S h a n n u

If the enable secret password is lost, a new password must be set. To recover a lost enable secret for cisco routers, follow the steps outlined below.
Before you begin - Connect A Console

Connect through Hyperterminal Procedure:
1. Power cycle the router.

2. Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the CTRL key down and pressing the BREAK key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt.

3. From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup and reboot the router by typing the following: 2500/4000

4. > o/r 0x142

5. > i

or 1000/1600/3600/4500

> confreg 0x142
> reset ``````````````````````````````````` The router will reboot itself

6. Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#.

7. Router> enable

8. Router#

9. Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running.

10.Router# copy startup-config running-config
For IOS Releases 11.0 and above OR
Router# config mem
For IOS Releases prior to 11.0

11. Set the new enable password.

12.Router# config term

13.Router(config)# enable secret new_password

14. Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM.

15.Router(config)# config-reg 0x2102

16.Router(config)# end

17. Save changes

18.Router# copy running-config startup-config
For IOS Releases 11.0 and above OR
Router# write memory

interface FastEthernet0/0
ip address 66.178.43.50 255.255.255.128
ip nat outside
duplex auto
speed auto
no keepalive
!
interface FastEthernet0/1
ip address 192.168.168.1 255.255.255.224 secondary
ip address 172.22.11.1 255.255.255.224 secondary
ip nat inside
duplex auto
speed auto
!
ip nat pool sharif 66.178.43.3 66.178.43.4 prefix-length 24
ip nat inside source list 1 pool sharif overload
no ip http server
no ip http secure-server
ip classless
!
ip route 0.0.0.0 0.0.0.0 66.178.43.1
!
!
access-list 1 permit 172.0.0.0 0.255.255.255
access-list 1 permit 192.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit

!
no ip dhcp conflict logging
ip dhcp excluded-address 191.121.121.1
!
ip dhcp pool sharif
network 191.121.121.0 255.255.255.0
default-router 191.121.121.1
domain-name www.sharif.com
dns-server 66.178.2.16
!
ip name-server 66.178.2.25
ip name-server 195.129.12.122
no ftp-server write-enable

LAB 1. Iptables – Multi Network Firewall (3 Network Cards, refer to scenario)
PACKAGE REQUIRED: squid

iptables –A FORWARD –j ACCEPT
iptables –t nat –A PREROUTING –d 66.178.1.221 –p tcp –m tcp --dport 80 –j DNAT --to-destination 10.1.1.2:80
iptables –t nat –A PREROUTING -s 192.168.0.0/24 –p tcp –m tcp --dport 80 –j DNAT --to-destination 192.168.0.1:3128
iptables –t nat –A POSTROUTING –o eth0 –j SNAT –-to-source 66.178.1.221
iptables-save > /etc/sysconfig/iptables
service iptables restart

vi /etc/sysctl.conf
(change this setting: net.ipv4.ip_forward = 1)
sysctl -p

LAB 2. Iptables – SQUID TRANSPARENT PROXY (2 Network Cards, refer to scenario)
PACKAGE REQUIRED: squid
IPTABLES FIREWALL CONFIGURATION:

iptables –A FORWARD –j ACCEPT
iptables –t nat –A PREROUTING -s 192.168.0.0/24 –p tcp –m tcp --dport 80 –j DNAT --to-destination 192.168.0.1:3128
iptables –t nat –A POSTROUING –o eth0 –j SNAT –-to-source 66.178.1.221
iptables-save > /etc/sysconfig/iptables
service iptables restart

SQUID PROXY CONFIGURATION:

http_port 192.168.0.1:3128
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 80
cache_swap_high 100
maximum_object_size 1024 KB
cache_dir ufs /var/spool/squid 512 16 256
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl full_host src 192.168.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow full_host
http_access deny all
http_reply_access allow all
icp_access allow all
memory_pools off
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_port 80
httpd_accel_uses_host_header on
LAB 1 and LAB 2 checklist and additional information:

Make sure iptables and squid services are started, also check ntsysv
Check squid logs in /var/log/squid/access.log if squid transparent is working
Save your firewall using iptables-save > /etc/sysconfig/iptables
You can edit firewall using vi /etc/sysconfig/iptables and restart the firewall using service iptables restart
You can check if squid is installed using rpm –q squid
Make sure that net.ipv4.conf.default.rp_filter = 1 is enabled in /etc/sysctl.conf

LAB 3. VsFTPd – File Transfer Protocol server
PACKAGE REQUIRED: vsftpd

adduser sample –g 100 –c “sample description”
passwd sample

NOTE: Please copy any file to /var/ftp/pub and any file to /home/sample

LAB 3 checklist and additional information:
Make sure vsftpd started, also check ntsysv
Check ftp logs in /var/log/xferlog if vsftpd is working

Access your PUBLIC ftp
Access your PRIVATE ftp, you must login and supply password

LAB 4. Apache – Web server (IP-based)
PACKAGE REQUIRED: httpd-* php-*

SINGLE DOMAIN:

Copy or create an HTML file in /var/www/html and preview it in Web Browser

VIRTUAL DOMAIN:

