Tuesday, December 13, 2011

Script for installing redis-server under user


#! /bin/bash

is_number()
{
echo "$1" | awk '$0 ~/[^0-9]/ { print "NA" }'>/tmp/numcheck$$$
if [ "`cat /tmp/numcheck$$$|xargs`" == NA ] ;then
   echo "NA"
fi
}


check_empty()
{
if [ "$1" == "" ] ;then
    echo "Blank input please try again !!!!!!!!!!!"
    exit
else
    private=": ; = root passwd user `ls |xargs`"
    check=`echo $private |grep -w $1 |xargs`
    if [ "$check" != "" ]  ;then
        echo "Reserved Word Please Retry :$private  "
        exit
    fi
fi
}

install_redis()
{
echo -e "\033[1m Redis server install Require sudoers user \033[0m"
echo "Checking if redis already installed"
sleep 3
    if [ -f "/usr/local/bin/redis-server" ] ; then
        echo "Redis installation already exits skipping source compile"
            if [ -f "/usr/bin/redis-server" ] ; then
                  echo "Redis installation already exits skipping source compile"
            fi
    else
    cd ~/
    if [ -f "~/redis-2.2.14.tar.gz" ] ;then
        mv ~/redis-2.2.14* ~/redis-2.2.14_`date +%Y-%m-%d`
    fi
    wget http://redis.googlecode.com/files/redis-2.2.14.tar.gz
    tar xzf redis-2.2.14.tar.gz
    cd redis-2.2.14/ && make && sudo make install && mkdir -p ~/redis && sudo  cp utils/redis_init_script /etc/init.d/Restart_Redis && cp redis.conf ~/redis/redis.conf &&  cd - && echo -e "\033[1m Enter the Redis port for custom application \033[0m"
    read port_input
        if [ "$port_input" == "" ] ; then
            echo "No redis port Specified continuing with default :recommends manual setting after Setup"
            port_check="`is_number $port_input |xargs`"
            if [ "$port_check" == "NA" ] ;then
                echo "invalid redis port Specified continuing with default :recommends manual setting after Setup"
            else
                echo "HELLO GOOD  $port_input"
            fi
        fi
    fi
}


yes_no()
{
if [ "$*" != "yes" ] ; then
                echo "Thanks please try again ...."
        exit 1
              
fi

}

install_redis

Tuesday, May 31, 2011

Anaconda System installer stage1 initrd patching .

Reference : http://hi.baidu.com/delovery/blog/item/8a454d9085fd1181a877a42b.html

Manually Update the Anaconda stage 1 image

WHAT IS THE STAGE 1 IMAGE?

The stage 1 image in anaconda confuses a lot of people. We've done a good job making stage 1 and stage 2 appear as a single entity, but they are really separate. The whole job of stage 1 is to load the necessary drivers to find anaconda (which we call the stage 2 image). Stage 2 could be located on a network source (NFS, HTTP, FTP), a local hard drive, or a CD-ROM drive. Stage 1 also takes care of configuring your network interface for installation if you indicate the stage 2 location is a network source.

When a bug is found in stage 1, patching it and testing it requires building a new ramdisk image to boot in to the installation environment. We cannot provide a mechanism like updates.img for several reasons. First, the stage 1 portion of anaconda is responsible for loading updates.img after it loads. Second, the stage 1 portion is basically one static program called /sbin/loader, so the only way to test it is to build a new one.

This document explains one of several ways to build a new stage 1 image for testing purposes. The example platform is Red Hat Enterprise Linux 5, but the techniques apply to Fedora Core 6 and higher.

SETTING UP YOUR DEVELOPMENT SYSTEM

I will assume you are building a new ramdisk image for the same architecture as your workstation. If you are not, you will need to explore other means of building the anaconda SRPM. You must build on the target architecture.

First, set up RPM to build locally:
     mkdir -p ~/rpmbuild/RPMS
     mkdir -p ~/rpmbuild/SRPMS
     mkdir -p ~/rpmbuild/SOURCES
     mkdir -p ~/rpmbuild/BUILD
     mkdir -p ~/rpmbuild/SPECS
     echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

Next, obtain the anaconda source RPM from the RHEL-5 media and install it. You should not be doing this as root:
     rpm -Uvh anaconda-11.1.2.36-1.src.rpm

Now you are ready to patch anaconda to your liking.

