#Useful Shell Script for System Administrators
#Monitoring a filesystem usage when the space available reachedcertain limit, this script will email.
#Just run the following script in backround
#To run a script in backround:
#$sh script_name & (or)
#$./script_name &
#!/bin/ksh
while true
do
usage=`df -k /tmp |grep -v Filesystem|awk '{print $5}'|cut -c 1-2`
while((usage<=25))
do
usage=`df -k /tmp |grep -v Filesystem|awk '{print $5}'|cut -c 1-2`
done
echo "The /tmp filesytem on `hostname` is $usage % Please clear the space"|mail -s "disk space used" v.nandha@gmail.com
sleep 600
done
#Awesome cut command
if your file has the strings continously, and want to split at specified intervals
ex: file a.txt contains
121rsfgfggtetert5366654gfdggh5ryrhfghgfrtyrtfghfghtryryryr
121rsfgfggtetert5366654gfdggh5ryrhfghgfrtyrtfghfghtryryryr
121rsfgfggtetert5366654gfdggh5ryrhfghgfrtyrtfghfghtryryryr
cat a.txt | cut -c 1-5,6-16,17-23,24-$$ --output-delimiter=" : "
$$ - denotes end of line in bash
Output:
121rs : fgfggtetert : 5366654 : gfdggh5ryrhfghgfrtyrtfghfghtryryryr
121rs : fgfggtetert : 5366654 : gfdggh5ryrhfghgfrtyrtfghfghtryryryr
121rs : fgfggtetert : 5366654 : gfdggh5ryrhfghgfrtyrtfghfghtryryryr
Thursday, December 6, 2007
List of C Programs for students
/* Ascending array */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int i,j,n,number[100],temp;
printf("Enter the number of elements:");
scanf("%d",&n);
printf("Enter the elements of the array :n");
for(i=1;i<=n;i++)
{
scanf("%d",&number[i]);
}
printf("The array elements entered are: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
for(i=1;i<=n;i++)
{
for(j=1;j<=n;j++)
{
if(number[j]>number[j+1])
{
temp=number[j+1];
number[j+1]=number[j];
number[j]=temp;
}
}
}
printf("The ascending order of the array elements is: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
getch();
}
/* adding 2 numbers using functions */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int add(int,int);
int a,b,sum;
printf("Enter the two numbers a and b:");
scanf("%d %d", &a,&b);
sum=add(a,b);
printf("the sum of %d and %d is %dn",a,b,sum);
getch();
}
int add(int x,int y)
{
int result;
result=x+y;
return result;
}
/* finding armstrong number */
#include <stdio.h>
#include <conio.h>
#include <math.h>
void main()
{
clrscr();
int i,j,a,n,s=0,count=1;
printf("Enter number");
scanf("%d",&n);
i=n;
j=n;
i = i/10;
while( i > 0)
{
count++;
i = i/10;
}
while(j>10)
{
a=j%10;
s=s+pow(a,count);
j=j/10;
}
s=s+pow(j,count);
if(s==n)
{
printf("%d is armstrong numbern",n);
}
else
{
printf("%d is not armstrong number n",n);
}
getch();
}
/* factorial of a given number */
#include <stdio.h>
#include <conio.h>
void main()
{
clrsr();
int fact=1, i, n;
printf("Enter the number for which to find the factorial : ");
scanf("%d",&n);
for(i=1;i<=n;i++)
{
fact=fact*i;
}
printf("The factorial value of number %d is %dn", n,fact);
getch();
}
/* sum of the individual digit */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int number,sum=0;
printf("nEnter the number:");
scanf("%d",&number);
printf("nThe entered number is %d",number);
while(number>0)
{
sum = sum+(number%10);
number = number/10;
}
printf("nThe sum of individual digits of the given number is %d n",sum);
getch();
}
/* calculate NCR */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
int fact(int);
int n,r,ncr;