Create sub-interface using GUI redhat-config-network or ifconfig

adduser sample1 –g 100 –c “sample1 description”
passwd sample1
cd /home/sample1
mkdir html
mkdir logs
mkdir icons
chmod 777 /home/sample1 -Rf

vi /etc/httpd/conf.d/sample1.conf


ServerAdmin sample1@sample.com
DocumentRoot /home/sample1/html
ServerName 10.1.1.3
ErrorLog /home/sample1/logs/error_log
TransferLog /home/sample1/logs/access_log



Order Deny,Allow
Allow from all
Options +Indexes
DirectoryIndex index.html index.php


LAB 4 checklist and additional information:
Make sure httpd started, also check ntsysv
Check https logs in /home/sample/logs/access.log if httpd is working

Copy or create an HTML file in /home/sample/html and preview it in Web Browser specify the IP
LAB 5. MySQL – Database Server
PACKAGE REQUIRED: libdbi, libdbi-dbd, mysql, mysqlclient10, mysql-server, perl-DBI, perl-DBD-mysql, php, php-mysql, php-mbstring, php-ldap, php-odbc, php-pear

NOTE: Please verify the following packages are installed, if not please install them before proceeding to the rest of the lab. The command “rpm –q package_name” verifies if a package is install, if not you can use “rpm –ivh package_name” to install it.

LAB 6. DNS – Domain Name Server
PACKAGE REQUIRED: caching-nameserver, bind

vi /etc/named.conf (add the following:)

zone "yourcompany.com" {
type master;
file "yourcompany.com.zone";

vi /var/named/yourcompany.com.zone (add the following)
$ORIGIN yourcompany.com.
$TTL 86400
@ IN SOA ns.yourcompany.com. admin.yourcompany.com. (
7 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; ttl
)
IN NS ns.yourcompany.com.
IN MX 10 mail.yourcompany.com.
IN A 10.1.1.2
ftp IN A 10.1.1.3
www IN A 10.1.1.4
mail IN A 10.1.1.5
LAB 6. Postfix/Cyrus-IMAPd – Mail Server
PACKAGE REQUIRED: pam_mysql, postfix-mysql, squirrelmail, cyrus-imap, web-cryadm

NOTE: Please check exact package name, actual filename may change because of version number.
INSTALL AND CONFIGURE web-cyradm /var/www/html/cyrus/config/conf.php

# The Cyrus login stuff
$CYRUS = array(
'HOST' => 'localhost',
'PORT' => 143,
'ADMIN' => 'cyrus',
'PASS' => 'secret'
);

$DB = array(
'TYPE' => 'mysql',
'USER' => 'mail',
'PASS' => 'secret',
'PROTO' => 'unix', // set to "tcp" for TCP/IP
'HOST' => 'localhost',
'NAME' => 'mail'
);


START MYSQLD, ASSIGN ROOT PASSWORD AND DATABASE web-cyradm

service mysqld start
mysqladmin -u root -p password 123456
mysqld -u root -p < /var/www/html/cyrus/scripts/insertuser_mysql.sql
mysqld mail -u root -p < /var/www/html/cyrus/scripts/create_mysql.sql


PAM AUTHENTICATION
(do this in /etc/imap.d)
vi /etc/pam.d/imap
vi /etc/pam.d/smtp
vi /etc/pam.d/pop
vi /etc/pam.d/seive


auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
SASLAUTHD
vi /etc/sysconfig/saslauthd

# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=-r

START=yes


CYRUS IMAPD CONFIGURATION
vi /etc/imapd.conf
vi /etc/imapd-local.conf

postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 320
sieve_maxscripts: 5
unixhierarchysep: yes
altnamespace: yes
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
allowanonymouslogin: no
allowplaintext: yes
allowplainwithouttls: yes
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
servername: host.example.com


CYRUS IMAPD CONFIGURATION
vi /etc/cyrus.conf

START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}

SERVICES {
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=1

lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

}

EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30

delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
}


CONFIGURE POSTFIX
vi /etc/postfix/main.cf

# postfix user/group
#soft_bounce=yes
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
inet_interfaces = all
mydomain = yourdomain.com
myhostname = host.yourdomain.com
mynetworks = 192.168.0.0/16,
127.0.0.0/24,
69.239.170.72/29
mydestination = $myhostname,
localhost.$mydomain,
localhost,
mysql:/etc/postfix/mysql-mydestination.cf
relay_domains = $mydestination

# mail delivery
local_transport = cyrus
mailbox_transport = cyrus
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf,
regexp:/etc/postfix/virtual_regexp
transport_maps = mysql:/etc/postfix/mysql-transport.cf,
regexp:/etc/postfix/transport_regexp
#local_recipient_maps =

# sympa parameters
# sympa_destination_recipient_limit = 1
# sympabounce_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

# rules restrictions
# smtpd_client_restrictions = reject_rbl_client sb1.spamhaus.org
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining


CONFIGURE POSTFIX
vi /etc/postfix/master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient


