Infoaddict Just another site for Infoaddict's

24Nov/110

clamav for linux

Posted by Infoaddict

1. # sendmail -d0 sendmail.cf

#/etc/init.d/sendmail restart

15. # cd /etc/init.d
# vi clamav.sh

#!/bin/bash
#for clamd and clamav-milter
/usr/local/sbin/clamd
sudo /usr/local/sbin/clamav-milter --max-children=2 -olb --timeout=0 local:/var/run /clamav-milter.sock
#for freshclam as a daemon
/usr/local/bin/freshclam -d

16. save it. Then make it executable,

# chmod u+x clamav.sh

Then run it and check the process,

# ./clamav.sh
# ps ax | grep clam

17.# cd /etc/rc.d/rc3.d
# ln -s /etc/init.d/clamav.sh S80clamav

Reboot and check process and log files so that your clamav, freshclam and sendmail are running properly.

Q. How to completely remove Clamav antivirus ?

1. rm -rf /usr/local/src/clamav-87.3

2. cd /usr/local/sbin

3. rm -rf clamd*

4. cd /usr/local/bin

5. rm -rf filename*

6. service sendmail stop

7. killall clamd

8. killall freshclam -d or freshclam

9. ps -aux

post your mail address i will send you the clamav file..... ūüėÄ

Print Friendly
Filed under: RedHat Linux No Comments
18Jul/100

BANDWIDTH MANAGER

Posted by Infoaddict

Introduction

Bandwidth manager is used to control the bandwidth. Maximum Bangladeshi ISPs are using software bandwidth manager. If we have less than 5 Mbps bandwidth, you can control it easily by a software bandwidth manager.

There are a lot of way and utility, left to control your traffic; it is not even possible to write all names in this instance. We will prioritize only known and wide use software bandwidth controllers. You may find many operating systems with built-in bandwidth controller facility. There are some customized software based bandwidth control systems such as CBQ, HTB etc. available in market. We will describe two bandwidth control method CBQ and HTB in this chapter.

CBQ

Hierarchical Class-Based Queuing is a queuing algorithm to manage Bandwidth. Through user-definable class definitions, incoming packet traffic is divided into classes. These divisions might fall along the lines of traffic from a given interface, associated with a particular application, intended for a particular network or device destination, and all traffic of a specific priority classification.

Many Linux OS are using CBQ to control traffic. Many commercial bandwidth-management package vendors use CBQ as backend tool. It is most known and used bandwidth management technique nowadays. It became very popular for free distribution. There are some GNU Licensed tools available to support CBQ. It is an open technology from University of California, Berkeley.

HTB

Hierarchical Token Bucket. HTB is meant to be a more understandable, intuitive and faster replacement for the CBQ qdisc in Linux. Both CBQ and HTB help you to control the use of the outbound bandwidth on a given link. Both allow you to use one physical link to simulate several slower links and to send different kinds of traffic on different simulated links. In both cases, you have to specify how to divide the physical link into simulated links and how to decide which simulated link to use fora given packet to be sent.

Configuring the bandwidth manager

It is important to choose a mode for bandwidth management in Linux. Linux can work in both route and bridge mode to provide bandwidth management facility.

Routing

Routing mode is the common approach for bandwidth management in Bangladesh. In routing mode, Bandwidth Manager works as a complete router. It contains 1P address into all interfaces and each individual route separately.

Routing mode is comparatively easy to deploy in any OS. But it is a bit hard to maintain all routes. But if we use routing mode, you will be able to able to keep maximum routes into your bandwidth manager. It is easy to manage, monitor, and debug. In routing mode, if your bandwidth manager goes down the total process will go down.

Bridging

Bride mode is sometime called "IP Transparent Mode". In bride mode. Band'.', id Manager works as a HUB/Switch. Bridge type Manager may not contain IP addresses into all interfaces. It may not contain all routes separately.

Bridge is comparatively a bit hard to deploy but you need to go through a less hassle for route management. But it is pretty weak for distributed routing and policy management. You need to recompile the kernel again to enable bride mode.

If you use bridge mode, router will maintain all routes. In bride mode, if Bandwidth Manager goes down, there will be no effect to the network (you can just plug it out), only the bandwidth will be unmanaged. Backing up a bridge based bandwidth controller is easier than a routed one.

We will use bridging mode for bandwidth control.

Configuration a linux pc as a bridging mode

Software required

# rpm¬† ‚Äďivh¬† bridge*

Note: bridge-utils-0.9.3-8 and bridge-utils-devel-0.9.3-8 file will be found.