printf("Enter the n and r values: ");
scanf("%d%d",&n,&r);
ncr=fact(n)/(fact(r)*fact(n-r));
printf("The combination %dC%d = %dn",n,r,ncr);
getch();
}
int fact(int x)
{
int i,f=1;
for(i=1;i<=x;i++)
{
f=f*i;
}
return f;
}
/* find number of vowels in a string */
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
clrscr();
char string[50], *flag;
int i,n,count=0;
printf("Enter the string: ");
scanf("%s",string);
n=strlen(string);
for(i=0;i<n;i++)
{
flag=strchr("AEIOUaeiou", string[i]);
if(flag != NULL)
{
count++;
}
}
printf("The number of vowels in the string %s is %dn",string,count);
getch();
}
/* palindrome */
#include <stdio.h>
#include <conio.h>
#include <string.h>
void main()
{
clrscr();
char string[20], temp[20];
printf("Enter the string:");
scanf("%s",string);
strcpy(temp,string);
strrev(temp);
if(strcmp(string,temp)==0)
{
printf("The String %s is palindrome", string);
}
else
{
printf("The string %s is not palindrome", string);
}
getch();
}
/* find given number is positive or negative */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int n;
printf("Enter a number: ");
scanf("%d", &n);
if(n<0)
{
printf("%d is negative numbern",n);
}
else
{
printf("%d is positive numbern",n);
}
getch();
}
/* finding prime number */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
int n,i,flag=0;
printf("Enter the number : ");
scanf("%d", &n);
if(n<2)
{
printf("Invalid number enteredn");
exit (0);
}
else
{
for (i = 2; i < n; i++)
{
if ((n % i) == 0)
{
flag=1;
break;
}
}
if(flag == 0)
{
printf("The number %d is prime numbern",n);
}
else
{
printf("The number %d is not prime numbern",n);
}
}
getch();
}
/* reversing the number */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int number,reverse=0;
printf("nEnter the number:");
scanf("%d",&number);
printf("nThe entered number is %d",number);
while(number>0)
{
reverse = reverse*10;
reverse = reverse+(number%10);
number = number/10;
}
printf("nThe reversal number is %d n",reverse);
getch();
}
/* find the length of the string using functions */
#include <stdio.h>
#include <conio.h>
#include <string.h>
void main ()
{
clrscr();
int l;
char length(char *string[25]);
char *string[25];
printf("Enter the string:");
scanf("%s",string);
l=length(string);
printf("The length of string %s is %d n", string,l);
getch();
}
char length(char *string[25])
{
int i,x;
x=strlen(string);
return x;
}
/* finding string length without using string functions */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
char string[10];
int i=0;
printf("Enter the string:");
scanf("%s",string);
printf("nThe string entered is %sn",string);
while(string[i] != '0')
{
i=i+1;
}
printf("nnthe length of string is %d n",i);
getch();
}
/* program to calculate sum of the array */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int i,n,number[100],sum=0;
printf("Enter the number of elements:");
scanf("%d",&n);
printf("Enter the elements of the array :n");
for(i=1;i<=n;i++)
{
scanf("%d",&number[i]);
sum=sum+number[i];
}
printf("The array elements are: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
printf("The sum of the array elements is %d n",sum);
getch();
}
/* program to print a given text */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
char text[100];
printf("nEnter the text: ");
scanf("%s",text);
printf("nThe text Entered is %s n", text);
getch();
}
