Thursday 28 August 2014

LAMP WAMP & XAMMP

Hello Friends.

Today i will discuss about the difference between wamp, lamp and xampp. All these three are used for php websites and acts as the local server so that you can see your working website without uploading it first.
By this all technology you don`t require any other
techonolgy.These all are called package. All have different working area with different different role.
First of all i will discuss about LAMP.

LAMP :-LAMP is an acronym for a solution stack of free, open source software, referring to the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software) and PHP (or sometimes Perl or Python), principal components to build a viable general purpose web server.

WAMP :-WAMPs are packages of independently-created programs installed on computers that use a Microsoft Windows operating system.

WAMP is an acronym formed from the initials of the operating system Microsoft Windows and the principal components of the package: Apache, MySQL and one of PHP, Perl or Python. Apache is a web server. MySQL is an open-source database. PHP is a scripting language that can manipulate information held in a database and generate web pages dynamically each time content is requested by a browser. Other programs may also be included in a package, such as phpMyAdmin which provides a graphical user interface for the MySQL database manager, or the alternative scripting languages Python or Perl. Equivalent packages are MAMP (for the Apple Mac) and LAMP (for the Linux operating system).

XAMMP :-XAMPP is a free and open source cross-platform web server solution stack package, consisting mainly of the Apache HTTP Server, MySQL database, and interpreters for scripts written in the PHP and Perl programming languages.

Tuesday 1 July 2014

The Secure Shell (ssh)

What is ssh?

Ssh is set of programs which employ public/private key technology for authenticating and encrypting sessions between user accounts on distributed hosts on the Internet. It can be compiled and used by a normal user without having to ask permission or assistance from the system administrator, or the system administrator can install it as a plug-in replacement for the Berkeley "r" utilities without the users needing to know it is there at all (or do anything to learn how to use it).
Ssh can also be used as a way to "tunnel" other protocols, such as the X Window System protocol, adding encryption to the channel to improve security against packet sniffing and "man in the middle" attacks. When used with X, ssh looks like a normal (albeit a proxy) X server on the local machine which redirects X protocol communication across an encrypted channel to the actual X server on the other end.

How does ssh work?

Ssh works by the exchange and verification of information, using public and private keys, to identify hosts and users. It then provides encryption of subsequent communication, also by the use of public/private key cryptography. In describing ssh here, the term client means a workstation or PC that you are already logged in to, e.g., your own personal workstation or a group workstation that provides XDM session management for several X terminals. The term server means a secondary remote workstation that you wish to log in to to do some work; a login session server.
Put simply, the client is where you type "rlogin server" or "rcp file server:newfile" and the server is where you get a new login session and shell prompt or are copying files, respectively.
As a user, you generate an "identity" on the client system by running the ssh-keygen program. This program creates a subdirectory $HOME/.ssh and inserts in it two files named identity and identity.pub which contain your private and public keys for your account on the client system. This latter file can then be appended to a file $HOME/.ssh/authorized_keys that should reside on any/all servers where you will make ssh connections.
As a system administrator, you generate a public and private key pair for the system itself. By use of this information contained within the system itself, the possibility of someone spoofing the system's identity by faking IP addresses or munging up DNS records that associate IP addresses and domain names is removed. You would have to break into the system and steal its private key in order to sucessfully pretend to be that system. This is a big improvement in security.
The biggest task if you manage a large number of systems that are meant to be used together is collecting and distributing the keys that identify all the hosts which run ssh. Tools exist for handling this task: ssh includes the program make-ssh-known-hosts.pl (which requires POSIX.pm be installed in your Perl library directory) and another script (http://www.uni-karlsruhe.de/~ig25/ssh-faq/comp-host-list) is available on the Internet.
See also: Kimmo Suominen's Getting started with SSH.

How do I use ssh?