PATCHING ANACONDA'S STAGE 1 COMPONENTS

Extract the source:

     cd ~/rpmbuild/SPECS
     rpmbuild -bp anaconda.spec
RPM may complain about missing dependencies. Install them if you lack them. Anaconda needs a lot of stuff in order to compile.

Patch the source:
     cd ~/rpmbuild/BUILD/anaconda-11.1.2.36

The stage 1 sources are located in the loader2 subdirectory. The stage 1 components also link against libisys which is in the isys subdirectory. Either way, you will want to make patches against this source tree and put the patches in the ~/rpmbuild/SOURCES directory. For this example, we are patching loader2/loader.c:
cd loader2
     cp -a loader.c loader.c.orig
     vim loader.c
     # la la la...making my changes.... :wq
     cd ~/rpmbuild/BUILD
     gendiff anaconda-11.1.2.36/ .orig > ~/rpmbuild/SOURCES/anaconda.patch

Now go and edit ~/rpmbuild/SPECS/anaconda.spec and add anaconda.patch as a patch and make sure it's applied in the %prep section after the %setup macro is run.

BUILDING A PATCHED ANACONDA

Simple, use rpmbuild:
     cd ~/rpmbuild/SPECS
     rpmbuild -ba anaconda.spec

The resulting packages will be written to ~/rpmbuild/RPMS

BUILDING A NEW RAMDISK

First, we need to get the two stage 1 components that matter: loader and init.
     cd ~/rpmbuild/RPMS/
     rpmdev-extract anaconda-runtime-11.1.2.36-1.i386.rpm
     cd anaconda-runtime-11.1.2.36-1
     cp -a usr/lib/anaconda-runtime/loader/init ~/init
     cp -a usr/lib/anaconda-runtime/loader/loader ~/loader

Second, get the ramdisk image that you want to update. For this example, I am updating the pxeboot/initrd.img from the RHEL-5 tree. I have copied the initrd.img file to my home directory:
     cd ~
     mkdir tmp-initrd
     cd tmp-initrd
     gzip -dc ~/initrd.img | cpio -id
     cat ~/init > sbin/init
     cat ~/loader > sbin/loader
     (find . | cpio -c -o | gzip -9) > ~/initrd.img
     cd ~
Now the initrd.img file in my home directory contains the new loader and init binaries. Copying this to the boot server and you are ready to go with a new initrd.img for RHEL-5.

CREATING AN INSTALLATION BOOT CD-ROM WITH YOUR NEW initrd.img

isolinux (not available for Itanium systems, you'll need to use a loop back mount of the ia64 boot.iso) is used for booting the Red Hat Enterprise Linux installation CD. To create your own CD-ROM to boot the installation program, use the following instructions:

Copy the isolinux/ directory from the Red Hat Enterprise Linux CD #1 into a temporary directory (referred to here as path-to-workspace) using the following command:

cp -r path-to-cd/isolinux/ path-to-workspace

Change directories to the path-to-workspace directory you have created:

cd path-to-work-space

Copy the new initrd.img to path-to-workspace

cp ~/initd.img path-to-workspace/isolinux/

Make sure the file(s) you have copied have appropriate permissions:

chmod u+w isolinux/*
Finally, issue the following command to create the ISO image file:

mkisofs -o file.iso -b isolinux.bin -c boot.cat -no-emul-boot \\
-boot-load-size 4 -boot-info-table -R -J -v -T isolinux/

Tuesday, March 22, 2011

Discover Machine info connected to N/W using Nmap Linux tool

#! /bin/bash

ETHERNET=eth0

HostList=(`arp -vni $ETHERNET |cut -d " " -f 1 |grep -r 192 |xargs`)

for (( i = 0 ; i <= ${#HostList[*]} ; i++ ))
    do
    #nmap ${HostList[i]}
    #nmap -O --system-dns ${HostList[i]}
    #nmap -O --osscan-guess --system-dns ${HostList[i]}
    nmap  -F -O -o2 --osscan-limit -oX ${HostList[i]}_$i.xml  ${HostList[i]}
done

Linux add User passwd without prompting for password

Much simpler : 

echo "passwd " | /usr/bin/passwd --stdin "username"