/* to find leap year or not */
#include <stdio.h>
#include <conio.h>
void main()
{
int year,leap;
printf("Enter the year:");
scanf("%d",&year);
leap=year%4;
if(leap==0)
{
printf("The year %d is leap year n",year);
}
else
{
printf("The year %d is not leap year n",year);
}
getch();
}
/* program to find biggest among 4 numbers */
#include <stdio.h>
#include <conio.h>
void main()
{
int a,b,c,d;
printf("enter the 4 numbers:");
scanf("%d%d%d%d",&a,&b,&c,&d);
if((a>b) && (a>c) && (a>d))
{
printf("%d is bigger n",a);
}
else if((b>a) && (b>c) && (b>d))
{
printf("%d is bigger n",b);
}
else if((c>a) && (c>b) && (c>d))
{
printf("%d is bigger n",c);
}
else
{
printf("%d is bigger n",d);
}
getch();
}
/* program to find display matrix */
#include <stdio.h>
#include <conio.h>
void main()
{
int matrix[100][100],i,j,row,column;
printf("Enter the row and column of the matrix:");
scanf("%d %d",&row,&column);
printf("Enter the elements of matrix:");
for(i=0;i<row;i++)
{
for(j=0;j<column;j++)
{
scanf("%d",&matrix[i][j]);
}
}
printf("The matrix you entered is :n");
for(i=0;i<row;i++)
{
for(j=0;j<column;j++)
{
printf("%d t",matrix[i][j]);
}
printf("n");
}
getch();
}
/* program to find number of occurance of alphabet */
#include <stdio.h>
#include <conio.h>
void main()
{
char string[20];
int count,i,j;
printf("Enter the string:");
scanf("%s",string);
i=0;
while(string[i] != '0')
{
count=0;
j=0;
while(string[j] != '0')
{
if(string[i] == string[j])
{
count=count+1;
}
j=j+1;
}
printf("The number occurance of alphabet %c is %dn",string[i],count);
i=i+1;
}
getch();
}
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int i,j,n,number[100],temp;
printf("Enter the number of elements:");
scanf("%d",&n);
printf("Enter the elements of the array :n");
for(i=1;i<=n;i++)
{
scanf("%d",&number[i]);
}
printf("The array elements entered are: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
for(i=1;i<=n;i++)
{
for(j=1;j<=n;j++)
{
if(number[j]>number[j+1])
{
temp=number[j+1];
number[j+1]=number[j];
number[j]=temp;
}
}
}
printf("The ascending order of the array elements is: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
getch();
}
/* adding 2 numbers using functions */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int add(int,int);
int a,b,sum;
printf("Enter the two numbers a and b:");
scanf("%d %d", &a,&b);
sum=add(a,b);
printf("the sum of %d and %d is %dn",a,b,sum);
getch();
}
int add(int x,int y)
{
int result;
result=x+y;
return result;
}
/* finding armstrong number */
#include <stdio.h>
#include <conio.h>
#include <math.h>
void main()
{
clrscr();
int i,j,a,n,s=0,count=1;
printf("Enter number");
scanf("%d",&n);
i=n;
j=n;
i = i/10;
while( i > 0)
{
count++;
i = i/10;
}
while(j>10)
{
a=j%10;
s=s+pow(a,count);
j=j/10;
}
s=s+pow(j,count);
if(s==n)
{
printf("%d is armstrong numbern",n);
}
else
{
printf("%d is not armstrong number n",n);
}
getch();
}
/* factorial of a given number */
#include <stdio.h>
#include <conio.h>
void main()
{
clrsr();
int fact=1, i, n;
printf("Enter the number for which to find the factorial : ");
scanf("%d",&n);
for(i=1;i<=n;i++)
{
fact=fact*i;
}
printf("The factorial value of number %d is %dn", n,fact);
getch();
}
/* sum of the individual digit */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int number,sum=0;
printf("nEnter the number:");
scanf("%d",&number);
printf("nThe entered number is %d",number);
