How can we find out if the Linux OS installed is 32-bit or 64-bit.

Sometimes Linux new users get confused while downloading a software because the download page offers them both 32 bit and 64 bit versions of the same software. It is important to know whether your Linux OS is 32 bit or 64 bit, as this information is required while doing various tasks.

In my this blog post i am explaining you that how can we find out if the Linux OS installed is 32-bit or 64-bit.

Run the following command on 64-bit machine:

[root@sashwat ~] # uname -m

x86_64

x86_64 represents a 64-bit kernel

Run the following command on 32-bit machine:

[root@sashwat ~] # uname -m

i686

i686 (or anyone of i386, i486, i586) represents a 32-bit kernel

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to configure Squid to authenticate users on Linux.

In my this blog post i am explaining about to put authentication in squid proxy server. Each user will have to give a valid username and password in order to use the proxy server.

We will configure authentication using the NCSA module.

(Note: We have got squid server already configured and running. Please read How to configure squid server step by step )

Step I: Create a NCSA password file using to store usernames and password for basic authentication.

[root@sashwat ~] # touch /etc/squid/password
 /etc/squid/password is blank file, you can change its name and location as per you need.

Step II: We can add users using htpasswd command:

[root@sashwat ~] # htpasswd /etc/squid/password ravi
New password:
Re-type new password:
Adding password for user ravi
[root@sashwat ~] #

/etc/squid/password will now have the authentication details for user ravi, similarly we can add more users in same file.

Step III: Now open the squid configuration file /etc/squid/squid.conf and insert or modify these lines (on top of every line i have written a comment stating what it does, if you don't, do not write them):

[root@sashwat ~] # vi /etc/squid/squid.conf

# This line defines the file holding the authentication details and also the program to check those details
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password

# Define the maximum number of child process to spawn for authentication
auth_param basic children 5

# User will see this message "Squid proxy-caching web server" in authentication box
auth_param basic realm Squid proxy-caching web server

# Time to live after a successful authentication
auth_param basic credentialsttl 2 hours

# To make username case insensitive
auth_param basic casesensitive off

Step IV: Now, add the following ACL in the same file in acl section and also allow the ACL:

# This rule will add and allow all the users having a successful authentication
acl valid_users proxy_auth REQUIRED
http_access allow valid_users

Save and exit the file

Step V: Restart the Squid Service
  
[root@sashwat ~] # service squid restart

That's it, Now configure your browser to use this proxy and try to open any webpage, The authentication box will pop up.

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to Disable USB Storage on Linux.

If you administrating a small or large workstations running with Linux Desktops and want to disable the USB ports for security so that no one can copy the data via USB storage like - Pen Drive.
I am explaining the following steps to disable the USB port:

There are total three ways to do it:

1. By grub.conf:
Edit the grub.conf and add the following line (you need to login as root).

# vi /boot/grub/grub.conf

Then add the following lines on the right kernel version

kernel / vmlinuz <your-kernel-version> rhgb quiet nousb

save and exit the file and reboot the system to disable the USB ports and boot time.

2. Type the following command:

# echo 'install usb-storage :'>> /etc/modprobe.conf

you can also remove USB Storage driver, Enter:

# ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage-ko
# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage-ko /root

3. Disable by BIOS:
Disable USB from system BIOS configuration option and make sure BIOS is password protected.

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to enable / disable user account on Linux.

Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.

To lock, you can use the Below command:

#passwd -l username (where username is the login id).

This option is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string.
 
After that, if someone try to login using this account, the system will return:
 
# su - username
 
This account is currently not available.

To Unlock the same account
 
Following command re-enables an account by changing the password back to its previous value i.e. to value before using -l option.

#passwd -u username

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Step by Step Install & Configure Squid Proxy Server on Linux.

Squid is a Proxy Server in Linux used for web filtering. Its widely used for increasing web server speed by caching repeated data.

