SCP and RSYNC - Copying data between servers.

It's often necessary to copy files or whole directories between servers. While this can be done using FTP, it's often neither the most practical or secure solution.

Within the Linux/Unix environment there are two highly versatile command line tools you can use to copy data from one server to another. These are SCP and RSYNC.

SCP

SCP (or Secure Copy) is protocol that can be used to transfer files across an ssh connection. It works in a similar manner to the cp command, and can accept the recursive -R switch to allow it to copy a directory, along with all of the contained subdirectories and files within.

The basic syntax to copy a file to an external host is:

scp filename user@host:destination

To copy a file from an external host we would use:

scp user@host:destination filename

If the remote host uses a port other than 22 for ssh connections, you can use the -P switch to specify the correct port. e.g.

scp -P2222 filename user@host:destination

So, if we wanted to copy the file hello.txt from fred's home directory, across to bert's home directory on the external host 10.0.0.1, which runs ssh on port 2222, we would use this command:

scp -P222 /home/fred/hello.txt bert@10.0.0.1:/home/bert

This will prompt us for berts password, unless we have exchanged ssh keys copied fred's public key to bert's list of authorised_keys. See the bottom of this post for information.

You can also rename the copied file, as shown below:

scp -P222 /home/fred/hello.txt bert@10.0.0.1:/home/bert/goodbye.txt

The file hello.txt is copied across to bert's home directory and saved as goodbye.txt.

RSYNC

Rsync is a fast and highly versatile file copying tool, used for synchronizing files and directories. It can copy data locally, or to & from an external machine using a remote shell. It's speed is largely due to the use of the delta-transfer algorithm, which only identifies parts of the source file that are identical to the destination file, and only transfers the difference, rather than the whole file. It was intended as a replacement for rcp and scp but, because of the effectiveness of the delta-transfer, it is most commonly used for backups and site/server migrations.

The basic command format is:

rsync sourcedir destinationdir

There are many options that can be added to this command, but to sync a local file to a remote machine we would normally use something like this:

rsync -ave ssh /sourcedir/* username@remotemachine.com:/destinationdir/

So, if we were trying to sync the home directory on our local server and the home directory on a remote machine on the 10.0.0.1 IP address, we would use the following:

rsync -ave ssh /home/* root@10.0.0.1:/home/

The options used are explained below:

-a, --archive :archive mode is recursive and preserves permissions.
-e, --rsh=COMMAND :specifies the remote shell - in this case 'ssh'. Always the last option, as it must be followed by the shell definition and then the remote connection string.
-v, --verbose :increase verbosity - generates onscreen messages, detailing what rsync is doing.
-z, --compress :compress file data during the transfer

Two useful options not shown in the example are:

-n, --dry-run :perform a trial run with no changes made

This allows you to test your rsync command before running it. It will generate a list of which files will be sync'ed, so you can check that everything is correct.

The second option allows you to define a different ssh port. By default, rsync will try to make an ssh connection to port 22. If ssh on your server runs on a different port, lets say port 2222, you will need to add "ssh -p2222" to the directive to specify the port (NB: the speech marks need to be included).

If we add both of these options to the previous example, we get:

rsync --dry-run -ave "ssh -p2222" /home/* root@10.0.0.1:/home/

It's common to use the full --dry-run switch, rather than just -n, as it can be easy to miss when nestled amongst the other single letter switches, which can lead to confusion if you don't realise you're running a dry run and not a live sync.

Note: The ssh connections will prompt for a password unless you exchange server keys. Generate a key by running: ssh-keygen -t rsa You will be prompted to enter a passphrase, after which it will generate a public key - called id_rsa.pub - inside your user's .ssh directory. If you're running this as root, it will be inside /root/.ssh/. The contents of this file need to be added to the .ssh/authorized_keys file on the target server.

File Compression

While larger, cheaper hard drives have made a shortage of disk space less of a problem, it's still often necessary to compress files/directories to stop them filing up specific partitions - for example, the /var partition can easily be filled by the unchecked growth of log files. The smaller file size of compressed files also makes it easier and faster to move files between servers/PCs

The two most commonly used open-source file compression tools are gzip and bzip2. While the ubiquitous zip format is also available, it's usually only used when the files are likely to be shared with Windows-based systems.

Gzip is the de facto standard. Bzip2 creates much smaller compressed files, but is more memory intensive and can take significantly longer to compress files. Decompression speed is asymmetric, and much faster than compression, but still slower than gzip. So, unless space is at a particular premium, it's better to use gzip.

The basic syntax is very simple. For example, to compress the file foo.txt you would run:

gzip foo.txt

This would create a file called foo.txt.gz

The default compression level is -6, which is biased towards high compression at the expense of speed. This can be modified by using the -1 or --fast switch (faster compression method, with less compression), or -9/--best switch (best possible compression at the expense of speed).