CONFIGURE POSTFIX
vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login


CONFIGURE POSTFIX
/etc/postfix/mysql-canonical.cf

hosts = 127.0.0.1
user = mail
password = secret

dbname = mail

table = virtual
select_field = alias
where_field = username
additional_conditions = and status = '1' limit 1

CONFIGURE POSTFIX
/etc/postfix/mysql-mydestination.cf

hosts = 127.0.0.1
user = mail
password = secret

dbname = mail

table = domain
select_field = domain_name
where_field = domain_name


CONFIGURE POSTFIX
/etc/postfix/mysql-relay.cf


hosts = 127.0.0.1
user = mail
password = secret

dbname = mail

table = domain
select_field = transport
where_field = domain_name


CONFIGURE POSTFIX
/etc/postfix/mysql-transport.cf

hosts = 127.0.0.1
user = mail
password = secret

dbname = mail

table = domain
select_field = transport
where_field = domain_name


CONFIGURE POSTFIX
/etc/postfix/mysql-virtual.cf

hosts = 127.0.0.1
user = mail
password = secret

dbname = mail

table = virtual
select_field = dest
where_field = alias
additional_conditions = and status = '1'

CONFIGURE POSTFIX
/etc/postfix/transport_regexp

# /^.*+owner\@lists\..*$/ sympabounce:
# /^.*\@lists\..*$/ sympa:



CONFIGURE POSTFIX
/etc/postfix/virtual_regexp


# This will be used to deal with the mailing lists
#/^(.*)-owner\@lists\.(.*)$/ $1+owner@lists.$2
service postfix start
service saslauthd start
service cyrus-imapd start
service mysqld start

All related files of rpm and configuration files get from below link to complete MExchange in linux:

http://www.megaupload.com/?d=U8SUSQUJ

Installation and Configuration Procedure in Power Point Slides Step by Step: http://www.megaupload.com/?d=MQ1BICOE

First during installation need to be select these programs --
· In Webserver = php-mysql & php-odbc
· Select DNS Name Server
· Select Mysql Database = my sql-server
· In Mail server = cyrus-imapd & squirrelmail

Install these packages additionally for Mexchange:
Install - rpm –ivh postfix-2.1.5-4.2.RHEL4.mysql.centos4.i386.rpm
Then install - rpm –ivh pam-mysql-0.5.1.i386.rpm
Then install - rpm –ivh phb-mbstring-4.3.9-3.1.i386.rpm
Cyrus-imapd already installed during installation if not should be install
Squirrelmail already installed during installation if not should be install
===============================================================

Go to WEB-CYRADM folder copy (cp) web-cyradmn-svn-0.5.5.tar t0 /var/www/html
Then cd /var/www/html => tar xvfz web-cyradm-svn-0.5.5.tar.gz
Then mv tmp/web-cyradm-0.5.5 web-cyradm
Then go to WEB-CYRADM folder - cp conf.php /var/www/html/web-cyradm/config/
===============================================================

Go to folder POSTFIX – copy * /etc/postfix/ -Rf
Vi /etc/postfix/main.cf :
Edit : domain - sharif.com / host – mail.sharif.com / network – 121.121.121.1/24
Go to folder PAM.D - copy * /etc/pam.d/ -Rf (5 files)
===============================================================
Password creation for MYSQL server:
mysqladmin -u root password 123456
mysql -u root –p < /var/www/html/web-cyradm/scripts/insertuser_mysql.sql password: 123456 mysql mail –u root –p < /var/www/html/web-cyradm/scripts/create_mysql.sql password 123456 copy saslauthd file - cp saslauthd /etc/sysconfig/ =============================================================== Under Root – Type - /usr/share/squirrelmail/config/conf.pl 2 – domain : sharif.com 3 – 2 (smtp) A = 8 – cyrus Save then Quit =============================================================== Go to CYRUS folder then copy all files : cp * /etc/ -Rf =============================================================== Then go NTSYSV - saslauthd + postfix + cyrus-imapd + named + httpd + mysql (select) After enable to need to restart services - all which we enabled (chkconfig –add postfix) ===============================================================

BIND DNS:
Need to install rpm file – rpm –ivh Caching-nameserver-7.3.3.noarch.rpm
Vi /etc/named.conf

--------------------------------------------------------------------------
Add zone: zone “sharif.com” IN {
type master;
file “sharif.com.zone”;
allow-update { none; };
};

--------------------------------------------------------------------------
Then go cd - /var/named/chroot/var/named -

vi sharif.com.zone

===============================================================
$ORIGIN sharif.com.
$TTL 86400
@ IN SOA ns.sharif.com admin.sharif.com. (
7 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; ttl
IN NS ns.sharif.com.
IN A 121.121.121.1
IN MX 10 mail.sharif.com.
mail IN A 121.121.12.12.1 {save}
===============================================================
add in ntsysv - service named start
vi /etc/resolv.conf := search sharif.com / nameserver 127.0.0.1
vi /etc/sysconfig/network := HOSTNAME = ns.sharif.com
[dig sharif.com] service named restart (enter)

121.121.121.1/web-cyradm = admin/test (un/pw)
Tail –f /var/log/messages

Add new domain (sharif.com) mailto:nagur@sharif.com%20/%20shannu@sharif.com add accounts (2) smpl

For webmail : 121.121.121.1/webmail/src/webmail.php

Root Password Recovery Procedure:

During booting Press ‘e’
Go to Kernel and check ‘e’
at the end type Single (enter) and click ‘b’
then type passwd,
type new password and then reboot.