1. Install Squid Server: 
Squid Server can be easily install using yum command line tool -

# Yum Install Squid

2. Setup Port and start Service:

Squid Server by default run on port 3128, If we want to change Squid Server port, Edit Squid configuration file and change http_port value:

#vi /etc/squid/squid.conf

Change http_port value

http_port 8080

Save and quite configuration file

Now Start/Restart Squid Service

#service squid restart

3. Configure Squid to Block Specific Websites:
If we have a long list of domain, Create a file /etc/squid/deniedsites.squid and put domain names one per line and add below rules in Squid configuration file:

#vi /etc/squid/squid.conf

acl badsites dstdomain ""/etc/squid/deniedsites.squid""
http_access deny badsites

Save and quite configuration file

deniedsites.squid file content example:

#cat /etc/squid/deniedsites.squid

www.rediffmail.com
www.yahoo.com
www.xxx.com

4. Configure Squid to Block Specific Keyword:
If we have a long list of specific keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rules in Squid configuration file:

#vi /etc/squid/squid.conf

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

Save and quite configuration file

blockkeywords.lst file content example:

#cat /etc/squid/blockkeywords.lst

rediffmail
yahoo
xxx
hotmail

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Ldap Server Interview Questions and Answers for Unix/Linux

Q-1: - Is there Graphical editors for LDAP ?
Ans: - Yes, Following are some GUI based tools for LDAP

- GQ

- Java LDAP Browser/Editor

- Softerra LDAP Browser

Q-2: - What can i do if my application doesn't speak to LDAP ?

Ans: - Gateway that translate one directory access protocol into another.

Q-3: - How can i join information contained in different directories ?

Ans: - Distributed, Multivendor directories glued together by referrals and references.

Q-4: - What is "LDIF" ?

Ans: - The LDAP Interchange Format (LDIF) is a standard text file format for storing LDAP configuration information and directory contents. LDIF files are often used to import new data into your directory or make changes to existing data.

Q-5: - Name the object class types ?

Ans: - 

- Structural Object class

- Auxiliary Object class

- Abstract object classes

Q-6: - What is the name of main configuration file name for LDAP server ?

Ans: - slapd.conf

Q-7: - What is LDAP ?

Ans: - LDAP stands for Lightweight Directory Access Protocol. In plain and simple terms, its a database whereby it has all the details of all of organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on corporate intranetand whether or not you know the domain name, IP address, or geographic whereabouts. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA). Its a not a relational database. Outlook and other email programs uses LDAP to search for a recipient in an organization. 

Q-8: - Whats the relation ship between LDAP and JNDI?

Ans: - JNDI has classes provided by SUN that will help ur appln interact with and LDAP server. JNDI appln work similarly to JDBC applns once and be free to use 'drivers' from different vendors. SUN provides the "driver" that will help interact with the LDAP server. Sun also provides "drivers" for other naming services (like CORBA). 

Q-9: - Why LDAP is called light weight?

Ans: - LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients.

LDAP servers store "directories" which are access by LDAP clients.

LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP

(Directory Access Protocol) defined in the OSI network protocol stack.

Q-10: - what is SLAPD?

Ans: - SLAPD stands for Stand-Alone LDAP.Clients connect to the server over the LDAP protocol, usually using a network-based connection (though SLAPD provides a UNIX socket listener).

Q-11: - Which daemons are required for LDAP server?

Ans: - slapd and slurpd

Q-12: - Tell me the name of three LDAP Client utilities or Applications

Ans: - 

ldapsearch

ldapadd

ldapmodify

Q-13: - Define Schemas?

Ans: - Schemas provide definitions of the different object classes and attribute types that OpenLDAP should support. Using these, OpenLDAP can determine what entries it is allowed to store, whether any given entry is valid, and how entries should optimally be stored.

Q-14: - Explain modulepath directive?

Ans: - The modulepath directive provides the full path to the directory where the  modules (the compiled libraries) are stored.

Q-15: - Explain moduleload directive?

Ans: - The moduleload directive instructs OpenLDAP to load a particular module.

Q-16: - What is HDB?

Ans: - HDB is the new generation storage mechanism for OpenLDAP. Like its predecessor, the BDB backend, HDB uses the Oracle BerkeleyDB database for storage, but HDB stores entries hierarchically, a perfect fit for LDAP's tree structure. The old BDB backend is still supported, and you can use it by specifying bdb instead of hdb in the database directive.

Q-17: - Which utility is used to Encrypt the password?

Ans: - ldappasswd

Q-18: - How you will verify LDAP configuration file?

