Wednesday, 26 May 2010

CentOS v5.4 web server setting

#yum -y install httpd
#yum -y install system-config-httpd <-- GUI mode configuration
#vi /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName www.in234.lpi:80
UseCanonicalName Off
DocumentRoot "/var/www/html"
< Directory / >
Options FollowSymLinks
AllowOverride None
< /Directory >
< Directory "/var/www/html" >
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
< /Directory >

Monday, 24 May 2010

Network Time Protocol

Basic Configuration
The following command will synchronise the local system time against another server, ensuring nearest possible time is available before configuring the NTP server.
[bash]# ntpdate -b time.smg.gov.mo
Before we adjust any configuration files, its always recommended that we make a backup of the original in case things go wrong, then we can edit the file and make changes as required.
[bash]# cp /etc/ntp.conf /etc/ntp.conf.original
[bash]# vi /etc/ntp.conf


Finding a Time Source
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server time.smg.gov.mo <-- add one entry below the default entries


Access Controls
The following restrict statement defines the suggested access controls for all default connections.
restrict default kod nomodify notrap noquery nopeer

The following table lists and defines some of the more commonly used access control parameters.
Parameters Definitions
ignore Deny all packets and queries
kod Send Kiss-Of-Death packet on access violation
nomodify Deny ntpq / ntpdc queries that attempt to modify the server
notrap Deny control message trap service
noquery Deny all ntpq / ntpdc queries
noserve Deny all queries - except ntpq / ntpdc
notrust Deny access unless cryptographically authenticated (ver 4.2 onwards)
nopeer Deny all packets that attempt to establish a peer association

To allow full control to the localhost, add the following entry to the configuration.
restrict 127.0.0.1

To allow all the workstations inside the internal private network to be able to query the time from your server, use the following access control rule (adjust subnet if needed).
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Finally we need the following declarations in the /etc/ntp.conf file.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
keys /etc/ntp/keys


The above configuration parameters are as follows:
server Specifies that a server is running on the host (own local clock)
fudge Passes additional information to the clock driver
stratum 10 Manually sets the Stratum the server should operate at (1-15)
driftfile Specifies the location of the frequency file
broadcastdelay Sets the propagation delay from the server when broadcasting
keys Store a list of keys needed for any cryptographic links

Starting NTP
[bash]# ntpdate -b time.smg.gov.mo
[bash]# chkconfig --level 2345 ntpd on
[bash]# /etc/init.d/ntpd restart
[bash]# grep ntpd /var/log/messages
galaxy ntpd[1110]: ntpd 4.2.0a@1.1196-r Thu Feb 23 04:42:00 EST 2006 (1)
galaxy ntpd[1110]: precision = 2.000 usec
galaxy ntpd[1110]: Listening on interface wildcard, 0.0.0.0#123
galaxy ntpd[1110]: Listening on interface wildcard, ::#123
galaxy ntpd[1110]: Listening on interface lo, 127.0.0.1#123
galaxy ntpd[1110]: Listening on interface eth0, 192.168.1.1#123
galaxy ntpd[1110]: kernel time sync status 0040
galaxy ntpd[1110]: frequency initialized 0.000 PPM from /var/lib/ntp/drift


You can now query the NTP server with the ntpq (query) tool. The output display after ntpd has been (re)started will be similar to the first table. As ntpd is allowed to run for a while, the table will start to fill with synchronization details.
[bash]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
80.26.104.184 .INIT. 16 u - 64 0 0.000 0.000 4000.00
128.95.231.7 .INIT. 16 u - 64 0 0.000 0.000 4000.00
64.112.189.11 .INIT. 16 u - 64 0 0.000 0.000 4000.00
127.127.1.0 LOCAL(0) 10 l - 64 0 0.000 0.000 4000.00

remote refid st t when poll reach delay offset jitter
==============================================================================
*80.26.104.184 217.127.32.90 2 u 66 256 377 470.247 32.058 33.497
+128.95.231.7 140.142.2.8 3 u 254 256 377 217.646 -3.832 2.734
+64.112.189.11 128.10.252.6 2 u 2 256 377 258.208 2.395 47.246
127.127.1.0 LOCAL(0) 10 l 56 64 377 0.000 0.000 0.002


Client Configuration
Linux Client
[bash]# vi /etc/ntp.conf
server 192.168.1.1
restrict default ignore
restrict 127.0.0.1
restrict 192.168.1.1 mask 255.255.255.255 nomodify notrap noquery
driftfile /var/lib/ntp/drift

The Linux client will also need to have the ntpd service started.

Microsoft Client
To configure a Microsoft Windows (XP) client, follow the sequence of commands below.
C:\>net time /setsntp:192.168.1.1
The command completed successfully.

C:\>net time /querysntp
The current SNTP value is: 192.168.1.1

The command completed successfully.

C:\>net stop w32time && net start w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

The Windows Time service is starting.
The Windows Time service was started successfully.


The standard time query interval for Windows (XP) is one query every 7 days, which for time critical applications and environments is ineffective. To adjust the time interval for Windows (XP), a registry value needs to be adjusted.

Windows (XP) stores the following registry key in a hexadecimal format, which converted to decimal will amount to the time in seconds between time queries. Select the new time (in seconds) that you require the Windows (XP) system to poll the server, then convert it to hexadecimal (86400 seconds is 1 day). This should be the "DWORD" value.
!!! Adjusting the Windows registry may cause your computer system to become unstable, do so at your own risk.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient]
"SpecialPollInterval"=dword:00093a80

Linux Set Date

# date -s "2 OCT 2006 18:00:00"

Thursday, 20 May 2010

CentOS 5.4 proxy server setting

root#yum -y install squid
root#vi /etc/squid/squid.conf
...
http_port 3128
...
visible_hostname hostname
...
acl mynet src 192.168.1.0/24
http_access allow mynet
acl badsites url_regex "/etc/squid/bad_sites"
http_access deny badsites
http_access deny all

:wq!
root#/etc/init.d/squid start

CentOS 5.4 dhcp setting

1. root#yum -y install dhcp
2. root#cat /usr/share/doc/dhcp3.0.5/dhcpd.conf.sample > /etc/dhcpd.conf
3. vi dhcpd.conf

# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#

ddns-update-style interim;
ignore client-updates;

subnet 10.1.1.0 netmask 255.255.255.0 {
# --- default gateway
option routers 10.1.1.1;
option subnet-mask 255.255.255.0;

option nis-domain "dsal.local";
option domain-name "dsal.local";
option domain-name-servers 10.1.1.1;

option time-offset -18000; # Eastern Standard Time
option ntp-servers time.smg.gov.mo;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 10.1.1.128 10.1.1.200;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
host ws-student.dsal.local {
next-server marvin.redhat.com;
hardware ethernet 00:0C:29:1F:F2:53;
fixed-address 10.1.1.100;
}
}
:wq!

root#/etc/init.d/dhcpd start

4. type "man dhcp-options" for more details.

Changing IP Addresses and Routes

Bringing up an Ethernet interface with ifconfig
[root@morgan]# ifconfig eth0 192.168.99.14 netmask 255.255.255.0 up
[root@morgan]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:53
inet addr:192.168.99.14 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x5000

Adding a default route with route

[root@morgan]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

[root@morgan]# route add default gw 192.168.99.254
[root@morgan]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0


Adding a static route with route
[root@morgan]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0

[root@morgan]# route add -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.99.1
[root@morgan]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.98.0 192.168.99.1 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0