# brctl  addbr  br0

# brctl  addif  br0  eth0 (or eth1)

# ifconfig  eth0 (or eth1)  0.0.0.0  up

# ifconfig  br0  192.168.110.0  up

# ifconfig | less

Note: when we use a PC as a switch or bridge, then the ip address of the LAN interfaces of that PC must set to 0.0.0.0

Configuration of CBQ

This description is meant to simplify setup and management of relatively simple CBQ-based traffic control on Linux. CBQ is to be implemented to the NIC card.

Software required

cbq.init v0.7.2

# cp  cbq.init v0.7.2  /etc/init.d/cbq.init

File name

Every traffic class must be described by a file in the $CBQ_PATH directory

(/etc/sysconfig/cbq by default) - one file per class.

The config file names must obey mandatory format: cbq-<clsid>.<name> where

<clsid> is two-byte hexadecimal number in range <0002-FFFF> (which in fact

is a CBQ class ID) and <name> is the name of the class -- anything to help

you distinguish the configuration files. For small amount of classes it is

often possible (and convenient) to let <clsid> resemble bandwidth of the class.

Example of valid config name: cbq-1280.My_first_shaper.

The configuration file may contain the following parameters:

Device parameters

DEVICE=<ifname>, <bandwidth> [<weight>]  mandatory

DEVICE=eth0, 10Mbit, 1Mbit

Parameters Description
<ifname> It is the name of the interface you want to control traffic on, e.g. eth0.
<bandwidth> It is the physical bandwidth of the device, e.g. for ethernet 10Mbit or 100Mbit, for arcnet 2Mbit.
<weight> It is tuning parameter that should be proportional to <bandwidth>. As a rule of thumb: <weight> = <bandwidth> / 10

Table: Device parameters

Note: When you have more classes on one interface, it is enough to specify <bandwidth> [and <weight>] only once, therefore in other files you only

need to set DEVICE=<ifname>.

Class parameters

Class parameters Description
RATE RATE=<speed>(mandatory). Bandwidth allocated to the class. Traffic going through the class is shaped to conform to specified rate. We can use Kbit, Mbit or bps, Kbps and Mbps as suffices. If we don't specify any unit, bits/sec are used. Also note that "bps" means "bytes per second", not bits.
WEIGHT WEIGHT=<speed>(mandatory). Tuning parameter that should be proportional to RATE. As a rule of thumb, use WEIGHT = RATE / 10.
PRIO PRIO=<1-8>(optional, default 5). Priority of class traffic, the higher the number, the lesser the priority. Priority of 5 is just fine.

Table: Class parameters

Filter parameters

RULE=[[saddr[/prefix]][:port[/mask]],][daddr[/prefix]][:port[/mask]]

These parameters make up "u32" filter rules that select traffic for each of the classes. We can use multiple RULE fields per config.

Example
RULE=10.1.1.0/24:80 selects traffic going to port 80 in network 10.1.1.0.
RULE=10.2.2.5 selects traffic going to any port on single host 10.2.2.5.
RULE=10.2.2.5:20/0xfffe selects traffic going to ports 20 and 21 on host 10.2.2.5
RULE=:25,10.2.2.128/26:5000 selects traffic going from anywhere on port 50 to port 5000 in network 10.2.2.128.
RULE=10.5.5.5:80 selects traffic going from port 80 of single host 10.5.5.5

Table: Filter parameters

MARK=<mark>

These parameters make up "fw" filter rules that select traffic for each of the classes accoring to firewall "mark". Mark is decimal number packets are tagged with if firewall rules say so. You can use multiple MARK fields per config.

Example configuration

Example Filename Contents
cbq-1003.root DEVICE=eth1,10Mbit,1Mbit

RATE=28Kbit

WEIGHT=2Kbit

PRIO=5

RULE=192.168.1.1

MARK=7

cbq-2008.root DEVICE=eth0,10Mbit,1Mbit

RATE=128Kbit

WEIGHT=10Kbit

PRIO=5

RULE=192.168.1.1

MARK=7

Table: Example configuration

Note

For downloading MARK is optional. For uploading MARK is mandatory.

To start cbq

# /etc/init.d/cbq.init     start

To stop cbq

# /etc/init.d/cbq.init     stop

Configuration of HTB

Software required

cbq.init v0.7.2

# cp  cbq.init v0.7.2  /etc/init.d/cbq.init

File name

Every traffic class must be described by a file in the $HTB_PATH directory

(/etc/sysconfig/htb by default) - one file per class.

Class options belong to files with names matching this expression:

$HTB_PATH/<ifname>-<clsid>(:<clsid>)*<description>

<clsid> is class ID which is hexadecimal number in range 0x2-0xFFFF, without

the "0x" prefix. If a colon-delimited list of class IDs is specified, the

last <clsid> in the list represents ID of the class in the config file.