Ans: - Use "slaptest" utility.

slaptest -v -f /etc/ldap/slapd.conf

Q-19: - Which configuration file is required for LDAP clients?

Ans: - ldap.conf

Q-20: - Explain "SIZELIMIT" directive?

Ans: - This directive indicates the upper limits on the number of records returned.

Q-21: - Explain "TIMELIMIT" directive?

Ans: - This directive will give the information about the amount of time the client will wait for the server to respond.

Q-22: - Tell me the name of logical operators which are used  in ldap filters.

Ans: - AND (&), OR (|), and NOT (!)

Q-23: - What Does slapadd Do?

Ans: - The slapadd utility reads the slapd.conf file, loads the appropriate backend databases, and then reads LDIF data.

Q-24: - Which web based tool you have used for LDAP?

Ans: - phpLDAPadmin    

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Sendmail Server Interview Questions and Answers for Linux.

Q-1: - How to start sendmail server ?
Ans: - service sendmail restart

Q-2: - On which ports sendmail and sendmail with SSL works ?
Ans: - By default, Sendmail uses TCP and UDP port 25 for non-encrypted transfers. If the
Sendmail server is configured to use SSL for encrypting email sent and received, it uses
port 465.

Q-3: - Explain use of "trusted-users" file ?
Ans: - List of users that can send email as other users without a warning including
system users such as apache for the Apache HTTP Server.

Q-4: - Explain the use of "local-host-names" file ?
Ans: - If the email server should be known by different hostnames, list the host-
names in this file, one line per hostname. Any email sent to addresses at these
hostnames is treated as local mail. The FEATURE(`use_cw_file’) option must
be enabled in the sendmail.mc file for this file to be referenced.

Q-5: - explain the use of /etc/aliases file ?
Ans: - /etc/aliases, can be used to redirect email from one user to another. By default, it includes redirects for system accounts to the root user. It can then be used to redirect all email for the root user to the user account for the system administrator. 

Q-6: - Can we use SSL Encryption with Sendmail ?
Ans: - Yes, Sendmail can be configured to encrypt email sent and received using SSL (secure sockets layer). 

Q-7: - What is Sendmail ?
Ans: - Sendmail is an MTA, meaning it accepts email messages sent to it using the SMTP proto-
col and transports them to another MTA email server until the messages reach their destinations. It also accepts email for the local network and delivers them to local mail spools, one for each user.

Q-8: - What is the role of MUA ?
Ans: - An MUA (Mail User Agent) with access to the mailbox file, directly or through a network file system, can read messages from the disk and display them for the user. This is generally a console or webmail application running on the server.

Q-9: - Which are the important configuration files for Sendmail server ?
Ans: - The /etc/mail/ directory contains all the Sendmail configuration files, with sendmail.cf
and submit.cf being the main configuration files. The sendmail.cf file includes options
for the mail transmission agent and accepts SMTP connections for sending email. The
submit.cf file configures the mail submission program.

Q-10: - How to configure sendmail to accept mail for local delivery that is addressed to other hosts?

Ans: - Create a /etc/mail/local-host-names file. Put into that file the hostnames and domain names for which sendmail should accept mail for local delivery. Enter the names with one hostname or domain name per line. And also make sure that Sendmail configuration file should contain "use_cw_file" option.

dnl Load class $=w with other names for the local host
FEATURE(`use_cw_file')

Q-11: - When an organization stores aliases on an LDAP server, how you will configure sendmail to read aliases from the LDAP server?

Ans: - Use "sendmail -bt -d0" command to check the sendmail compiler options. If sendmail was not compiled with LDAP support, recompile and reinstall sendmail.

Add an ALIAS_FILE define, containing the string ldap  to the sendmail configuration.

# Set the LDAP cluster value
define(`confLDAP_CLUSTER', `wrotethebook.com')
# Tell sendmail that aliases are available via LDAP
define(`ALIAS_FILE', `ldap:')

Q-12: - How to forward emails of a local user to external address?
Ans: - Add an alias to the aliases file for each user whose mail must be forwarded to another system. The recipient field of the alias entry must be a full email address that includes the host part. After adding the desired aliases, rebuild the aliases database file with the newaliases command.

Q-13: - You have been asked to create a sendmail configuration that sends all local mail to a mail hub, while directly delivering mail addressed to external systems.