Back-up and Restore:
Having a backup depends upon the scope of your server, for a MySQL server you need to backup /var/lib/mysql

#!/bin/bash
rm /opt/backup/set_a/server/gfps04/mysql.* -Rf
find /var/lib/mysql -mtime -31 -depth \! -type d > /tmp/modified_mysql.files
tar cT /tmp/modified_mysql.files > /opt/backup/set_a/server/gfps04/mysql.`date '+%d%b'`.tar
gzip -9f /opt/backup/set_a/server/gfps04/mysql.`date '+%d%b'`.tar

Restoration will require you more likely to use a separate test server, first examine the files to be restored so you may not damage the existing file system. If you are certain then you may copy the files in any way, but best is via scp (secure file copy) to maintain file ownership and permissions.

File System Health:

Place your Red Hat Enterprise 4 disk # 1 to CDROM drive and reboot. Following the loaded prompt enter: linux rescue

If it ask for file system mount answer NO. This will let you check file systems freely without any hard. Mount file system or choosing no is preferred only if you intend to change settings or edit files on your system.
Afterwards the bash prompt will appear and now your ready to examine your file system. This applicable on many cases, such as before having a backup, or having a corrupted disk and you are attempting to recover from it.

bash# fsck /dev/hda1 bash# fsck /dev/hda2

If your hard disk is an ide it will be /dev/had device, for scsi or sata it will be /dev/sda. Fsck might find corrupted files, if so it will ask you to fix it, press “Y” for yes if it does check inconsistency. After having checked all file systems, you may reboot.

Automatic Backup:

As you learned in CRON you may create a script to backup necessary service location. You may design your very own backup system as long as you can restore it.

[root@ server01 ~]# mkdir scripts
[root@ server01 ~]# mkdir /opt/backup
[root@ server01 ~]# cd scripts
[root@ scripts]# vi sql_backup.sh

#!/bin/bash
rm /opt/backup/mysql.* -Rf
find /var/lib/mysql -mtime -31 -depth \! -type d > /tmp/modified_mysql.files
tar cT /tmp/modified_mysql.files > /opt/backup/mysql.`date '+%d%b'`.tar
gzip -9f /opt/backup/mysql.`date '+%d%b'`.tar

[root@ scripts]# vi /var/spool/cron/root

30 15 * * * sh /root/scripts/sql_backup.sh

[root@ scripts]# chmod 744 sql_backup.sh

You may want to try to script yourself by executing sh sql_backup.sh

[root@ scripts]# sh sql_backup.sh

Monitor the disk Space: df –h -7

Monitor system Load: [root@ server01 ~]# top

To monitor CPU Usage press Shift + P / Memory Usage press Shift + M

If ever you had pin point a service that is causing trouble, all you had to do is pin point the PID number. And using kill command to terminate the service.

[root@ server01 ~]# kill 8888
8888 is assumed to be the PID; you may check your own to get real service number. A leaky program such as those needing updates can cause memory or CPU leakage leaving it to use more memory or CPU resources than it should.

SELinux:

SELinux safe guards several services such as httpd to run only on port 80 and not to allow any other services to hi-jack port 80. The configuration is pretty simple and everything else has been default. All you need to do is enable it.

[root@server01 ~]# vi /etc/selinux/config

SELINUX=enforcing (how to protect)
SELINUXTYPE=targeted (what to protect)

Web Server had become so important into today e-commerce. For RedHat Administrator task to setup a fast, efficient and reliable web server. Apache supports nearly all technology of web such as PHP, XML, JSP and ASP. Apache has very strong point of usage which is PHP. There are three type of Apache – Single Domain, IP Based Virtual Host and Name Based Virtual Host.

Single Domain:
Apache is a single domain only running on port 80 of your network interface. The default conf. files of apache located in /etc/httpd and the root home can be located in /var/www/html.

To check whether Apache is there or not the command: rpm –q httpd
files store in /etc/www
Then go ntsysv and check whether httpd select – vi /etc/httpd/conf.d (global conf. can’t change)

My setup of Apache web server will incorporate PHP and MySQL, it is so famous for the acromyn LAMP (Linux, Apache, MySQL, PHP) google and yahoo is built from this platform. During installation package selection or even installation of RedHat via rpm. Open web browser and test your web server http://192.168.0.1/ (you should see Apache test page)

RHEL 4 has Apache 2.0 / PHP 4.3 / PERL 5.8 / MySQL 4.1
Apache 2.0 virtural host conf. should be save /etc/httpd/conf.d/profile.conf

IP Based Virtual Host:
If you don’t have any plan to register your domain, but you need to have web services over internet, your have no option but to use IP Based Virtual Host. Virtual host mean allows you to create another web server service to listen on another IP address or interface. If don’t have dns therefore Apache will listen on Virtual IP. Right now create a virtual ip either you preferred method, command line or system config network (XII). If you have only one interaface create alias eth1 to eth1:1 and assign different IP. Then restart network service change to take effect.