First, you need to get and install ssh on your client workstation, plus it must be installed on the remote system you wish to connect to. You can do this for your own account, or your system administrator can install it for the entire system. Once installed, there are several ways you can use ssh, each with varying steps you must go through first.
The most basic use of ssh is transparent when compared with the standard Berkeley "r" utilities. In fact, a system administrator can install ssh on both client and remote server workstations and users who connect using rlogin server will see no difference whatsoever, nor will they need to know anything new. This kind of use gets you the most basic protection of encrypted sessions from systems with ssh installed, usually with a fall back capability to the old (and less secure) Berkeley methods if the other system does not support ssh.
If you wish to make security tighter, you can stop using .rhosts and /etc/hosts.equiv files (or disable the Berkeley utilities altogether) and only allow passwordless connections with ssh keys.
Each system has its own public/private key pair that identifies it to other systems. A client system's public key can be placed in a server system's /etc/ssh_known_hosts file to allow the server to authenticate the client by a key exchange dialog.
If the client host's public key (from the /etc/ssh_host_key.pub file) is found in the in the server's /etc/ssh_known_hosts file, and you place the host name in your own .rhosts or .shosts file, you get the same passwordless connection behavior as the standard Berkeley "r" utilities. If the client's key is not found, ssh will prompt you for the password on the server and will transmit this password -- in encrypted form, rather than plain text -- to the server for authenticating your login. This method involves the system administrator, who must place the client's public keys in the server's /etc/ssh_known_hosts file. There is another way to use ssh that doesn't require the administrator's intervention.
Each user account also has a public and private key that identifies that user account. You get this key when you run the ssh-keygen program. It creates a directory called $HOME/.ssh and puts the keys in there. You can now take your public key, found in the $HOME/.ssh/identity.pub file and place it on the server in your $HOME/.ssh/authorized_keys file. Once you have done this, even though the server doesn't know the key of the client workstation, it does now know your key and will allow the login to your account without a password.
To use the X Window System protocol tunneling (if enabled), you only need to log in successfully and ssh will create a DISPLAY environment variable for you that points to a proxy X server on the server system, which passes X protocol traffic to the real X server on the client system. You can start running X client programs as soon as you get a shell prompt.

Wednesday 12 March 2014

Configuring Bind Non Recursive

When configuring the bind DNS name server, it's almost always beneficial to restrict who can perform recursive queries.
A recursive query occurs when your DNS server is queried for a domain that it currently knows nothing about, in which case it will try to resolve the given host by performing further queries (e.g. by starting at the root servers and working out, or by simply passing the request to yet another DNS server).
When this happens for arbitrary queries on the Internet, your DNS server is open to anybody, so they can cost you bandwidth for their DNS queries.
However, there are situations that call for recursive queries being answered. For example, if you have one DNS server serving your local network, you may want all of your local computers to use your DNS server.
The solution is to add a line to the 'options' of your bind configuration. For example: -

options {
        allow-recursion { 127.0.0.1; 192.168.1.0/24; 192.168.2.1; };
};

This would allow hosts localhost, 192.168.2.1, and the network 192.168.1.0/24 to use this DNS server for recursive lookups (e.g. as a general name server). For everyone else, the server will only answer queries for what's in the local zone files and in the cache.
On Debian, this is placed in '/etc/bind/named.conf.options', other servers may be configured in '/etc/bind/named.conf'

Thursday 6 March 2014

Domain Name System

DNS stands for Domain Name System, or Domain Name Server.

DNS resolves an IP address to a hostname or vice versa.
DNS is basically a large database which resides on various computers that contains the names and IP addresses of various hosts/domains. Other than ip-address DNS also associates various information with the domain names.

Structure of a DNS

DNS uses a hierarchical tree based name structure. At top of the tree is the “root” ( represented as a dot (.) ) followed by the TLD ( Top Level Domain ), then by the domain-name and any number of lower level sob-domains separated by a dot.
The Top Level Domains are divided into 2 categories:

1. Generic TLD (gTLD)
2. Country Code TLD (ccTLD)

Below are some of the common Generic Top Level Domains:

.com – comercial web sites
.org – non profit organizations web sites
.edu – restricted to schools and institutions.
.net – originally for network infrastructures, now unrestricted

What is the difference between a Registry and a Registrar?