Ans: - Create a sendmail configuration containing the MAIL_HUB define to identify the mail relay host for local mail. Use the LOCAL_USER command to exempt the root user's mail from relaying.

dnl Define a relay server for local mail
define(`MAIL_HUB', `smtp.test.com')
dnl Users whose mail is not passed to the mail hub
LOCAL_USER(root)

Rebuild and reinstall sendmail.cf, and then restart sendmail.

Q-14: - How to  configure multiple mail queues?
Ans: - mkdir /var/spool/mqueue/queue.1

mkdir /var/spool/mqueue/queue.2
mkdir /var/spool/mqueue/queue.3

chmod 700 /var/spool/mqueue/queue.1
chmod 700 /var/spool/mqueue/queue.2
chmod 700 /var/spool/mqueue/queue.3

Add the QUEUE_DIR define to the sendmail configuration to use the new queue directories.

dnl Declare the queue directory path
define(`QUEUE_DIR', `/var/spool/mqueue/queue.*')

Q-15: - How to  disable certain SMTP commands?
Ans: - Add the confPRIVACY_FLAGS define to the sendmail configuration to set Privacy Options that disable unwanted, optional SMTP commands. Here we will disables the EXPN, VRFY, VERB, and ETRN commands.

dnl Disable EXPN, VRFY, VERB and ETRN
define(`confPRIVACY_FLAGS', `noexpn,novrfy,noverb,noetrn')

Rebuild and reinstall sendmail.cf, and then restart sendmail.

l

Q-16: - In which Sendmail configuration file we have to make changes?
Ans: - we will make the changes only in the sendmail.mc file, and the changes will be moved into the sendmail.cf file for us.

Q-17: -  When Sendmail dispatches your email, it places the servers hostname behind your username, which becomes the "from address" in the email (ie. user@mail.test.com).But we want to use the domain name and not the hostname?
Ans: - define(`confDOMAIN_NAME', `test.com')dnl

FEATURE(`relay_entire_domain')dnl

Q-18: - What does /etc/mail/access file contains?
Ans: - The access database ("/etc/mail/access") is a list of IP addresses and domainnames of allowable connections.

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

and cat  /etc/mail/access

localhost.localdomain      RELAY
localhost                              RELAY
127.0.0.1                             RELAY
192.168.0                            RELAY
test.com                              RELAY

Q-19: - How to restrict sendmail to sending a big file?
Ans: - define(`confMAX_MESSAGE_SIZE',`52428800')dnl

or If you are using a PHP based webmail application like SquirrelMail, you can adjust the max file size in php.ini file.

vi php.ini

post_max_size = 50M
upload_max_filesize = 50M
memory_limit = 64M

Q-20: - How to set 25 recipients for each email?
Ans: - define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl

Q-21: - Which antivirus you have integrated with sendmail ?
Ans: - ClaimAV

Q-22: - What is Clamav-Milter?
Ans: - Clamav-Milter is a tool to integrate sendmail and clamAV antivirus.

Q-23: - Which configuration files are required to integrate sendmail and ClaimAV antivirus?
Ans: - milter.conf and clamav-milter

Q-24: - How to test sendmail integration with ClaimAV?
Ans: - grep Milter /var/log/maillog

You have to get following type of messages.

sendmail: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on mail.test.com
sendmail: Milter add: header: X-Virus-Status: Clean  

Q-25: - Which tool you have used to block spamming?
Ans: - SpamAssassin

Q-26: - What does "/etc/mail/" directory contains?
Ans: - The /etc/mail/ directory contain all the Sendmail configuration files, with sendmail.cf and submit.cf being the main configuration files.

Q-27: - Explain the use of /etc/mail/relay-domains file?
Ans: - The /etc/mail/relay-domains file is used to determine domains from which it will relay mail. The contents of the relay-domains file should be limited to those domains that can be trusted not to originate spam.

Q-28: - What is the name of spamassassin configuration file?
Ans: - /etc/mail/spamassassin/local.cf

Q-29: - How to check mail Queue of sendmail?
Ans: - /usr/lib/sendmail -bp
or
mailq

Q-30: - How to use  m4 macro processor to generate a new sendmail.cf?
Ans: - m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.