First create Virtual IP, 192.168.0.2 – eth1 and 192.168.0.3/0.4 – eth1:1/eth1:2

Create User (unix accnt): adduser alvin –g apache –d /var/www/alvin
Adduser sharif –g apache –d/var/www/sharif

Edit files
vi /etc/httpd/conf.d/alvin.conf

Document Root /var/www/alvin/public_html
Server Name http://www.alvin.com/
Directory Index index.html index.htm index.shtml


vi /etc/httpd/conf.d/sharif.conf

Document Root /var/www/sharif/public_html
Server Name http://www.sharif.com/
Directory Index index.html index.htm index.shtml


Then go each user create sample file as below:
[root@server01 alvin]# cd public_html [root@server01 sharif]# cd public_html
[root@server01 public_html]# vi index.html [root@server01 public_html]# vi index.html


Hello World! I’m a Red Hat Linux System Administrator!



Save the file the restart Apache - service httpd restart

Click on webbrowser: http://192.168.0.3/ or http://192.168.0.4/ to see the test page.


Name Based Virtual Host:
If you have a DNS properly registered resolve and you have a static IP, then you can create Name Based Virtual Host. Imagine a Single IP address having multiple host name alias.

First create Virtual IP, 192.168.0.2 – eth1 and 192.168.0.3 – eth1:1
Ex: 192.168.0.3 – www.alvin.com/www.sharif.com/www.shasmeen.com

Create User (unix accnt): adduser alvin –g apache –d /var/www/alvin (sharif / shasmeen)

Edit files
vi /etc/httpd/conf.d/alvin.conf

Document Root /var/www/alvin/public_html
Server Name http://www.alvin.com/
Directory Index index.html index.htm index.shtml


vi /etc/httpd/conf.d/sharif.conf

Document Root /var/www/sharif/public_html
Server Name http://www.sharif.com/
Directory Index index.html index.htm index.shtml

Then go each user create sample file as below:
[root@server01 alvin]# cd public_html [root@server01 sharif]# cd public_html
[root@server01 public_html]# vi index.html [root@server01 public_html]# vi index.html


Hello World! I’m a Red Hat Linux System Administrator!



Save the file the restart Apache - service httpd restart

Click on webbrowser: http://www.alvin.com/ or http://www.sharif.com/ to see the test page.

During installation Linux ES4 should be select service File Server its automatically installed Sambas otherwise will install manually samba swat(web).

Before install the samba should be install shadow_utilities for user creates
Shadow_utilites-4.0.3-56.i386.rpm

Installation the file:
rpm –ivh .rpm ….Upgrade: rpm –Uvh .rpm

Samba Domain Controller- samba-3.0.10-1.4E for RedHat4 ES for Active Directory (samba+LDAP)
Samba domain controllers with LDAP support. Samba has limited features such as Domain and Admin Group, neither does it support full active directory. Roaming profiles is compatible with Primary and Backup Domain Controller or Stand-Alone. Also function as Domain member of windows domain family.

The technique to perform SDC user accounts requires a good knowledge of UNIX accounts & groups. Samba map its username to UNIX accounts. Can either create UNIX account buy using adduser.

Root# adduser test –g 100 (create the user test under user group – GID 100)
Samba an account, a UNIX account should first exist. Can also use system-config-users which offers a GUI interface under XII.

To make Domain Controller: (Domain – WORKGROUP) –
vi /etc/samba/smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/02/06 11:53:56
# Global parameters
[global]
workgroup = WORKGROUP
server string = Red Hat Enterprise 4
passwd program = /usr/bin/passwd %u
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/adduser %u
delete user script = /usr/sbin/userdel %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add machine script = /usr/sbin/useradd -d /dev/null -c 'machines' -s /sbin/false %u
domain logons = Yes
os level = 99
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
admin users = @users
cups options = raw
oplocks = True

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[utils]
comment = utils
path = /home/utils
force user = root
force group = root
guest ok = Yes

[homes]
comment = Home Directories
read only = No
guest ok = Yes
Browseable = No

The package – samba-swat-3.0.10.-1.4E like web, After installed should be enable it via "ntsysv" and check smb,
then command service xinetd restart or service smb start

Root# (add user) adduser sharif –c “Nagur Sharif” –g 100
Set password: smbpasswd –a sharif…..type new password:xxxxxxx

When we login from xp…it will goes non-privalised mode, should be apply administrator level. Computer name should be different user name then it will login otherwise it not.

vi /etc/squid/squid.conf
#Sample configuration of squid proxy below:

http_port 192.168.0.1:3128
cache_mem 20MB
cache_dir_ufs /var/spool/squid 2000 16 256
chae_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
acl our_host src 192.168.0.10 192.168.0.100
acl our_host1 src 10.10.10.10 10.10.10.50
http_access allow our_host
http_access allow our_host1
http_access deny all