A registry provides direct services to registrars only, not Internet end-users. The Registry database contains only Domain Name service (DNS) information (Domain Name, name server names and name server Internet Protocol [IP] numbers) along with the name of the Registrar that registered the name and basic transaction data. It does not contain any Domain Name Registrant or contact information. A Registrar provides direct services to Domain Name registrants. The Registrar database contains customer information in addition to the DNS information contained in the registry database. Registrars process name registrations for Internet end-users and then send the necessary DNS information to a Registry for entry into the centralized Registry database and ultimate propagation over the Internet.

Tuesday 4 March 2014

The /etc/fstab File

/etc/fstab

fstab is a system configuration file on Linux and other Unix-like operating systems that contains information about major filesystems on the system. It takes its name from file systems table, and it is located in the /etc directory.

The term filesystem can refer to a hierarchy of directories (also called a directory tree) that is used to organize files on a computer system. It can also refer to the type of filesystem, that is, how the storage of data is organized (i.e., files, folders, etc.) on a computer disk (hard disk, floppy disk, CDROM, etc.) or on a partition (i.e., a logically independent section) on a hard disk drive (HDD). Each type of filesystem has its own set of rules for controlling the allocation of disk space to files and for associating each file with its metadata (e.g., name, permissions and timestamps).

/etc/fstab is created automatically when the operating system is installed, and it is modified automatically when changes are made to the filesystems. It can also be modified by using specialized programs or manually by using a text editor.

The access permissions (i.e., the ability to read and modify) for /etc/fstab are set by default to read-only for ordinary users as a security and safety measure, and it is necessary to use the root (i.e., administrative) account to modify it. This is because even a small, unnoticed error could cause the system to malfunction, and repair could be difficult for ordinary users. When modifying configuration files such as /etc/fstab, it is important to make an emergency backup copy, preferable on a separate HDD or on removable storage media (e.g., a floppy disk), prior to opening it in a text editor.

/etc/fstab can be safely viewed by using the cat command (which is used to read text files) as follows:

cat /etc/fstab

It can be seen that the content of the file is a six-column table, with the columns separated by tabs or spaces. The columns are as follows:

(1) The first column lists the physical location of each filesystem, which can be a partition on the HDD or a separate device such as a CDROM or floppy disk. Partitions are generally listed in the order in which they are located on the HDD. If there are two HDDs, then all the partitions on the first one are listed first. Which drive is considered to be the first is defined in the computer's BIOS (basic input output system), which controls a computer's hardware while it is booting (i.e., starting up) and is usually stored in a flash memory chip. Also, filesystems that are mounted (i.e., logically attached to the system) beneath other filesystems must follow their parent partitions.

Any filesystem can be prevented from being automatically mounted during booting by commenting out the line on which it is listed. This is accomplished by using a text editor to add a hash symbol (#) to the beginning of the line. If at some later date it is decided to again let that filesystem be automatically mounted when the system boots up, all that is necessary is to remove the hash symbol.

(2) The second column shows the mount point, which is the directory in which the filesystem listed on that line is attached to the root filesystem (i.e., the main filesystem). Partitions that are located on removable storage media are usually mounted as a sub-directory of the directory /mnt, such as /mnt/floppy for floppy disks and /mnt/cdrom for CDROM drives. Some users may prefer to delete the /mnt directory and create directories for devices on the root partition, with names such as /floppy and /cdrom, in order to save time by typing in shorter mount commands. The mount command is used to manually mount filesystems and directories.

In general, no attempt should be made to modify lines containing the /proc directory. /proc is a filesystem that is used to gather information for commands such as ps and pstree, which report on processes currently on the system. A process is a running instance of a program.

(3) The third column shows the filesystem type with which each partition or device is formatted. Most modern Linux distributions (i.e., versions) support a large number of filesystem types, among the most commonly used are ext2 (the basic Linux filesystem type), ext3 (an enhanced version of ext2 with journaling capabilities), reiser (another journaling filesystem), vfat (which is compatible with some Microsoft filesystems), iso9660 (used by most CDROMs) and nfs (network file system). The entry swap shows that the partition is used as swap space (i.e., for virtual memory). The entry udf represents the Universal Disk Format) filesystem defined by the Optical Storage Technology Association, and is often used for CDROMs.