while(number>0)
{
sum = sum+(number%10);
number = number/10;
}
printf("nThe sum of individual digits of the given number is %d n",sum);
getch();
}
/* calculate NCR */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
int fact(int);
int n,r,ncr;
printf("Enter the n and r values: ");
scanf("%d%d",&n,&r);
ncr=fact(n)/(fact(r)*fact(n-r));
printf("The combination %dC%d = %dn",n,r,ncr);
getch();
}
int fact(int x)
{
int i,f=1;
for(i=1;i<=x;i++)
{
f=f*i;
}
return f;
}
/* find number of vowels in a string */
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
clrscr();
char string[50], *flag;
int i,n,count=0;
printf("Enter the string: ");
scanf("%s",string);
n=strlen(string);
for(i=0;i<n;i++)
{
flag=strchr("AEIOUaeiou", string[i]);
if(flag != NULL)
{
count++;
}
}
printf("The number of vowels in the string %s is %dn",string,count);
getch();
}
/* palindrome */
#include <stdio.h>
#include <conio.h>
#include <string.h>
void main()
{
clrscr();
char string[20], temp[20];
printf("Enter the string:");
scanf("%s",string);
strcpy(temp,string);
strrev(temp);
if(strcmp(string,temp)==0)
{
printf("The String %s is palindrome", string);
}
else
{
printf("The string %s is not palindrome", string);
}
getch();
}
/* find given number is positive or negative */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int n;
printf("Enter a number: ");
scanf("%d", &n);
if(n<0)
{
printf("%d is negative numbern",n);
}
else
{
printf("%d is positive numbern",n);
}
getch();
}
/* finding prime number */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
int n,i,flag=0;
printf("Enter the number : ");
scanf("%d", &n);
if(n<2)
{
printf("Invalid number enteredn");
exit (0);
}
else
{
for (i = 2; i < n; i++)
{
if ((n % i) == 0)
{
flag=1;
break;
}
}
if(flag == 0)
{
printf("The number %d is prime numbern",n);
}
else
{
printf("The number %d is not prime numbern",n);
}
}
getch();
}
/* reversing the number */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int number,reverse=0;
printf("nEnter the number:");
scanf("%d",&number);
printf("nThe entered number is %d",number);
while(number>0)
{
reverse = reverse*10;
reverse = reverse+(number%10);
number = number/10;
}
printf("nThe reversal number is %d n",reverse);
getch();
}
/* find the length of the string using functions */
#include <stdio.h>
#include <conio.h>
#include <string.h>
void main ()
{
clrscr();
int l;
char length(char *string[25]);
char *string[25];
printf("Enter the string:");
scanf("%s",string);
l=length(string);
printf("The length of string %s is %d n", string,l);
getch();
}
char length(char *string[25])
{
int i,x;
x=strlen(string);
return x;
}
/* finding string length without using string functions */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
char string[10];
int i=0;
printf("Enter the string:");
scanf("%s",string);
printf("nThe string entered is %sn",string);
while(string[i] != '0')
{
i=i+1;
}
printf("nnthe length of string is %d n",i);
getch();
}
/* program to calculate sum of the array */
#include<stdio.h>
#include<conio.h>
void main()
{
clrscr();
int i,n,number[100],sum=0;
printf("Enter the number of elements:");
scanf("%d",&n);
printf("Enter the elements of the array :n");
for(i=1;i<=n;i++)
{
scanf("%d",&number[i]);
sum=sum+number[i];
}
printf("The array elements are: n ");
for(i=1;i<=n;i++)
{
printf("%d n",number[i]);
}
