Friday, October 30, 2009

vi commands for solaris

Restrict ssh/ftp user from leaving the home directory - Or grant access to specific directory

This script is tested from Bash and Ksh shell.
Edit the user .profile and add the following lines.
################################
typeset -xf _cd
function _cd
{
\cd $*
if grep "${PWD}" /.approved_dirs > /dev/null 2>&1; then
return
fi
\cd $OLDPWD
return
}
alias cd=_cd
####################################
This script will check if the user is trying to do a cd to any other folder other than listed in .approved_dirs. If its listed, it will allow the user to cd to the folder else it will drop the uesr to his old pwd directory. Which is his home directory.
To restrict the user from editing his .profile or .approved_dirs change the permission to 644 for the files.
Pitfall: If the user uses "alias cd=cd" then the above script will not work. Or if th user changes the default shell, the settings will fail. Preferably can be used for sftp user.
This document is picked from the link below - Many thanks to the contributor - I am placing it here so that its easily accessible to me and others refereing my blog for help.

Thursday, October 22, 2009

Wednesday, October 07, 2009

Perl script to create a Exchange Enabled contact on AD

#!/usr/bin/perl

use Net::LDAP;

$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);

## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'xxxxxxx') or die("failed $!; ".$b->error);

$result = $Ad->add( 'cn=Thomas T,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Thomas T',
'sn' => 'Thomas',
'mail' => 'thomas@sogolab.com',
'targetAddress' => 'SMTP:sam@kmail.com',
'mAPIRecipient' => 'FALSE',
'mailNickname' => 'Thomas',
'internetEncoding' => '1310720',
'objectclass' => ['top','person','organizationalPerson','contact' ]]

);

$result->code && warn "failed to add entry: ", $result->error ;

Monday, October 05, 2009

Perl script to create AD User from Unix Server

#!/usr/bin/perl

use Net::LDAP;

$Ad = Net::LDAP->new("sogolab.com", version => 3, port => 389) or die("failed $!");
print "Failed connecting" if(!$Ad);

## bind as an admin or someone who has privileges to create an user
$b = $Ad->bind(dn => 'CN=Administrator,CN=Users,DC=sogolab,DC=com', password => 'XSSSXXX') or die("failed $!; ".$b->error);

$result = $Ad->add( 'cn=Ratish Kumar,cn=Users,DC=sogolab,DC=com',
attr => [
'cn' => 'Ratish Kumar',
'sn' => 'Ratish',
'mail' => 'ratish@kmail.com',
'sAMAccountName' => 'ratish',
'userAccountControl' => '544',
'objectclass' => ['top', 'person','organizationalPerson','user' ]]
);

$result->code && warn "failed to add entry: ", $result->error ;

Thursday, September 24, 2009

Change vsftpd anonymous login default directory

The default anonymous login directory is /var/ftp/
To change the default from /var/ftp to any other directory (say /data)
edit /etc/vsftpd/vsftpd.conf file add entry.
local_root=/data
save the file and restart the vsftpd services using command
services vsftpd restart.

Change the default ftp user account home folder to point to the new location.
before change ftp account info in /etc/passwd file
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
chmod -d /data ftp # To change the home directory for ftp user.
ftp:x:14:50:FTP User:/data:/sbin/nologin
Now when you login as anonymous user, the login directory will be /data.

Saturday, July 04, 2009

http check parameters.

httpd -t - will check the configuration syntax of the http.conf file. - Recommended after any changes to the http.conf file.

httpd -S - Will check and report the virutal machine configuration information.

httpd -l - will list the compiled modules during the installation.

httpd -M - Will show the loaded modules in apache.

httpd -v - Will show the running apache version

httpd -V - will show the exhaustive information about the apache server built.

Monday, June 01, 2009

set http/ftp proxy - Cmd line

For Windows:set http_proxy=http://proxy.example.com:8080
For Linux/Unix:export http_proxy=
http://proxy.example.com:8080
export ftp_proxy=http://proxy.example.com:8080
export http_proxy="http://username:password@proxy.example.com:8080"
–proxy=on
–proxy=off

Thursday, May 07, 2009

Command to collect the HBA details on SUN

On Solaris 9 Use the following commands to collect info.
luxadm -e port
cfgadm -al
prtdiag -v
prtconf -pv grep -i wwn

Solaris 10 Use command.
fcinfo hba-port

Thursday, April 30, 2009

Send Mail from CronJob result mail to users other than root

Mailing Cronjob results to a other users other than root.
0 1 * * 1-6 /location of script mutt -s "Daily Webex Report" email1@email.com,email2@email.com 2>&1