So, if you wanted the maximum compression possible, you would run:

gzip -9 foo.txt (or gzip --best foo.txt)

To decompress the file you would typically either run:

gzip -d foo.txt.gz (or gunzip foot.txt.gz)

Bzip2 uses the same basic sytax. To compress a file:

bzip2 foo.txt

Which would created a file called foo.txt.bz2

To decompress the file run:

bzip2 -d foo.txt.bz2 or (bunzip2 foo.txt.bz2)

If the compression target consists of multiple files, i.e. the contents of a directory, they must first be concatenated using the tar command to reduce them to a single target.

The basic tar format is:

tar -cvf foo.tar foo/

NB: The 'f' switch must ALWAYS be the last parameter or it will fail, as this must precede the target file name, i.e. foo.tar.

This will collect together the contents of the directory foo/ and create a single file called foo.tar. This file will remain the same size as the original directory. Tar does not compress the data, so it must then be compressed using either gzip or bzip2. Using gzip you would run:

gzip foo.tar

This would create a file called foo.tar.gz (refered to as a tarball) which would be smaller than the original directory or tar file.

Usually tar file creation and the file compression are all done in one command using tar. Using our earlier example of foo/, to tar and gzip the file using just the tar command, we would run:

tar -zcvf foo.tar.gz foo/

The -z switch (--gzip is also valid) tells tar to compress the file using gzip. If you want to use bzip2 you would replace this with either -j or --bzip2.

How to install ntop.

Installing ntop:

ntop shows the current traffic usage, in a similar manner to how top shows process usage.

It can be installed on a RedHat/CentOS system by the following steps:

1. Download the rpm from DAG RedHat/CentOS repository:

wget http://dag.wieers.com/rpm/packages/ntop/ntop-3.3-1.el5.rf.i386.rpm

2. Install the following dependencies, if they aren't met:

yum install glib libpcap

3. Install the downloaded package:

rpm -Uvh ntop-3.3-1.el5.rf.i386.rpm

Starting ntop:

ntop -A
ntop -d -w 3055 -W 0

Switches used and their meaning:

-A : Admin mode; sets password for admin user.
-d : Start in daemon mode
-w number : Port number to access ntop over http
-W number : Port number to access ntop over https

You should now be able to access it over the chosen port, e.g. http://localhost:3055

Note: If not port is specified, it will usually start on port 3000.

Compiling from source:

As of 22 May 2009 a stable tarball of Version 3.3.10 can be downloaded from:

http://sourceforge.net/projects/ntop/files/ntop/ntop-3.3.10/ntop-3.3.10.tar.gz/download

Download it and then:

1. tar zxf ntop-3.3.10.tar.gz
2. cd ntop
3. ./autogen.sh
4. make && make install

SPLUNK

What is Splunk?

Splunk is a search engine for IT data. Just like a web search engine, it indexes data into a searchable repository, but instead of web pages, it crawls server logs, metrics and application data, including SQL alerts. This can then be used by system administrators to monitor servers, or generate reports, with the intention of assisting in the identification of and patterns and the diagnosis of problems.

Splunk is available in two licensing models -- a chargeable Enterprise edition designed for large organizations, and a Free license for single users and small businesses. The Enterprise license allows access to Splunk's support team, whereas support for the Free license is provided by Community support - documentation, forums, etc.

A full list of the differences between the two versions can be found here:

http://www.splunk.com/view/SP-CAAADFV#difference

Installation: (Free version)

You will not be able to automatically install Splunk using your package manager, as a Splunk account is required to allow you to download it.

Go to http://www.splunk.com/download?r=SP-CAAADFV and click on the link for the version required. This will take you to a sign-up page. Set up an account and you will then be able to continue the download.

Assuming you're running one of the major Linux distros, you will have downloaded either an rpm or .deb file, which can be installed using the relevant package manager, e.g. -

rpm -i splunk_package_name.rpm # for Red hat systems

dpkg -i splunk_package_name.deb # for Ubuntu/Debian systems

Once installed, you can start Splunk and automatically accept the free license by running:

/opt/splunk/bin/splunk start --accept-license

Launch Splunk:

Once Splunk is running you can access the Web control panel in a browser window at:

http://:8000

If you are running the Free version of Splunk, it will launch without prompting you for a password. Although standard Apache password authentication can be added later by editing the splunk_proxy.conf file.

Using Splunk:

Full details of using Splunk are beyond the scope of this article, but a comprehensive guide can be found at:

http://www.splunk.com/base/Documentation/latest/Installation/ReadytostartusingSplunk

External System Logging:

To configure Splunk to accept and record the logs of external servers - if, for example, it's to be used as a centralised logging server for a cluster of servers - you will need to configure both the Splunk server and the external logging clients to permit this:

On the Splunk server, open the syslog file:

vi /etc/sysconfig/syslog

- and change:

SYSLOGD_OPTIONS="-m 0"

- to:

SYSLOGD_OPTIONS="-m 0 -r"

And then restart syslog:

/etc/init.d/syslog restart

The -r switches enables logging from remote machines.