printf("The sum of the array elements is %d n",sum);
getch();
}
/* program to print a given text */
#include <stdio.h>
#include <conio.h>
void main()
{
clrscr();
char text[100];
printf("nEnter the text: ");
scanf("%s",text);
printf("nThe text Entered is %s n", text);
getch();
}
/* to find leap year or not */
#include <stdio.h>
#include <conio.h>
void main()
{
int year,leap;
printf("Enter the year:");
scanf("%d",&year);
leap=year%4;
if(leap==0)
{
printf("The year %d is leap year n",year);
}
else
{
printf("The year %d is not leap year n",year);
}
getch();
}
/* program to find biggest among 4 numbers */
#include <stdio.h>
#include <conio.h>
void main()
{
int a,b,c,d;
printf("enter the 4 numbers:");
scanf("%d%d%d%d",&a,&b,&c,&d);
if((a>b) && (a>c) && (a>d))
{
printf("%d is bigger n",a);
}
else if((b>a) && (b>c) && (b>d))
{
printf("%d is bigger n",b);
}
else if((c>a) && (c>b) && (c>d))
{
printf("%d is bigger n",c);
}
else
{
printf("%d is bigger n",d);
}
getch();
}
/* program to find display matrix */
#include <stdio.h>
#include <conio.h>
void main()
{
int matrix[100][100],i,j,row,column;
printf("Enter the row and column of the matrix:");
scanf("%d %d",&row,&column);
printf("Enter the elements of matrix:");
for(i=0;i<row;i++)
{
for(j=0;j<column;j++)
{
scanf("%d",&matrix[i][j]);
}
}
printf("The matrix you entered is :n");
for(i=0;i<row;i++)
{
for(j=0;j<column;j++)
{
printf("%d t",matrix[i][j]);
}
printf("n");
}
getch();
}
/* program to find number of occurance of alphabet */
#include <stdio.h>
#include <conio.h>
void main()
{
char string[20];
int count,i,j;
printf("Enter the string:");
scanf("%s",string);
i=0;
while(string[i] != '0')
{
count=0;
j=0;
while(string[j] != '0')
{
if(string[i] == string[j])
{
count=count+1;
}
j=j+1;
}
printf("The number occurance of alphabet %c is %dn",string[i],count);
i=i+1;
}
getch();
}
Monday, December 3, 2007
SSH Passwordless Authendication
Password less Authentication
To Know ssh version: $ssh –V
Make sure the following directory present in Home Directory before continue
For Open SSH = .ssh SSH2 = .ssh2
OpenSSH => OpenSSH
Local=braves; Remote=reds
| What we’re doing | How | Where |
| 1. Generate SSH Keys | $ssh-keygen –b 1024 -t dsa -f .ssh/id_dsa | Local |
| 2. Copy the Public Key file with Hostname | $cp –p .ssh/id_dsa.pub .ssh/braves.pub | Local |
| 3. Add Private Key Info to Identification file | $echo “IDKey id_dsa” > .ssh/identification | Local |
| 4. Add Public Key Info to authorization file | $echo “Key braves.pub” >> .ssh/authorization | Local |
| 5. Add Public Key to the list of keys | $more .ssh/braves.pub >> .ssh/authorized_keys | Local |
| 6. Copy Public Key to the Remote Machine | $scp –p .ssh/braves.pub REMOTE:/$HOME/.ssh | Local |
| 7. Add Public Key to the list of keys | $more .ssh/braves.pub >> .ssh/authorized_keys | Remote |
| 8. Add Public Key Info to authorization file | $echo “Key braves.pub” >> .ssh/authorization | Remote |
| 8. Set up permissions | $chmod 640 .ssh/authorized_keys | Remote |
| 9. Set up permissions | $chmod 700 $HOME/.ssh/ | Remote |
You can now ssh from LOCAL to REMOTE without a password.
If suppose Want to Establish password less authentication from braves to phillies proceed from step 6.
SSH2 => SSH2
Follow all the steps used for OpenSSH => OpenSSH only thing to notice is SSH2 directory is .ssh2 in home directory.