(4) The fourth column adds some basic security to the system by designating by whom and how the filesystem or device can be used. Numerous possible options are available, and any number of them can be used, provided that they are separated with commas and do not conflict with each other. Thus, the contents of this column for a partition or device can become rather long and extend into the space under other column headings.

The inclusion of the term user indicates that ordinary users are allowed to mount the filesystem; if user is replaced by nouser, it means that only the root user can mount the filesystem. owner means that the owner of the device is allowed to mount it. dev permits any user to mount the filesystem.

auto means that the the system tries to detect the filesystem type so that it can be mounted automatically when the computer is started or when the -a option (i.e., mount all filesystems mentioned in fstab) is used with the mount command. For auto to work, the kernel (i.e., the core of the operating system) must be compiled to support the type of filesystem to be mounted. noauto prevents the filesystem from being mounted when the computer starts, even when the -a option is used with the mount command; thus, a filesystem must be mounted manually (i.e., with the mount command) if it is to be used. ignore means that the system does not try to mount the partition or device; this is useful if it is desired to list all partitions on the system for later reference and possible mounting at some future date.

ro (read-only) allows users to read files on the filesystem but not modify them; rw (read-write) allows users to both read files on the filesystem and also write to them. exec lets users run executable files (i.e., programs) on the filesystem; no exec prevents users from running executable files on the filesystem.

suid permits user or group identifiers to be used on the partition. nosuid prevents user or group identifiers from being used. supermount, which is used in Mandriva Linux, allows floppies and CDROM disks to be replaced without the user having to unmount and remount them.

Red Hat and Fedora Linux include an option called kudzu for removable media drives, which allows such drives to be automatically added to and removed from /etc/fstab. This option can be deleted by the root user if it is desired to permanently add the entry for the corresponding removable media drive to /etc/fstab.

async indicates that all input and output to the filesystem or device should be performed asynchronously, and it is the default because of generally better performance. sync signifies that all input and output to the file system should be done synchronously.

defaults uses the default options, which are rw, suid, dev, exec, auto, nouser and async. If it is desired for all users to be able to use the partition or device freely, then this field should read: user, auto, dev, exec, rw.

(5) The fifth column is used to determine whether the dump command will back up the filesystem. This column is rarely used and has two options: 0, do not dump, which is used for most partitions, and 1, dump, which is used for the root partition.

(6) The sixth column is used by the fsck program to determine the order in which the computer checks the filesystems when it boots. The three possible values for the column are: 0, do not check, 1, check first (only the root partition should have this setting) and 2, check after the root partition has been checked. Most Linux distributions set all the partitions to 0, except for the root partition. If maintenance is important, 2 should be used, although this can increase the amount of time required for booting.

Because /etc/fstab defines how filesystems are mounted when starting the computer, changes made to the file will not take effect until the computer is restarted. It is read by the commands mount, umount (which unmounts filesystems), swapon (which which enables devices and files for swapping) and fsck, and thus it is important that all of its data be accurate and complete.

One of the nice features of /etc/fstab is that it will fill in the details for shortened mounting commands. For example, the command mount /mnt/cdrom can be used in place of the command mount -t iso9660 -ro,noauto,owner, /dev/cdrom /mnt/cdrom.

/etc/fstab does not necessarily list all potentially available partitions on the system, particularly if they are formatted for another operating system. The full list of partitions that are available for mounting can be seen by using the command fdisk as root and then typing the letter p and pressing the ENTER key. As the first HDD on a system is designated by hda, the following will list all available partitions on a system with a single HDD:

/sbin/fdisk /dev/hda

In contrast to the Microsoft Windows operating systems, in which partitions are labeled with letters, Linux gives each partition a three-part name. Partitions (as well as devices and ports) are defined in the /dev directory, thus each partition name starts with /dev. The first partition on a system is usually designated /dev/hda1. A partition that exists on another computer on the network usually consists of the name of the host (i.e., other computer on the network) followed by a colon, a space and a directory name

Filesystems that are described in /etc/fstab are typically mounted when the computer is booted, unless the noauto option is used. A list of which filesystems are actually mounted can be seen by using the mount command with no options and no arguments (i.e., input data), that is,

mount

Additional filesystems (i.e., those listed by fdisk) can be mounted immediately by using mount with the appropriate options and arguments. They can also be mounted at the next boot by modifying or adding entries to /etc/fstab.