#Port 80 is block by default, isp provide forces of proxy:
cache_peer (server ip) (port) 0 default no-query
never_direct allow all
#Direct connection with auto proxy: Transparent Proxy
httpd_accel_host virtual
httpd_accel_port 80
gttpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Restriction Web Access By Time:
# Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
# Add this at the top of the http_access section of squid.conf
http_access allow home_network business_hours
Or, you can allow morning access only:
# Add this to the bottom of the ACL section of squid.conf
acl mornings time 08:00-12:00
# Add this at the top of the http_access section of squid.conf
http_access allow mornings

Restricting Web Access By IP Address:
You can create an access control list that restricts Web access to users on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0.
# Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.1.0/255.255.255.0

You also have to add a corresponding http_access statement that allows traffic that matches the ACL:
# Add this at the top of the http_access section of squid.conf
http_access allow home_network

Setting up a Linux Server for phpBB :: phpBB tutorial
Brief Tutorial on Apache, PHP, and MySQL Installation and Configuration

Introduction
Software Used
Document Conventions
Apache, PHP, MySQL Installation and Initial Setup
Apache
MySQL
PHP
Configuration and Testing
Preliminary phpBB Installation Steps
Obtaining phpBB
Installing phpBB
MySQL Database Setup
MySQL Basics
Creating the Database
Granting Access to the Database
Setting up phpBB
Using dbinformer.php
phpBB Installation
Changing the Installation Information (Host, User Name, Password)
Links
Contributions


Introduction
If you do not already know, phpBB is a php based message board that is open source. http://www.phpbb.com/This document, in addition to covering phpBB, briefly covers the installation and configuration of Apache, PHP, and MySQL, which are necessary to get up and running with phpBB. Note that phpBB works with many more system configurations than are mentioned here. It can be used with MySQL 3 and 4, PostgreSQL 7.x, and MS SQL 7/2000 and a web server that supports PHP.
Software Used
Apache 2.0.48
PHP 4.3.4
MySQL 4.0.16
phpBB 2.0.6
Document Conventions

This document will follow the following conventions:
Grey boxes will contain commands to be entered or lines to be inserted into a file.
In examples when a command is entered at a command prompt it will be preceded by a '$'.
When "PATH_TO_" is used it means that I can not know the location where this file or directory resides on your system. "PATH_TO_" is symbolic of the directory structure leading to that file or directory.
Command/Code snippets and all other information that is being used from a source other than me will be appropriately documented as such.

Apache, PHP, MySql Installation and Initial Setup:

Apache
If you are installing from source see the Apache Compiling and Installing document. Their

Overview for the impatient is as follows:
Download $ lynx http://httpd.apache.org/download.cgi
Extract $ gzip -d httpd-2_0_NN.tar.gz
$ tar xvf httpd-2_0_NN.tar
Configure $ ./configure --prefix=PREFIX --enable-so
Compile $ make
Install $ make install

Customize $ vi PREFIX/conf/httpd.conf
Test $ PREFIX/bin/apachectl start

NN must be replaced with the current minor version number, and PREFIX must be replaced with the filesystem path under which the server should be installed. If PREFIX is not specified, it defaults to /usr/local/apache2.note: --enable-so is not part of Apache's documentation
IMPORTANT: you must add the --enable-so to get PHP working as a module later.
Security Note: If the only services you are going to be providing are http access and phpBB then you can use a firewall to close all ports except for port 80.

MySQL
If you are installing MySQL from binary, source, or RPM you can obtain a copy from www.mysql.com/downloads/. See www.mysql.com/documentation/mysql/bychapter/manual_Installing.html for all of the installation instructions. For the extremely daring and trusting, here is a summary for a binary installation (From MySQL's installation page):
The basic commands you must execute to install and use a MySQL binary distribution are:

shell> groupadd mysql
shell> useradd -g mysql mysql
shell> cd /usr/local
shell> gunzip < /path/to/mysql-VERSION-OS.tar.gz tar xvf - shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> scripts/mysql_install_db
shell> chown -R root .
shell> chown -R mysql data
shell> chgrp -R mysql .
shell> bin/mysqld_safe --user=mysql &

If your version of MySQL is older than 4.0, substitute bin/safe_mysqld for bin/mysqld_safe in the final command.

If you want to install from source see www.mysql.com/documentation/mysql/bychapter/manual_Installing.html#Installing_source. No pasted summary here, its best to read what the MySQL team's documentation because there are system criteria you must meet and CFLAG settings that should be used.
Also, get the my-medium.cnf file from the MySQL documentation and replace my.cnf with this new file. (I find that the medium config gives decent performance, the large config eats up too much resources, and the little one is just weak)

PHP
You can download PHP from www.php.net/manual/en/install.unix.php. It is important to click on the "/downloads.php" and select one of the 4.3 source files. Do not attempt to install the "latest stable development version." The latest build may have problems during the make. PHP's source installation instructions are www.php.net/manual/en/install.apache2.php. You may also want to refer to dan.drydog.com/apache2php.html for information on getting it compiled and installed correctly. The most important thing is when running ./configure that you include the --with-apxs2=/"PATH_TO_apxs"/apxs and the --with-mysql which you may set
equal to your MySQL directory.