<clsid> preceding the last <clsid> is class ID of the parent class. To keep

ordering so that parent classes are always created before their children, it

is recommended to include full <clsid> path from root class to the leaf one.

<description> is (almost) arbitrary string where you can put symbolic

class names for better readability.

Examples of valid names:

eth0-2              root class with ID 2, on device eth0

eth0-2:3           child class with ID 3 and parent 2, on device eth0

eth0-2:3:4         child class with ID 4 and parent 3, on device eth0

eth1-2.root       root class with ID 2, on device eth1

HTB qdisc parameters

Parameters Description
DEFAULT DEFAULT=<clsid>(optional, default 0)

Example DEFAULT=30

<dclsid> is ID of the default class where UNCLASSIFIED traffic goes. Unlike HTB qdisc, HTB.init uses 0 as default class ID, which is internal FIFO queue that will pass packets along at FULL speed.

R2Q R2Q=<number>(optional, default 10)

Example R2Q=100

This allows you to set coefficient for computing DRR (Deficit Round Robin) quanta. The default value of 10 is good for rates from 5-500kbps and should be increased for higher rates.

Table HTB qdisc parameters

HTB class parameters

Parameters Description
RATE RATE=<speed> or prate or pceil

Example RATE=5Mbit

Bandwidth allocated to the class. Traffic going through the class is shaped to conform to specified rate. You can use Kbit, Mbit or bps, Kbps and Mbps as suffices. If you don't specify any unit, bits/sec are used. Also note that "bps" means "bytes per second", not bits.

CEIL CEIL=<speed>|prate|pceil(optional, default $RATE). Example CEIL=6MBit.
BURST BURST=<bytes> (optional, default computed. Example BURST=10Kb.
PRIO PRIO=<number>(optional, default 0)

Example PRIO=5

Priority of class traffic. The higher the number, the lesser the priority.

LEAF LEAF=none or sfq or pfifo or bfifo (optional, default "none"). LEAF tells the script to attach specified leaf queueing discipline to HTB class. By default, no leaf qdisc is used.

Table HTB class parameters

Filter parameters

Same as CBQ described previously in this chapter. Example configuration

Device Example Filename Contents
eth0 htb-2.110.root RATE=512Kbit

CEIL=128Kbit

BURST=15Kbit

LEAF=sfq

MARK=4

RULE=192.168.110.3/32

eth1 cbq-2008.root DEVICE=eth0,10Mbit,1Mbit

RATE=128Kbit

WEIGHT=10Kbit

PRIO=5

RULE=192.168.1.1

MARK=7

Table: Example configuration

Note

For downloading MARK is optional. For uploading MARK is mandatory.

To start cbq

# /etc/init.d/htb.init     start

To stop cbq

# /etc/init.d/htb.init     stop

In this way can control the bandwidth.

Print Friendly
Filed under: RedHat Linux No Comments
16Jul/100

mrtg-in-rhel4

Posted by Infoaddict

Step # 1 : Make sure snmp server installed

Please note that snmpd configuration does not require using mrtg with remote network devices such as Routers and switches. If you just want mrtg graphs for router or switch then please refer to step # 4 (as all these devices comes preconfigured with snmpd software).

Run rpm commands query option to find out snmp server installed or not:

# rpm -qa | grep snmp

If snmp installed then please refer step # 2; otherwise snmp server and utils were not present and your need to install them using following steps (login as a root user):

(a) Visit rpmfind.net to get snmp server and utilities rpms. If you are fedora user then use yum command as follows to install it:

# yum install net-snmp-utils net-snmp

(b) If you are RHEL subscriber then use up2date command as follows to install:

#up2date -v -i net-snmp-utils net-snmp

Step # 2 : Determine if snmp server is running or not

Run 'ps' command to see if snmp server is running or not:

# ps -aux | grep snmp

Output:

root   5512  0.0  2.3  5872 3012 pts/0    S    22:04   0:00 /usr/sbin/snmpd

Alternatively, you can try any of the following two commands as well:

# lsof -i :199

Output:

COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
snmpd   5512 root    4u  IPv4  34432       TCP *:smux (LISTEN)

OR try out netstat command:

# netstat -natv | grep ':199'

Output:

tcp        0      0 0.0.0.0:199             0.0.0.0:*               LISTEN

If you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:

# service snmpd start

Make sure snmpd service starts automatically, when linux comes us (add snmpd service):

# chkconfig --add snmpd

Step # 3 : Make sure snmp server configured properly

Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address (assigned to eth0, eth1, lo etc):