Squid Proxy Blacklist Auto Update Shell Script

Do necessary changes for path rest is self explanatory : 

cat Update_Blacklists

#! /bin/bash
if [ -d "/usr/local/squid/share/squidGuard"  ] ;then

    cd /usr/local/squid/share/squidGuard/
    rm -f -f bl.tar.gz
        mv /usr/local/squid/share/squidGuard/db/blacklists /usr/local/squid/share/squidGuard/db/blacklists.old
    wget -O bl.tar.gz http://ftp.tdcnorge.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz

    tar --ungzip --extract --exclude=*.diff --directory=/usr/local/squid/share/squidGuard/db --verbose -f bl.tar.gz

    rm -f -f bl.tar.gz

    wget -O bl.tar.gz ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

    tar --ungzip --extract --exclude=*.diff --directory=/usr/local/squid/share/squidGuard/db --verbose -f bl.tar.gz

    rm -f -f bl.tar.gz

    chown -R squid:squid /usr/local/squid/share/squidGuard/db

    find /usr/local/squid/share/squidGuard/db   |xargs chmod 755
        rm -rf /usr/local/squid/share/squidGuard/db/blacklists/global_usage
    rm -rf /usr/local/squid/share/squidGuard/db/blacklists/README   

else
   echo "Error squid  may not be Installed "
       
fi

list_of_f=(`ls /usr/local/squid/share/squidGuard/db/blacklists`)
for ((  i = 0 ;  i < ${#list_of_f[*]};  i++  ))
    do
        serch=`ls /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]} |grep -w urls`
 if [ "$serch" == ""  ]; then

  echo " /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]} : urls not present "
  echo " So adding it : `touch /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]}/urls && echo "warex.com" >touch /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]}/urls`"
 else
  echo "hi $serch"
 fi

 serch1=`ls /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]} |grep -w domains`
        if [ "$serch1" == ""  ]; then

                echo " /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]} : domains not present "
  echo " So adding it : `touch /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]}/domains && echo " So adding it : `touch /usr/local/squid/share/squidGuard/db/blacklists/${list_of_f[i]}/domains`"`"
        else
                echo "hi $serch1"
        fi


done
chown -R squid:squid /usr/local/squid/share/squidGuard/db/*

        find /usr/local/squid/share/squidGuard/db/blacklists   |xargs chmod 755
        rm -rf /usr/local/squid/share/squidGuard/db/blacklists/global_usage
        rm -rf /usr/local/squid/share/squidGuard/db/blacklists/README

chmod 755 /usr/local/squid/share/squidGuard/squidGuard.conf

chmod -R 777 /usr/local/squid/share/squidGuard/db/blacklists

chmod -R 777 /usr/local/squid/share/squidGuard/log

#ind  /usr/local/squid/share/squidGuard/db/blacklists -type d -exec chmod 755 \{\} \; -print

chmod 777 /usr/local/squid/share/squidGuard/log


Best Regards

ChetanM

Block Commonly Used Torrent on Linux Getway

#! /bin/bash


  iptables -I FORWARD -i eth0 -p tcp --syn --dport 1: -m connlimit --connlimit-above 25 -j REJECT
   iptables -I FORWARD -i eth0 -p tcp --syn --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
   iptables -I FORWARD -i eth0 -p udp --dport 1: -m connlimit --connlimit-above 25 -j REJECT
   iptables -I FORWARD -i eth0 -p udp --dport 1024: -m connlimit --connlimit-above 5 -j REJECT

# filter out bad/corrupted p2p traffic

    iptables -I PREROUTING -t mangle -m conntrack --ctstate INVALID -j DROP

# block Blobster and Piolet from downloading the initial peer list

    iptables -I FORWARD -i eth0 -p tcp --dport 80 -d 128.121.0.0/16 -j REJECT

# and then to block the specific apps :

    # block eDonkey

    iptables -I FORWARD -i eth0 -p tcp --dport 4662 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 4662 -j REJECT

    # block Limewire, Morpheus, Bearshare

    iptables -I FORWARD -i eth0 -p tcp --dport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6346:6347 -j REJECT

    # block eMule

    iptables -I FORWARD -i eth0 -p udp --dport 4672 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 4672 -j REJECT

    # block BitTorrent

    iptables -I FORWARD -i eth0 -p tcp --dport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6881:6889 -j REJECT

    # block WinMx

    iptables -I FORWARD -i eth0 -p tcp --dport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6699 -j REJECT

Command Line File Based Network Devices Settings

Step 1. : get N/W config data.

