Monthly Archives: November 2013

ipref test netwok performance

Leave a reply

this tools is to measure network performance. Iperf was originally developed by NLANR/DAST as a modern alternative for measuring TCP and UDP bandwidth performance

Server:
iperf -s -p 9999

Client:
iperf -c 192.168.122.150 -p 9999

Iperf features:
TCP
Measure bandwidth
Report MSS/MTU size and observed read sizes.
Support for TCP window size via socket buffers.
Multi-threaded if pthreads or Win32 threads are available. Client and server can have multiple simultaneous connections.
UDP
Client can create UDP streams of specified bandwidth.
Measure packet loss
Measure delay jitter
Multicast capable
Multi-threaded if pthreads are available. Client and server can have multiple simultaneous connections. (This doesn’t work in Windows.)

Where appropriate, options can be specified with K (kilo-) and M (mega-) suffices. So 128K instead of 131072 bytes.
Can run for specified time, rather than a set amount of data to transfer.
Picks the best units for the size of data being reported.
Server handles multiple connections, rather than quitting after a single test.
Print periodic, intermediate bandwidth, jitter, and loss reports at specified intervals.
Run the server as a daemon.
Run the server as a Windows NT Service
Use representative streams to test out how link layer compression affects your achievable bandwidth.

about Dom0

Leave a reply

Dom0, or domain zero to expand the abbreviation, is the initial domain started by the Xen hypervisor on boot. The Xen hypervisor is not usable without Domain-0 (“dom0”).
The dom0 is essentially the “host” operating system (or a “service console”, if you prefer). As a result, it runs the Xen management toolstack, and has special privileges, like being able to access the hardware directly.
It also has drivers for hardware, and it provides Xen virtual disks and network access for guests each referred to as a domU (unprivileged domains). For hardware that is made available to other domains, like network interfaces and disks, it will run the BackendDriver, which multiplexes and forwards to the hardware requests from the FrontendDriver in each DomU.

mutt set from headers

Leave a reply

vi ~/.muttrc

set realname=”Vitalijus Ryzakovas”
set from=”user@host”
set use_from=yes

Some more useful hints:
set edit_headers = yes
set use_envelope_from=yes’

vi ~/.mutt/p1
set pager_format=”(P1) %S [%C/%T] %n (%l) %s”
set realname=”Joe Doe”
set [email protected]
my_hdr Organization: P1’s Organization
my_hdr PGP: s
set pgp_sign_as=”keyid”
set signature=”~/.signature-p1″
color status black p1-color

mutt -F ~/.mutt/p1

Different back address:
set reverse_name
set [email protected]
alternates “[email protected]|[email protected]

spamcop and postfix

Leave a reply

smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net
permit

logrotate

Leave a reply

logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.

Normally, logrotate is run as a daily cron job. It will not modify a log multiple times in one day unless the criterium for that log is based on the log’s size and logrotate is being run multiple times each day, or unless the -f or -force option is used.

Any number of config files may be given on the command line. Later config files may override the options given in earlier files, so the order in which the logrotate config files are listed in is important. Normally, a single config file which includes any other config files which are needed should be used. See below for more information on how to use the include directive to accomplish this. If a directory is given on the command line, every file in that directory is used as a config file.

If no command line arguments are given, logrotate will print version and copyright information, along with a short usage summary. If any errors occur while rotating logs, logrotate will exit with non-zero status.

apache mpm-itk

Leave a reply

mpm-itk is a fork of mpm-prefork, which allows you to configure individual Apache vhosts to run as specified users and groups. This makes it extremely secure if used in a shared hosting environment.

yum install –enablerepo=webtatic httpd-itk

vi /etc/sysconfig/httpd
HTTPD=/usr/sbin/httpd.itk

VirtualHost *:80 :
ServerName linux4you.tk
DocumentRoot /var/www/htm/linux4you.tk
AssignUserId vuser vgroup

service httpd start

django

Leave a reply

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Developed by a fast-moving online-news operation, Django was designed to handle two challenges: the intensive deadlines of a newsroom and the stringent requirements of the experienced Web developers who wrote it. It lets you build high-performing, elegant Web applications quickly.

python for sysadmins hints

Leave a reply

os.system() # Executing a shell command

os.stat() # Get the status of a file

os.environ() # Get the users environment

os.chdir() # Move focus to a different directory

os.getcwd() # Returns the current working directory

os.getgid() # Return the real group id of the current process

os.getuid() # Return the current process’s user id

os.getpid() # Returns the real process ID of the current process

os.getlogin() # Return the name of the user logged

os.access() # Check read permissions

os.chmod() # Change the mode of path to the numeric mode

os.chown() # Change the owner and group id

os.umask(mask) # Set the current numeric umask

os.getsize() # Get the size of a file

os.environ() # Get the users environment

os.uname() # Return information about the current operating system

os.chroot(path) # Change the root directory of the current process to path

os.listdir(path)# List of the entries in the directory given by path

os.getloadavg() # Show queue averaged over the last 1, 5, and 15 minutes

os.path.exists()# Check if a path exists

os.walk() # Print out all directories, sub-directories and files

os.mkdir(path) # Create a directory named path with numeric mode mode

os.remove(path) # Remove (delete) the file path

os.rmdir(path) # Remove (delete) the directory path

os.makedirs(path)# Recursive directory creation function

os.removedirs(path) # Remove directories recursively

os.rename(src, dst) # Rename the file or directory src to dst

fail2ban CentOS DirectAdmin

Leave a reply

yum install fail2ban
vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

[Definition]
failregex = dovecot: auth-worker\(default\): sql\(.*,\): unknown user
dovecot: (pop3|imap)-login: Aborted login \(.*\): .*, \[\]
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: auth\(default\): passdb\(.*,\)\: Attempted login with password having illegal chars
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: (pop3|imap)-login: Aborted login: .*, \[\]
ignoreregex =

vi /etc/fail2ban/jail.conf
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port=”pop3,pop3s,imap,imaps”, protocol=tcp]
sendmail-whois[name=dovecot-pop3imap, dest=root, [email protected]]
logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200

service fail2ban start

chkconfig fail2ban on
service fail2ban status