Friday, April 17, 2009

Automatic SFTP to server to get files - Using Expect

#!/usr/bin/expect
set DAY [exec date +%Y-%m-%d]
set timeout -1
spawn /usr/bin/sftp retheesh@3.212.44.46
#spawn sftp retheesh@3.212.44.46
expect "password:";
send "1\r";expect "
sftp>"send "lcd /home/retheesh/sftp/\r"
expect "sftp>"send "cd /home/retheesh/destination/\r"
expect "sftp>"send "mget *$DAY*.csv\r"
expect "sftp>"send "bye\r"
interact

ftp using Shell Script
#!/usr/bin/sh
#DAY=`date +%Y%m%d`
ftp -v -n "3.xxx.xxx.xxx" << cmd
user "anonymous" "test@test.com"
cd retheesh
lcd /root/Ironport/
bin
hash
get filename
quit

Monday, April 13, 2009

Monitor your server using customise OID.
----------------------------------------------
rwcommunity commstring xxx.xxx.xxx.xxx
com2sec local localhost public
com2sec mon_server xxx.xxx.xxx.xxx commstring
##### Second, map the security names into group names:
group MyROSystem v2c mon_server
##### Third, create a view for us to let the groups have rights to:
view all included .1 80
view system included .iso.org.dod.internet.mgmt.mib-2.system
##### Finally, grant the 2 groups access to the 1 view with different
# write permissions:
# context sec.model sec.level match read write notif
access mon_server "" any noauth exact system none none

##CUSTOM OID
exec /bin/sh /location-of-the-script.sh
exec /bin/sh /location-of-the-script1.sh
exec /bin/sh /location-of-the-script2.sh
service snmdp restart

To test the first,second and so on custom script response using snmpwalk client
snmpwalk -v2c -c commstring 1.3.6.1.4.1.2021.8.1.101.1
snmpwalk -v2c -c commstring 1.3.6.1.4.1.2021.8.1.101.2
snmpwalk -v2c -c commstring 1.3.6.1.4.1.2021.8.1.101.3

To collect all the snmp OID parameters.
snmpwalk -v2c -c commstring -O n
OID for HP servers can be found under file /opt/hp/hp-snmp-agents/mibs/cmaobjects.mibdef
Note: HP Proliant Support Pack should be installed.
======
Below given tips are from "http://agiletesting.blogspot.com/2005/10/mini-howto-2-system-monitoring-via.html" Thanks to the wonderful writeup
=====

Document sourced from http://www.debianadmin.com/linux-snmp-oids-for-cpumemory-and-disk-statistics.html

Thank you for sharing


Paritions can be monitored by making parition entries in the /etc/snmp/snmpd.conf file
disk /
disk /boot
disk /usr
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.9.1.7.1 ( 1 is for / 2 for /boot and so on)
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.9.1.7.2
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.9.1.7.3

For monitoring processes make entries in /etc/snmp/snmpd.conf
proc java
proc postmaster
proc mysqld
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.2.1.5.1 (1 is for java 2 for postmastet and so on)
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.2.1.5.2
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.2.1.5.3

For Load Monitoring make following entires in /etc/snmp/snmp.conf file.
load 5 5 5
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.10.1.3.1 ( 1 for 1min, 2 for 5min, 3 for 15min usage report)
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.10.1.3.2
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.10.1.3.3

For various CPU Utilisation Metrics use
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.11
For various Memory Utilisation Metrics use
snmpwalk -v2c -c "xxxx" .1.3.6.1.4.1.2021.4

To get the OID from a client.
snmpwalk -v2c -On -c "XXXXX" Servername
This will list all the servers parameter and the OID details.

CPU
percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
raw user cpu time: .1.3.6.1.4.1.2021.11.50.0
percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0
raw system cpu time: .1.3.6.1.4.1.2021.11.52.0
percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0
raw idle cpu time: .1.3.6.1.4.1.2021.11.53.0
raw nice cpu time: .1.3.6.1.4.1.2021.11.51.0

Memory Statistics

Total Swap Size: .1.3.6.1.4.1.2021.4.3.0
Available Swap Space: .1.3.6.1.4.1.2021.4.4.0
Total RAM in machine: .1.3.6.1.4.1.2021.4.5.0
Total RAM used: .1.3.6.1.4.1.2021.4.6.0
Total RAM Free: .1.3.6.1.4.1.2021.4.11.0
Total RAM Shared: .1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered: .1.3.6.1.4.1.2021.4.14.0
Total Cached Memory: .1.3.6.1.4.1.2021.4.15.0

Disk Statistics

The snmpd.conf needs to be edited. Add the following (assuming a machine with a single ‘/’ partition):

disk / 100000 (or)

includeAllDisks 10% for all partitions and disks

The OIDs are as follows

Path where the disk is mounted: .1.3.6.1.4.1.2021.9.1.2.1
Path of the device for the partition: .1.3.6.1.4.1.2021.9.1.3.1
Total size of the disk/partion (kBytes): .1.3.6.1.4.1.2021.9.1.6.1
Available space on the disk: .1.3.6.1.4.1.2021.9.1.7.1
Used space on the disk: .1.3.6.1.4.1.2021.9.1.8.1
Percentage of space used on disk: .1.3.6.1.4.1.2021.9.1.9.1
Percentage of inodes used on disk: .1.3.6.1.4.1.2021.9.1.10.1