Friday 28 February 2014

File Compression and Archiving with Gzip, Zip, and Tar

Compressing with Gzip and Zip

Compressed files use less disk space and download faster than large, uncompressed files. You can compress Linux files with the open-source compression tool Gzip or with Zip, which is recognized by most operating systems.
By convention, compressed files are given the extension .gz. The command Gzip creates a compressed file ending with .gz; Gunzip extracts the compressed files and removes the .gz file.
To compress a file, at a shell prompt, type the following command:

gzip filename.ext

The file will be compressed and saved as filename.ext.gz.
To expand a compressed file, type:

gunzip filename.ext.gz

The filename.ext.gz is deleted and replaced with filename.ext.
If you exchange files with non-Linux users, you may want to use zip to avoid compatibility problems. Red Hat Linux can easily open zip or gzip files, but non-Linux operating systems may have problems with gzip files.
To compress a file with zip, type the following:

zip -r filename.zip files

In this example, filename represents the file you are creating and files represents the files you want to put in the new file:
To extract the contents of a zip file, type:

unzip filename.zip

You can zip or gzip multiple files at the same time. List the files with a space between each one.

gzip filename.gz file1 file2 file3 /user/work/school

The above command will compress file1, file2, file3, and the contents of the /user/work/school directory and put them in filename.gz.

Archiving with Tar

Tar files place several files or the contents of a directory or directories in one file. This is a good way to create backups and archives. Usually, tar files end with the .tar extension.

To create a tar file, type:

tar -cvf filename.tar files/directories

In this example, filename.tar represents the file you are creating and files/directories represents the files or directories you want to put in the new file.

You can use absolute or relative pathnames for these files and directories (for more on pathnames, see the section called Changing Directories with cd in Chapter 10). Separate the names of files and directories with a space.

The following input would create a tar file using absolute pathnames:

  tar -cvf foo.tar /home/mine/work /home/mine/school

The above command would place all the files in the /work subdirectory and the /school subdirectory in a new file called foo.tar in the current working directory.

The command tar -cvf foo.tar file1.txt file2.txt file3.txt would place file1.txt, file2.txt and file3.txt in a new file called foo.tar.

To list the contents of a tar file, type:

 tar -tvf foo.tar

To extract the contents of a tar file, type:

tar -xvf foo.tar

This command does not remove the .tar file, but it places copies of the .tar contents in the current working directory.

The tar command does not compress files automatically. You can compress tar files with:

tar -czvf foo.tar

Compressed tar files are conventionally given the extension .tgz and are compressed with gzip.

To expand a compressed tar file type:

tar -xzvf foo.tgz

Thursday 13 February 2014

Welcome to my blog!!!

Warm welcome to all linux newbies.. You will find a lot of interesting stuffs here which you can understand easily. Experienced guys please excuse..This is just a beginners guide....:)

Cron jobs tutorial for beginners

Cron is a utility that allows tasks to be automatically run in the background at regular intervals by the cron daemon. These tasks are often termed as cron jobs. Crontab (CRON TABle) is a file which contains the schedule of cron entries to be executed at specified times.

commands:

crontab filename Install filename as your crontab file.
crontab -e --> Edit your crontab file.
crontab -l --> Show your crontab file.
crontab -r --> Remove your crontab file.
crontab -v --> Display the last time you edited your crontab file

Inorder to setup a cron you just need to specify the task and the time at which it should be executed. Definitely it should be in the format as below. It can be a little tough at the beginning, but will be much easier if you learn how to specify the time at which a particular task should be executed. Workout with examples to get more idea about cron jobs.

Crontab syntax :-

A crontab file has five fields for specifying day , date and time followed by the command to be run at that interval.