Do something similar to this:
$ cd /"PATH_TO_downloaded_php"/
$ tar zxvf php4-"version".tax.gz
$ cd php4-"numbers"/
$ ./configure \
--with-apxs2=/"PATH_TO_apxs"/apxs \
--with-mysql=/"PATH_TO_mysql"
$ make
$ make install
$ cp -p .libs/libphp4.so /"PATH_TO_apache"/modules
$ cp -p php.ini-recommended /"PATH_TO_prefix_to_php"/php.ini

NOTE: if you did not give a --prefix= option to ./configure
the last line will be:

$ cp -p php.ini-recommended /usr/local/lib/php.ini

NOTE: to find where apxs resides (or any other file that an explicit path is not given to in this document) run "find / -name 'apxs' -print".

Configuration and Testing
Now, Apache needs to be told about PHP. If httpd is running stop it:
NOTE: You can check if the httpd process is running by typing: "ps aux grep httpd". If a process other than grep is listed you need to stop the httpd daemon.
$ /etc/init.d/httpd stop

NOTE: If you installed from source this will be /"PATH_TO_apache"/bin/apachectl start.NOTE: If not, it may be in a different location and may be called apache2.
Open your .httpd.conf file (location varies depending on installation method). Customize the

variables in this file to suit your needs and add:
#Add where the other LoadModule lines are
#Make sure this line exist only once
LoadModule php4_module /"PATH_TO_apache"/modules/libphp4.so

#Find DirectoryIndex and add index.php
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php .php4
AddType application/x-httpd-php-source .phps

Open up /"PATH_TO_php.ini"/php.ini and add or uncomment:
extension=mysql.so
Also have "safe_mode = off" in your php.ini file. The only reason to have it set to on is in a shared hosting environment.
Restart Apache:
$ /etc/init.d/httpd start

Test Apache and PHP
If Apache starts without any errors point your browser to "http://localhost" and see if the Apache test page loads. To test php create a file called test.php in your http root directory containing the following:









Security Note: Also, delete all of the files that Apache put by default in your html directory (In the past example files have been used as exploits. This is an easy precaution to take).
When pointing your browser to "http://localhost/test.php" you should see information about

your php installation.
Final Configuration of MySQLMake sure that the MySQL daemon is running, if not:
$ /etc/init.d/mysql start

If you installed MySQL via the binary or source install you will start it by:
$ cd /"PATH_TO_mysql"/$ ./bin/mysqld_safe --user=mysql &
If you have not already done so, use mysqladmin to create an account for root so root can access

MySQL
$ mysqladmin -u root password 'password_you_want'

Preliminary phpBB Installation Steps
Obtaining phpBB
phpBB can be obtained from www.phpbb.com/downloads.php

Installing phpBB
The initial installation of phpBB is as simple as extracting the archive and copying the PHPBB2 directory you HTML directory.
$ tar zxf phpBB-2.x.x.tar.gz$ mv ./phpBB2 /"PATH_TO_html_files"/

MySQL Database Setup
For a less hands on method (not entering the mysql commands by hand) use phpMyAdmin. Take a look at the demo on their site for an example. If using phpMyAdmin create a file called .htaccess in the phpMyAdmin install directory and add these lines:
IndexIgnore *order deny,allowdeny from allallow from 127.0.0.1
This makes it so that phpMyAdmin can only be accessed from the localhost. If not using phpMyAdmin follow these steps.

MySQL Basics
First some very basics tips for using MySQL. To enter into the mysql prompt type:
mysql -u root -p
You will then be prompted for the password that you set earlier using mysqladmin. Now you should see a prompt like "mysql> ".
As stated in MySQL Basics -- A MySQL Tutorial: "MySQL has good security controls, but the default installation is wide open. So, if you're doing a new installation, let's close things up before we go any further. Of course, change NewRootName and NewPassword, below, to something unique."
mysql> use mysql;
Database changed
mysql> delete from user where Host='%';
mysql> delete from user where User='';
mysql> delete from db where Host='%';
mysql> update user set User='NewRootName',
-> Password=password('NewPassword') where User='root';
mysql> flush privileges;

NOTE: The use mysql; command is not part of the cited example.
NOTE: use mysql; is not part of the cited example, but it is the databases that needs to be loaded in order to execute these commands.
NOTE: From this point on when starting the MySQL monitor you will need to use the "NewRootName" and "NewPassword" that you entered above. Example: "mysql -u my_new_root_name -p".