# snmpwalk ‚Äďv 1 ‚Äďc ropublic localhost system

If you can see your IP address then please proceed to step 4; else it is a time to configure snmp server as follows (by default RHEL and RH 8/9 are not configured for snmp server for security reason):

Configure SNMP

(1) Edit file /etc/snmp/snmpd.conf using text editor:

# vi /etc/snmp/snmpd.conf

Change/Modify line(s) as follows:

Find following Line:

com2sec notConfigUser  default       public

Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:

com2sec local     localhost           public
com2sec mynetwork 192.168.0.0/24      public

Scroll down bit and change:

Find Lines:

group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

Replace with:

group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

Again scroll down bit and locate following line:

Find line:

view    systemview     included      system

Replace with:

view all    included  .1                               80

Again scroll down bit and change:

Find line:

access  notConfigGroup ""      any       noauth    exact  systemview none none

Replace with:

access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

Scroll down bit and change:

Find lines:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)

Replace with (make sure you supply appropriate values):

syslocation Linux (RH3_UP2), Home Linux Router.
syscontact Fahadul Haque <fahadulh@gmail.com>

For your convenient, here is my /etc/snmp/snmpd.conf file. Feel free to use this file. Make sure you make backup of your existing file if you use this file as it is.

Start your snmp server and test it:

(a) Make sure when linux comes up snmpd always starts:

 # chkconfig snmpd on

(b) Make sure service start whenever Linux comes up (after reboot):

 # service snmpd start

(c) Finally test your snmp server:

¬†# snmpwalk ‚Äďv 1 ‚Äďc ropublic localhost system

Step # 4 : Install mrtg if not installed

Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:

rpm -qa | grep mrtg

If mrtg already installed please see step # 5; else use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:

# up2date -v -i mrtg

Fedora Linux user can use yum command as follows to install MRTG:

# yum install mrtg

Step # 5 : Commands to Configure mrtg

(a) Create document root to store mrtg graphs/html pages:

# mkdir -p /var/www/html/mymrtg/

(b) Run any one of the following cfgmaker command to create mrtg configuration file:

#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --global Options[_]:bits,growright --output /var/www/html/mymrtg/faisal.cfg  public@localhost

OR (make sure your FQDN resolves, in following example i'm using dlicl.deltalife.org which is my router FQDN address)

#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --global Options[_]:bits,growright --output /var/www/html/mymrtg/faisal.cfg  public@dlicl.deltalife.org

#cd /var/www/html/mymrtg

#env LANG=C /usr/bin/mrtg faisal.cfg
(3 times if required to overcome the error)

#indexmaker faisal.cfg>index.html

#env LANG=C /usr/bin/mrtg /var/www/html/mymrtg/faisal.cfg --logging /var/log/mrtg.log

#service httpd restart

# chkconfig httpd on

(c) Fire your favorite web browser (like FireFox ūüėÄ ) and type url http://www.your.com/mymrtg/ or http://your-ip/mymrtg/

Step # 7 Create crontab entry so that mrtg graph / images get generated every 5 minutes

(a) Login as a root user or login as a mrtg user and type following command:

# crontab -e

(b) Add mrtg cron job entry to configuration file (append following line to it):

*/5 * * * * /usr/bin/mrtg /var/www/html/faisal.cfg --logging /var/log/mrtg.log

Save file and you are done with MRTG config issues ūüôā

Step # 8 Block ports 161 & 162 at firewall

You do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP 161, 162 ports for communication. Use Linux IPTABLES firewall to restrict access to SNMP server

(a) Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):

SERVER="xxx.xxx.xxx.xxx"
iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

(b )Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):

SERVER="xxx.xxx.xxx.xxx"
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Pleae note that above two are just SNMP specific iptables rules. Please consult iptables(8) man page for complete information on iptables

Step # 9 Optional: Protect your MRTG graphs/html pages with password protected directory

Once again, you would like to restrict access to your MRTG reports. This can easily accomplished with Apache webserver's .htaccess file. If you are on webhosting server with control panel (such as ensim or plesk) then you can use control panel itself to create password-protected directory.

Below is process outlined to protect graphs using apache's .htaccess file and htpasswd command:

Step # 1: Create .htaccess file in /var/www/html/mymrtg/ directory (add text as follows):

vi /var/www/html/mymrtg/.htaccess

Add following text to file:

AuthName "MRTG Graphs/Html restricted access"
AuthType Basic
AuthUserFile /var/members/.htpasswd
require user mrtgadmin

Step # 2: Create a user and password name (-c assumes first time you are using .htpasswd file):

# htpasswd -c /var/members/.htpasswd mrtgadmin

Print Friendly
Filed under: RedHat Linux No Comments