System Uptime: .1.3.6.1.2.1.1.3.0

Examples

These Commands you need to run on the SNMP server

Get available disk space for / on the target host
#snmpget -v 1 -c “community” target_name_or_ip .1.3.6.1.4.1.2021.9.1.7.1

this will return available disk space for the first entry in the ‘disk’ section of snmpd.conf; replace 1 with n for the nth entry

Get the 1-minute system load on the target host
#snmpget -v 1 -c “community” target_name_or_ip .1.3.6.1.4.1.2021.10.1.3.1

Get the 5-minute system load on the target host
#snmpget -v 1 -c “community” target_name_or_ip .1.3.6.1.4.1.2021.10.1.3.2

Get the 15-minute system load on the target host
#snmpget -v 1 -c “community” target_name_or_ip .1.3.6.1.4.1.2021.10.1.3.3

Get amount of available swap space on the target host
#snmpget -v 1 -c “community” target_name_or_ip .1.3.6.1.4.1.2021.4.4.0

Monday, April 06, 2009

#!/bin/bash################################################################################## Script for parsing IronPort logs for collecting top mail senders every hour on Iron Port Server ################################################################################## #####Collecting the Program Start time##### echo "Program Start time `date +%T`" > /tmp/time ##### Check if the Script is started correctly ##### if [ $# != 1 ]; then echo "Improper syntax" "Expected syntax [script.sh ]"exitelseecho ""fi ##### Setting Variable #####ORG_FILE=$1MAILTO="xssss123@xdwcs.com xssss1234@xdwcs.com"MAIL=/usr/bin/mutt ##### Collecting only required Data from the IronPort Logs ##### grep "interface PublicNet (3\RID [0-9]" $ORG_FILE > /tmp/newreffileSOURCE_FILE=/tmp/newreffile ##### Collecting the HOURS for which the logs to be parsed #####awk '{print $4}' $SOURCE_FILE cut -c 1,2 uniq > /tmp/hrsfileHRSFILE=/tmp/hrsfile ###Collecting data for hour wise ####while read HRSdo grep " $HRS:" $SOURCE_FILE > /tmp/reffileREFFILE=/tmp/reffile DATESTAMP=`head -1 $SOURCE_FILE awk '{print $1,$2,$3}'`TIMESTAMP=`echo $HRS`echo "====================================" > /tmp/masterecho " TOP MAIL SENDERS FOR $DATESTAMP at $HRS" >> /tmp/masterecho "====================================" >> /tmp/master #### Collecting the ICID and IP address details #####grep "(3." $SOURCE_FILE > /tmp/ipfileIPFILE=/tmp/ipfile ################################################# ##### COLLECT ALL UNIQ ICID FROM THE REFERECE FILE #####grep "(3." $REFFILE uniq -u awk '{print $10}'grep '^[0-9]' > /tmp/icidfileICID=/tmp/icidfile while read LINEdo TOTALMAILS=`grep $LINE $SOURCE_FILE grep RID wc -l` IPADDRESS=`grep $LINE $IPFILE grep "(3." awk '{print $15}'` echo -e "$IPADDRESS \t\t $TOTALMAILS" >> /tmp/outputdone < $ICID ##### Collect the Uniq IP address and the mail counts #####awk '{print $1}' /tmp/output sort -u > /tmp/uniqipUNIQ=/tmp/uniqip while read IPdo MCOUNT=`grep $IP /tmp/output awk '{ sum += $2 };END { print sum }'`# echo "$ORG_FILE - HOUR $HRS" > /tmp/result echo -e "$MCOUNT \t \t $IP" >> /tmp/resultdone < $UNIQ RESULT=/tmp/result sort -rn $RESULT head -10 >> /tmp/mastersort -rn $RESULT > /tmp/mailattachment.txtMATTACHMENT=/tmp/mailattachment.txt mv $RESULT $ORG_FILE-`date +%T-%F-%N`echo "Program End time `date +%T`" >> /tmp/timemutt -s "Top 10 Mail Senders" -a $MATTACHMENT $MAILTO < /tmp/mastersleep 10rm -f /tmp/outputdone < $HRSFILE ######### END OF PROGRAM ##############

Tuesday, March 31, 2009

NTP Configuration file.

NTP Configuration,
vi /etc/ntp.conf
restrict default nomodify notrap noquery
restrict 127.0.0.1
server (NTP Server IP/Name)
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
authenticate yes
restrict (NTP Server IP/Name) mask 255.255.255.255 nomodify notrap noquerykeys /etc/ntp/keys

Friday, January 09, 2009

Send SMS to mobile thru email.

to address: countrycodemobilenumer@airtelkk.com (airtelkk stands for Airtel in Karnataka)
subject - short subj.
short - message in body.

and send it away.