To see what databases exist use the SHOW DATABASES command:
mysql> show databases;
+----------+
Database
+----------+
mysql
test
+----------+
2 rows in set (0.00 sec)
To make changes to a database you will want to use the command USE "database name":
mysql> use mysql;Database changed
From here you can show the tables in the database, modify stuff, and a whole lot of other stuff. See MySQL Basics -- A MySQL Tutorial for more basic information and the MySQL Documentation for detailed information. Here is an example to view the tables in the database:
mysql> show tables;
+-----------------+
Tables_in_mysql
+-----------------+
columns_priv
db
func
host
tables_priv
user
+-----------------+
6 rows in set (0.00 sec)
Creating the Database
Back to the necessary steps to getting rolling with phpBB. In MySQL we need to create a new database for phpBB to use. This is done using the CREATE DATABASE command. http://www.mysql.com/doc/en/CREATE_DATABASE.html
mysql> create database phpbb_db;Query OK, 1 row affected (0.01 sec)
Granting Access to the Database
We now have a database called phpbb_db that will hold the information for phpBB. Next we grant the permissions for the database so that phpBB can access it. http://www.mysql.com/doc/en/Adding_users.html
mysql> use phpbb_db;
Database changed
mysql> GRANT ALL PRIVILEGES ON phpbb_db.* to phpbb_account@localhost
-> IDENTIFIED BY 'this_password';
Query OK, 0 rows affected (0.01 sec)
Now the phpbb_account has full access to our phpbb_db database. You can now type quit.

Setting up phpBB
Using dbinformer.php
In the phpBB2 directory there is a folder called contrib. It "contains a couple extra add-ons for phpBB 2.0.x." One of these extras is dbinformer. Point your web browser to "http://localhost/phpBB2/contrib/dbinformer.php". We can use it to ensure that phpBB will we able to use the database that we have created.

(click on image for a full sized view)
Because it was able to find and establish a connection to the database we are in the green to proceed.

phpBB Installation
Point your browser to "http://localhost/phpBB2/" and it should take you to the phpBB 2 installation page, "http://localhost/phpBB2/install/install.php" Fill in the fields similar to as shown in the screen shot.

(click on image for a full sized view)
Note: Its better to put your domain name (www.something.com) under "Domain Name:" rather than a local ip address (as is show in the screenshot). This will be used when it sends out e-mails that contain links back to your message board and can be changed at a later time by going to the "Administration Panel".
It may now inform you that the config is un-writable. Select "Just send the file to me and I'll FTP it manually" and click on "Download Config". Once downloaded copy it to your phpBB2 directory.

mv config.php /"PATH_TO_html_files"/phpBB2/
For security reasons you must delete "phpBB2/install" and "phpBB2/contrib". In the phpBB2 directory type
rm -rf install contrib

This completes the installation for the most part. Reload "http://localhost/phpBB2/" and you should be confronted with the message board. Once you log in there will be an "Go to Administration Panel" link at the bottom of the page. Click there and configure your new shiny phpBB!

Changing the Installation Information (Host, User Name, Password)
If your database's host name, database name, user name, or user password change after you delete the installation files you are able to modify them by editing config.php, which is found in the root of the install directory. You can also change the domain name that you had entered, during the install, by going into the "Administration Panel" -> "General Admin" -> "Configuration" and you will see "Domain Name" listed as the first field.

Setting up DHCP and TFTP servers:

A DHCP server is required to provide IP addresses for the clients when booting Grub (BOOTP) and later when booting Linux. A TFTP server is required to make the boot images available on the network for Linux to boot. The TFTP server is also necessary to make it possible to save and restore the disk images.

3.1. Setting up DHCP
Details on DHCP are beyond the scope of this article. The "Linux Networking HOWTO" has a chapter on DHCP.

Setting up DHCP is very easy, but if you are in a network environment administered by someone else, it's advisable to use a preexisting DHCP server. If you "own" the network then you can follow this procedure.

Install DHCP, if not installed, from the rpm package, normally found in Linux distributions:
# rpm -ihv dhcp-*.rpm

Edit the /etc/dhcpd.conf file to configure DHCP service.

In our setup, the server has IP address 10.0.0.1 and provides IP addresses up to 253 clients. Configure /etc/dhcpd.conf according to your environment:

#/etc/dhcpd.conf
server-identifier dhcp.clonedomain.com;
default-lease-time 172800;
max-lease-time 604800;
option domain-name "clonedomain.com";
subnet 10.0.0.0 netmask 255.255.255.0 {
range dynamic-bootp 10.0.0.2 10.0.0.254;}

Start the dhcpd server:
/etc/rc.d/init.d/dhcpd start.

3.2. Setting up TFTP:

Setting up TFTP is almost as easy as DHCP.
First install from the rpm package:
# rpm -ihv tftp-server-*.rpm

Create a directory for the files:
# mkdir /tftpboot
# chown nobody:nobody /tftpboot

The directory /tftpboot is owned by user nobody, because this is the default user id set up by tftpd to access the files.
Edit the file /etc/xinetd.d/tftp to look like the following:
service tftp
{ socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /tftpboot
disable = no
per_source = 11
cps = 100 2 }

The changes from the default file are the parameter disable = no (to enable the service) and the server argument -c. This argument allows for the creation of files, which is necessary if you want to save boot or disk images. You may want to make TFTP read only in normal operation.

Then reload xinetd:
/etc/rc.d/init.d/xinetd reload

You can use the tftp command, available from the tftp (client) rpm package, to test the server. At the tftp prompt, you can issue the commands put and get.