* * * * * command to be executed
- - - - -
| | | | |
| | | | +----- day of week (0 - 6) (Sunday=0)
| | | +------- month (1 - 12)
| | +--------- day of month (1 - 31)
| +----------- hour (0 - 23)
+------------- min (0 - 59)

ie,
minute hour day month day-of-week command-line-to-execute
0-59 0-23 1-31 1-12 0-7

In a linux server you can find cron entry for a user at /var/spool/cron/username

examples:

if you want a certain command to run at 5.30 am, you will have to code it as:
30 5 * * * command to execute

If you want something run at 8 pm everyday, it has to be coded as:
0 20 * * * command to execute (20 is 8 pm in the 24-hour time format)

If you want to set the cron job every sunday at midnight 11.30 PM
30 23 * * 0 command to execute (0--represents the Sunday)

If you want to run the task at 1am and 2am only from Monday to Friday:
* 1,2 * * 1-5 command to execute

If you want to execute a cronjob at 4 am every Sunday:
00 4 * * 0 command to execute

To execute a cronjob at 4:42 am every 1st of the month
42 4 1 * * command to execute

Cron also supports 'step' values.

A value of */2 in the date of month field means that the command runs every two days and */5 in the hours field would mean the command runs every 5 hours.

Difference between */5 * * * * and 5 * * * *

*/5 * * * * command to execute -->> This will execute the cronjob in every 5
minutes.

5 * * * * command to execute -->> This will execute cron job in 5th minute of every hour

If both the day of month and day of week are specified, the command will be executed when either of the events happen.

* 12 16 * 1 command to execute -->> command will be executed on every Monday and every 16th

Cron also accepts lists in the fields. Lists can be in the form, 1,2,3 (meaning 1 and 2 and 3) or 1-3 (also meaning 1 and 2 and 3)

59 11 * * 1,2,3,4,5 command to execute -->> will execute the command at 11:59 Monday, Tuesday, Wednesday, Thursday and Friday

to be continued...

ref:
http://www.unixgeeks.org/security/newbie/unix/cron-1.html
http://en.wikipedia.org/wiki/Cron
http://www.aota.net/Script_Installation_Tips/cronhelp.php3
http://www.thesitewizard.com/general/set-cron-job.shtml
https://www.simplehelix.com/hosting/knowledgebase.php?action=displayarticle&catid=4&id=77

Wednesday 12 February 2014

IP Tables

Basic iptables Syntax

Firewalls built with Netfilter are built through the iptables firewall administration command.
The iptables command implements the firewall policies that you create and manages the
behavior of the firewall. Netfilter firewalls have three individual tables: filter, NAT, and man-
gle. Within these tables, firewalls are built through chains, with each individual link in the
chain being an individual iptables command.
Within the default filter table there is a chain for input or data coming into the firewall, a
chain for output or data leaving the firewall, a chain for forwarding or data being sent through
the firewall, and other chains including chains named and configured by the user, commonly
(and appropriately) called user-defined chains. The NAT and mangle tables have specialty
chains that will be discussed later. For now, it’s sufficient to know that the filter table is the
default table for implementing a basic firewall, the NAT table is used to provide NAT and
related functions, and the mangle table is used when the packet will be altered by the firewall.
iptables commands are issued with very specific syntax. Many times, the ordering of the
options given to iptables makes the difference between a successful command and a syntax
error. The commands issued to iptables fall through, so a command that allows certain pack-
ets that follows a command that denies those same packets will cause the data to be dropped
by the firewall.
The basic syntax for an iptables command begins with the iptables command itself, followed
by one or more options, a chain, a set of match criteria, and a target or disposition. The layout
of the command largely depends on the action to be performed. Consider this syntax:
iptables <option> <chain> <matching criteria> <target>
In building a firewall, the option is usually -A to append a rule onto the end of the ruleset.
Naturally, there are several options depending on the target and the operation being per-
formed. This chapter covers most of those options.
As previously stated, the chain can be an input chain, an output chain, a forwarding chain, or
a user-defined chain. In addition, the chain might also be a specialty chain contained in the
NAT or mangle tables.