#! /bin/bash

 system-config-network-cmd -d >net_device_data.txt

Step 2. : Edit the file with required changes

cat net_device_data.txt

DeviceList.Ethernet.eth0.AutoDNS=true
DeviceList.Ethernet.eth0.HardwareAddress=00:08:a1:ee:63:18
DeviceList.Ethernet.eth0.Type=Ethernet
DeviceList.Ethernet.eth0.IPv6Init=false
DeviceList.Ethernet.eth0.Netmask=255.255.255.0
DeviceList.Ethernet.eth0.BootProto=none
DeviceList.Ethernet.eth0.Device=eth0
DeviceList.Ethernet.eth0.OnBoot=true
DeviceList.Ethernet.eth0.IP=192.168.1.63
DeviceList.Ethernet.eth0.DeviceId=eth0
DeviceList.Ethernet.eth0.AllowUser=false
DeviceList.Ethernet.eth0.Gateway=192.168.3.63
DeviceList.Ethernet.eth1.HardwareAddress=00:e0:4c:D9:0a:c6
DeviceList.Ethernet.eth1.Type=Ethernet
DeviceList.Ethernet.eth1.IPv6Init=false
DeviceList.Ethernet.eth1.Netmask=255.255.255.240
DeviceList.Ethernet.eth1.BootProto=none
DeviceList.Ethernet.eth1.Device=eth1
DeviceList.Ethernet.eth1.OnBoot=true
DeviceList.Ethernet.eth1.IP=15.1.5.179
DeviceList.Ethernet.eth1.DeviceId=eth1
DeviceList.Ethernet.eth1.AllowUser=false
DeviceList.Ethernet.eth1.Gateway=15.1.5.177

Update N/W details .


Step3 .: update the new changes


#! /bin/bash

system-config-network-cmd -i -f net_device_data_save.txt


Result : helpfull for N/W setting with any web user interface  .



Play Active Directory Ntlm Auth With Users and Group Web Integration.

#! /bin/bash

check_group_ads()
{
echo "">/tmp/glist$$$
arr=(`echo $*`)
IFS=$'\n'
arr=(`wbinfo -g`)
for (( i = 0 ; i < ${#arr[*]}; i++ ))
do
check="`wbinfo -n "${arr[i]}"| grep -w 'Group'`"
if [ "$check" == "" ] ;then
   echo "NA" >>/tmp/glist$$$
else
 wbinfo -n  ${arr[i]} |xargs |cut -d " " -f 1 >>/tmp/glist$$$
fi
done
cat /tmp/glist$$$ |xargs >/home/ads/ads_group_check
}


gid_cheking()
{
IFS=$' '
echo "">/home/ads/group_gid
garr=(`cat /home/ads/ads_group_check|xargs `)
for (( i = 0 ; i < ${#garr[*]}; i++ ))
do
check="`wbinfo -n "${garr[i]}"| grep -w 'Group'`"
if [ "${garr[i]}" == "NA" ] ;then
   echo "" &>/dev/null
else
echo "${arr[i]} =>" >>/home/ads/group_gid
 wbinfo -Y "${garr[i]}" >>/home/ads/group_gid
echo ";" >>/home/ads/group_gid
fi
done
cat /home/ads/group_gid |xargs > /home/ads/group_gid_details
}

user_gid_checking()
{
echo "">/home/ads/user_gid
ugc=(`wbinfo -u|xargs`)
for (( i = 0 ; i < ${#ugc[*]}; i++ ))
do
echo "${ugc[i]} =>" >>/home/ads/user_gid
#wbinfo -r "${ugc[i]}" |xargs >>/home/ads/user_gid
wbinfo -r "${ugc[i]}" |xargs |cut -d " " -f 2-100  >>/home/ads/user_gid
echo ";" >>/home/ads/user_gid


done
cat /home/ads/user_gid |xargs >/home/ads/user_gid_details
}


check_group_ads $* &>/dev/null
check_group_ads
gid_cheking
user_gid_checking

============================

The Result Is Simple files contaning #array type entrys with user / group id for furter process with databased backed application .