OpenSSH => SSH2
Local=braves; Remote=greg
From OpenSSH (braves), to SSH2 (greg)
| What we're doing | How | Where |
| 1. Generate SSH Keys | $ssh-keygen –b 1024 -t dsa -f .ssh/id_dsa | Local |
| 2. Copy the Public Key file with Hostname | $cp –p .ssh/id_dsa.pub .ssh/braves.pub | Local |
| 3. Add Private Key Info to Identification file | $echo “IDKey id_dsa” > .ssh/identification | Local |
| 4. Add Public Key Info to authorization file | $echo “Key braves.pub” >> .ssh/authorization | Local |
| 5. Add Public Key to the list of keys | $more .ssh/braves.pub >> .ssh/authorized_keys | Local |
| 6. Convert Open SSH Public Key to SECSH format | $ssh-keygen -e -f .ssh/braves.pub >> .ssh/braves.pub.secsh | Local |
| 7. Copy SECSH format Public Key to the Remote Machine | $scp –p .ssh/braves.pub.secsh REMOTE:/$HOME/.ssh2 | Local |
| 8. Rename Public Key with original host name | $mv .ssh2/braves.pub.secsh .ssh2/braves.pub | Remote |
| 9. Add Public Key to the list of keys | $more .ssh2/braves.pub >> .ssh2/authorized_keys | Remote |
| 10. Add Public Key Info to authorization file | $echo “Key braves.pub” >> .ssh2/authorization | Remote |
| 11. Set up permissions | $chmod 640 .ssh2/authorized_keys | Remote |
| 12. Set up permissions | $chmod 700 $HOME/.ssh2/ | Remote |
SSH2 => OpenSSH
Local=greg Remote=reds
From SSH2 (greg), to OpenSSH (reds)
| What we're doing | How | Where | |
| 1. Generate SSH Keys | $ssh-keygen –b 1024 -t dsa | Local | |
| 2. Copy the Public Key file with Hostname | $cp –p .ssh2/id_dsa_1024_a.pub .ssh2/greg.pub | Local | |
| 3. Add Private Key Info to Identification file | echo "IDKey id_dsa_1024_a" > .ssh2/identification | Local | |
| 4. Add Public Key Info to authorization file | $echo “Key greg.pub” >> .ssh2/authorization | Local | |
| 5. Add Public Key to the list of keys | $more .ssh2/greg.pub >> .ssh2/authorized_keys | Local | |
| 6. Copy SECSH Public Key to the Remote Machine | $scp –p .ssh2/greg.pub REMOTE:/$HOME/.ssh | Local | |
| 7. Convert SECSH Public Key to Open SSH format | $ssh-keygen -i -f .ssh/greg.pub >> .ssh/greg.pub.openssh | Remote | |
| 8. Rename Public Key with original host name | $mv .ssh/greg.pub.openssh .ssh/greg.pub | Remote | |
| 9. Add Public Key to the list of keys | $more .ssh/greg.pub >> .ssh/authorized_keys | Remote | |
| 10. Add Public Key Info to authorization file | $echo “Key greg.pub” >> .ssh/authorization | Remote | |
| 11. Set up permissions | $chmod 640 .ssh/authorized_keys | Remote | |
| 12. Set up permissions | $chmod 700 $HOME/.ssh/ | Remote | |
Enjoy.
Sunday, December 2, 2007
Active FTP and Passive FTP
Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...
The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)
When drawn out, the connection appears as follows:
In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)
When drawn, a passive mode FTP connection looks like this:
In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
Summary
The following chart should help admins remember how each FTP mode works:
Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20
Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.
What Does "Load Average" Mean?
What Does "Load Average" Mean?
The load average numbers give the average number of jobs in the run queue over the last 1, 5, and 15 minutes. (These three time periods may vary from one vendor's Unix system to another, but are usually 1, 5 and 15 minutes.) In other words, the n-minute load average is the number of processes competing for the attention of the CPU(s) at any moment, averaged over n minutes.
To see the load average of a system:
$uptime
9:11PM up 67 days, 23:29, 25 users, load averages: 0.11, 0.17, 0.16
The lowest possible load average is zero, the highest unlimited, though we rarely see load averages exceeding 20, and even 10 is unusual. A load average of one or two is about typical.
The load average numbers give the average number of jobs in the run queue over the last 1, 5, and 15 minutes. (These three time periods may vary from one vendor's Unix system to another, but are usually 1, 5 and 15 minutes.) In other words, the n-minute load average is the number of processes competing for the attention of the CPU(s) at any moment, averaged over n minutes.