You also need to edit syslog on each of the client servers, and add this line:

# send it all to the logging server:
*.* @

Again, restart syslog when finished.

All system logs will now be sent to the IP address of the Splunk server, so make sure your firewalls are set up to allow access between the servers.

Apache top

Apachetop is a curses-based top-like utility for displaying for Apache information, including reviewing of requests per second, bytes per second, most popular URLs, etc. It watches a log file generated by Apache (in standard common or combined log format, although it doesn't (yet) make use of any of the extra fields in combined) and generates human-parsable output in real-time.

Installation:

On a Debian/Ubuntu system you can simply run:

apt-get install apachetop

However, there isn't an rpm for Red Hat/CentOS systems, so you will need to compile from source:

First install the dependencies -

yum install readline-devel ncurses-devel

Next download the latest version of Apachetop from http://www.webta.org/projects/apachetop/wiki/Download (the current version is 0.12.6) and compile it:

wget http://www.webta.org/apachetop/apachetop-0.12.6.tar.gz
tar xvzf apachetop-0.12.6.tar.gz
cd apachetop-0.12.6/
./configure
./ make && make install

Starting the service:

It can be started by simply running apachetop from the command line. It will often default to reading the standard apache access_log, so it is often useful to pass it the -f parameter on start-up to specify a specific access log - particularly if you have many virtual hosts on the server.

E.g. apachetop -f /var/www/vhosts/mydomain.com/logs/access_log

This option can be specified multiple times to watch multiple log files.

Other useful switches include:

-p # Keep the protocol (http:// usually) at the front of its’ referrer strings. Normal these are removed.
-r secs # Set default refresh time in seconds.
-H hits # Display stats for x number of hits.
-T secs # Display stats for x number of seconds.

Sendmail and Cyrus SASL

Installing a basic Sendmail configuration with Cyrus-SASL authenticated sending.

What is SASL?

SASL (Simple Authentication and Security Layer) is a protocol authentication framework commonly used by many applications, including sendmail. It acts as an abstraction layer, interfacing between the protocols and the authentication mechanisms being used. This example uses the Cyrus SASL Library.

Installation:

First install Sendmail and Cyrus-SASL

yum install sendmail sendmail-cf cyrus-sasl cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl-devel m4

Next, make backup copies of the Sendmail configuration files:

cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.ORIGINAL
mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.ORIGINAL

Next, edit the sendmail.mc file:

vi /etc/mail/sendmail.mc

Edit the following:

Change:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

to:

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

This will allow sendmail to listen to any IP address, not just localhost.

And remove the dnl directives from the start of:

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

making it:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Note: dnl stands for 'delete through newline', and it's used to effectively comment out marked lines when generating a new configuration file from the mc file, by not passing the lines to the m4 processor used to compile sendmail.

Save the changes and exit. We now need to generate a new sendmail configuration file by running:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Next, we need to edit the SASL configuration file:

vi /etc/sysconfig/saslauthd

Change:

MECH=pam

to:

MECH=shadow

If you are using the username format of username@domain.com, also add the following line:

FLAGS=-r

Save and exit. Now start the sendmail and SASL services:

/etc/init.d/sendmail start && /etc/init.d/saslauthd start

Test the connection is offering the correct authentication method using telnet. You should see something like this:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hostname.domain.com ESMTP Sendmail 8.13.8/8.13.8; Thu, 9 Oct 2008 14:24:15 +0100
EHLO localhost
250-hostname.domain.com Hello mail [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 hostname.domain.com closing connection
Connection closed by foreign host.

As long as the 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN line is present, authenticated relaying will now be enabled.

cPanel on the command line.

cPanel - On the command line

While most tasks can be done using cPanel's WHM, here are a couple of smaller tasks and a fix script which cPanel provide to be run from the command line.

1. Backup and restore a single account:

Login as root and run:

/scripts/pkgacct

This will create a file containing a backup of the specified account.

To restore the account run:

/scripts/restorepkg

If you're migrating it to a new server, copy the backup file using scp (Secure CoPy) and install it using the restore utility.

2. Create multiple email addresses on the command line:

Email addresses can be created on the command line using the addpop script -

/scripts/addpop

3. Webmail admin user cannot view other email accounts:

If a cPanel admin user reports they cannot view the other user's email accounts through their webmail admin account -

i.e. at: http://:2095/webmail/

- check for missing symlinks in the admin users accounts:

ls -la /home//mail

You should see a list of symlinks to the email accounts on the server. If not, you can run this script:

/scripts/linksubemailtomainacct

- to recreate the links.

The accounts should then be viewable at the following locations via the webmail:

Horde - under expanded Mail menu SquirrelMail - folders
Roundcube - Personal settings > Folders (subscribe)