Category Archives: linux

Server and Network Monitoring using MRTG – Part 1

This is the 1st series of articles highlighting the usage of MRTG for server and network monitoring.

In my previous article, I touched upon the basics of installing MRTG, Net-SNMP and used the cfgmaker tool to generate simple MRTG graphs. In this article, we further move on to the topic of creating MRTG graphs for a single Linux/Unix machine using only shell scripts.

The final goal or mission of these series of articles is to provide users concrete and professional examples of monitoring their servers and network devices using MRTG. In the end of these series of articles, we will round up and unite all these MRTG graphs to our web based network monitoring system called Nagios.

Continue reading

Effective User management under Linux/Unix

In this article, we look into the topic of managing our users on our local Linux/Unix box. As we know it, Linux/Unix is a multiuser environment, therefore, one of the main tasks of a system administrator is to create user accounts and provide a secure environment for users to do their work in.

Adding and removing users is still one of the most important task of a system administrator. Therefore, we as system administrators need a good understanding of how the Linux/Unix accounting system works in order to provide good network services to our users and clients.

Good account management is also the key determinant to system security. Infrequently used accounts are prime targets for crackers. So are accounts with weak passwords.

Continue reading

System integrity using Files, Permissions, Processes, Root and Sudo

To be a good in system administration, we have to understand the basics of files, processes and permissions of our Linux/Unix hosts. Therefore, in this article, we will cover the basic stuffs regarding files, processes, permissions, the SUPERUSER “root” account and the sudo program.

Every file and process on a Linux/Unix system is owned by a particular user account. Every file has both an owner and a group owner. What this means is that the owner of the file enjoys one special property that is not shared with everyone on the system. This property is the ability to modify the permissions of the file.

Other users on the system can’t access files belonging to others without the owner’s permission, so this restriction helps protect a user’s files against “malicious” users!

Continue reading

Network Management using Nagios

If you are reading this article, then you should be well aware that there are various and different types of network devices, servers, electronic gadgets, transport mediums, media converters, etc, which are somehow connected to each other to form the Internet.

The internet is the biggest network in the world consisting of billions of computers, servers, workstations, routers, switches, printers, mainframes, mobile devices, etc, connected to each other in one way or another.

1 question certainly arises, which is, how do we keep track of this giant network and it’s billions of network devices connected to the Internet?

Continue reading

Securing your Linux gateway box with IPTABLES

This How-To provides the details for securing a Linux gateway box with the IPTABLES firewall. This guide can be used for Kernels ranging from 2.4-2.6. Special rules for running Squid in transparent mode and providing Network Address Translation (NAT) are also covered in this guide.

The tool IPTABLES talks to the kernel and tells it what packets to filter.

The IPTABLES application operates at a high level by filtering TCP and UDP protocols before the data is passed onto the user applications that can be corrupted.

The IPTABLES tool inserts and deletes rules from the kernel’s packet filtering table.

What this means is that the rules you create in your Linux machine using IPTABLES are lost upon reboot.

The best way to use IPTABLES rules are to store them up in a simple shell script and use your Linux OS to load that script on boot up.

Continue reading

Enterprise FreeBSD/Linux Squid Proxy Server

Squid is the most popular high end web proxy used by both by small or big organizations and ISPs around the world. It improves web browsing performance and conserves bandwidth. It also has a very rich Access Control Lists (ACLs) which can be configured to act as superb filter and can also act as a firewall.

The Squid project, currently, is now being run entirely by volunteers. It has a small but very talented and professional group of developers. I request everybody using Squid to help this great project in their own respective ways. You can either participate directly in it’s development, or be a tester of it’s latest releases or you can simply submit articles.

Or best of all, if you have the resources, please donate to this great and wonderful project. Whatever you donate, no matter how much, will go towards it’s development and R&D which will benefit everybody and the internet community at large.

Please check the following URL for more details:

http://www.squid-cache.org/Intro/helping.dyn

This installation manual is for Squid-2.6.STABLE18 which is the latest as of today (23-Jan-2008). This How-To can be used either on Linux based Operating systems such as Debian and BSD based operating systems such as FreeBSD. For Solaris users, replace “make” with “gmake” and make sure that “/usr/sfw/bin” is in your PATH.

This guide below details the steps for creating a powerful Squid proxy server capable of serving thousands of users per second. Please refer to the graphs towards the end of this article for actual details.

Continue reading