted will be disregarded by e2fsck(8) and the kernel.
-i interval-between-checks[d|m|w]
Adjust the maximal time between two filesystem checks. No postfix or d result in days, m in months, and w in weeks. A value of zero will disable the time-dependent checking.
It is strongly recommended that either -c (mount-count-dependent) or -i (time-dependent) checking be enabled to force periodic full e2fsck(8) checking of the filesystem.
# tune2fs -c 1 /dev/hda2
The above command would tell the init scripts to run fsck on hda2 at every boot.
# tune2fs -i 1d /dev/hda2
The above command would tell the init scripts to run fsck on hda2 after 1 day.
If you only want to run fsck on the next boot, please execute the following as the root user.
# cd /
# touch forcefsck
This will only run the file system check on the next reboot. By touching the file “forcefsck” in the / directory, it will force the system to perform a full file system check.
The file “forcefsck” will be deleted automatically after fsck is finished.
Installing the PEAR package manager and Checking if PEAR works
When using PHP >= 4.3.0, the PEAR Package Manager is already installed unless one has used the ./configure option –without-pear.
Verifying command line tool
Both pear and pecl tools should be available everywhere on command line. For that to work, pear’s binary (bin) directory should be in your PATH variable.
# apt-cache search php-pear
php-xml-util – a XML utility for php-pear
php-pear – PEAR – PHP Extension and Application Repository
To verify it works, simply type pear. A list of commands should be shown:
root@laptop:~# pear
Commands:
build Build an Extension From C Source
bundle Unpacks a Pecl Package
channel-add Add a Channel
You should further test that PEAR is up to date:
root@laptop:~# pear version
PEAR Version: 1.7.1
PHP Version: 5.2.6-3ubuntu4.5
Zend Engine Version: 2.2.0
Options for downloading PECL extensions
There are several options for downloading PECL extensions, such as:
The pecl install extname command downloads the extensions code automatically, so in this case there is no need for a separate download.
http://pecl.php.net/ The PECL web site contains information about the different extensions that are offered by the PHP Development Team. The information available here includes: ChangeLog, release notes, requirements and other similar details.
pecl download extname PECL extensions that have releases listed on the PECL web site are available for download and installation using the » pecl command. Specific revisions may also be specified.
SVN Most PECL extensions also reside in SVN. A web-based view may be seen at » http://svn.php.net/viewvc/pecl/. To download straight from SVN, the following sequence of commands may be used:
$ svn checkout http://svn.php.net/repository/pecl/extname/trunk extname
You should set post_max_size to double what you set upload_max_filesize to. This means you can upload 2 files of your maximum limit for each POST and seems like a good middle ground.
The memory_limit directive should also be set above the value of post_max_size so your server can handle the uploads.
There are 2 ways you can set this directive:
For php.ini
Edit php.ini and modify these directives:
upload_max_filesize = 128M
post_max_size = 256M
.htaccess
Edit .htaccess
php_value upload_max_filesize 128M
php_value post_max_size 256M
PECL upload progress extension
Download from – http://pecl.php.net/package/uploadprogress
http://pecl.php.net/get/uploadprogress-1.0.1.tgz
Extract the uploadprogress-1.0.1.tgz archive
$ phpize
$ ./configure
$ make
$ sudo make install
Add the extension to php.ini by adding this line extension=uploadprogress.so
Restart apache
/etc/init.d/httpd restart
Mounting an NTFS filesystem
Suppose your ntfs filesystem is /dev/sda1 and you are going to mount it on /mymnt/win, do the following.
First, create a mount point.
mkdir /mymnt/win
Next, edit /etc/fstab as follows. To mount read-only:
/dev/sda1 /mymnt/win ntfs-3g ro,umask=0222,defaults 0 0
To mount read-write:
/dev/sda1 /mymnt/win ntfs-3g rw,umask=0000,defaults 0 0
You can now mount it by running:
mount /mymnt/win
Reference : http://wiki.centos.org/TipsAndTricks/NTFS
nagios sample object config file for monitoring machines.
First you need to have the
Host definition — > Host group definition [here we add the hosts for this group]–>and then the Service Definition
Example: for Service Definition
# Define a service to check the disk space of the root partition
# on the local machine. Warning if < 20% free, critical if # < 10% free space on partition.
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Root Partition
check_command check_local_disk!20%!10%!/
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service{
use local-service ; Name of service template to use
host_name serversignature.com
service_description HTTP
check_command check_http
}
nagios configuration files
root@jyothis:/usr/local/nagios/etc# ls -l
total 68
-rw-rw-r-- 1 nagios nagios 10699 Mar 22 2009 cgi.cfg
-rw-r--r-- 1 root root 26 Mar 22 2009 htpasswd.users
-rw-rw-r-- 1 nagios nagios 42730 Mar 22 2009 nagios.cfg
drwxrwxr-x 2 nagios nagios 4096 Nov 27 13:19 objects
-rw-rw---- 1 nagios nagios 1340 Mar 22 2009 resource.cfg
:/usr/local/nagios/etc# cd objects/
:/usr/local/nagios/etc/objects# ls -l
total 48
-rw-rw-r-- 1 nagios nagios 7722 Mar 22 2009 commands.cfg
-rw-rw-r-- 1 nagios nagios 2166 Mar 22 2009 contacts.cfg
-rw-rw-r-- 1 nagios nagios 6264 Mar 22 2009 localhost.cfg
-rw-rw-r-- 1 nagios nagios 3124 Mar 22 2009 printer.cfg
-rw-rw-r-- 1 nagios nagios 3293 Mar 22 2009 switch.cfg
-rw-rw-r-- 1 nagios nagios 10812 Mar 22 2009 templates.cfg
-rw-rw-r-- 1 nagios nagios 3209 Mar 22 2009 timeperiods.cfg
-rw-rw-r-- 1 nagios nagios 4007 Mar 22 2009 windows.cfg
root@jyothis:/usr/local/nagios/etc/objects#
Verify the sample Nagios configuration files.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/usr/local/nagios/bin#
./nagios -v /usr/local/nagios/etc/nagios.cfg
Nagios 3.0.6
Copyright (c) 1999-2008 Ethan Galstad (http://www.nagios.org)
Last Modified: 12-01-2008
License: GPL
Reading configuration data...
Running pre-flight check on configuration data...
Checking services...
Checked 9 services.
Checking hosts...
Checked 2 hosts.
Checking host groups...
Checked 1 host groups.
Checking service groups...
Checked 0 service groups.
Checking contacts...
Checked 1 contacts.
Checking contact groups...
Checked 1 contact groups.
Checking service escalations...
Checked 0 service escalations.
Checking service dependencies...
Checked 0 service dependencies.
Checking host escalations...
Checked 0 host escalations.
Checking host dependencies...
Checked 0 host dependencies.
Checking commands...
Checked 24 commands.
Checking time periods...
Checked 5 time periods.
Checking for circular paths between hosts...
Checking for circular host and service dependencies...
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check