To see the load average of a system:
$uptime
9:11PM up 67 days, 23:29, 25 users, load averages: 0.11, 0.17, 0.16
The lowest possible load average is zero, the highest unlimited, though we rarely see load averages exceeding 20, and even 10 is unusual. A load average of one or two is about typical.
df and du issues
df and du issues:
I received a call from one of my users today, and he mentioned that the /var file system utilization reported by df did not match the output from du. I logged into the box to see what was going on, and ran the df and du commands to see how much space was being used:
$ df -h /var
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d3 3.9G 2.0G 1.8G 53% /var
$ cd /var && du -sk .
302898
One I saw this information, I realized that a file had most likely been unlinked from the file system, but was still open by one or more processes. To see which process was responsible for this annoyance, I used the lsof “+L1″ option to list open files with a link count of zero:
$ lsof +L1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NLINK NODE NAME
evhandsd 1424 root 3w VREG 85,3 897032 0 7404 /var (/dev/md/dsk/d3)
syslogd 1818 root 14w VREG 85,3 1884238513 0 6803 /var (/dev/md/dsk/d3)
[ … ]
Errrr — based on this information, it looks like syslogd has a 1.8GB logfile open with a link count of zero (I wish I had process accounting running to see which process unlinked this file out from under syslogd). To fix this issue and synchronize the df and du output, I restarted syslogd:
$ /etc/init.d/syslogd stop && /etc/init.d/syslogd start
Which allowed the file to go away and the df and du output to match:
$ df -h /var
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d3 3.9G 302M 3.6G 8% /var
$ du -sk /var
300668 /var
This little exercise reminded me how awesome lsof is.
Static Routes -RedHat Linux
Adding Temporary Static Routes
The route add command can be used to add new routes to your server that will last till the next reboot. It has the advantage of being univeral to all versions of Linux and is well documented in the man pages. In our example the reference to the 10.0.0.0 network has to be preceded with a -net switch and the subnet mask and gateway values also have to be preceded by the netmask and gw switches respectively.
[root@bigboy tmp]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 eth0
If you wanted to add a route to an individual server, then the "-host" switch would be used with no netmask value. (The route command automatically knows the mask should be 255.255.255.255). Here is an example for a route to host 10.0.0.1.
[root@bigboy tmp]# route add -host 10.0.0.1 gw 192.168.1.254 eth0
A universal way of making this change persistent after a reboot would be to place this route add command in the file /etc/rc.d/rc.local, which is always run at the end of the booting process.
Adding Permanent Static Routes
In Fedora Linux, permanent static routes are added on a per interface basis in files located in the /etc/sysconfig/network-scripts directory. The filename format is route-interface-name so the filename for interface wlan0 would be route-wlan0.
The format of the file is quite intuitive with the target network coming in the first column followed by the word via and then the gateway's IP address. In our routing example, to set up a route to network 10.0.0.0 with a subnet mask of 255.0.0.0 (a mask with the first 8 bits set to 1) via the 192.168.1.254 gateway, we would have to configure file /etc/sysconfig/network-scripts/route-eth0 to look like this:
#
# File /etc/sysconfig/network-scripts/route-wlan0
#
10.0.0.0/8 via 192.168.1.254
Note: The /etc/sysconfig/network-scripts/route-* filename is very important. Adding the wrong interface extension at the end will result in the routes not being added after the next reboot. There will also be no reported errors on the screen or any of the log files in the /var/log/ directory.
You can test the new file by running the /etc/sysconfig/network-scripts/ifup-routes command with the interface name as the sole argument. In the next example we check the routing table to see no routes to the 10.0.0.0 network and execute the ifup-routes command, which then adds the route:
How to Delete a Route
Here's how to delete the routes added in the previous section.
[root@bigboy tmp]# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
The file /etc/sysconfig/network-scripts/route-wlan0 will also have to be updated so that when you reboot the server will not reinsert the route. Delete the line that reads:
10.0.0.0/8 via 192.168.1.254
Subscribe to:
Posts (Atom)