How can we find out if the Linux OS installed is 32-bit or 64-bit.

Sometimes Linux new users get confused while downloading a software because the download page offers them both 32 bit and 64 bit versions of the same software. It is important to know whether your Linux OS is 32 bit or 64 bit, as this information is required while doing various tasks.

In my this blog post i am explaining you that how can we find out if the Linux OS installed is 32-bit or 64-bit.

Run the following command on 64-bit machine:

[root@sashwat ~] # uname -m

x86_64

x86_64 represents a 64-bit kernel

Run the following command on 32-bit machine:

[root@sashwat ~] # uname -m

i686

i686 (or anyone of i386, i486, i586) represents a 32-bit kernel

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to configure Squid to authenticate users on Linux.

In my this blog post i am explaining about to put authentication in squid proxy server. Each user will have to give a valid username and password in order to use the proxy server.

We will configure authentication using the NCSA module.

(Note: We have got squid server already configured and running. Please read How to configure squid server step by step )

Step I: Create a NCSA password file using to store usernames and password for basic authentication.

[root@sashwat ~] # touch /etc/squid/password
 /etc/squid/password is blank file, you can change its name and location as per you need.

Step II: We can add users using htpasswd command:

[root@sashwat ~] # htpasswd /etc/squid/password ravi
New password:
Re-type new password:
Adding password for user ravi
[root@sashwat ~] #

/etc/squid/password will now have the authentication details for user ravi, similarly we can add more users in same file.

Step III: Now open the squid configuration file /etc/squid/squid.conf and insert or modify these lines (on top of every line i have written a comment stating what it does, if you don't, do not write them):

[root@sashwat ~] # vi /etc/squid/squid.conf

# This line defines the file holding the authentication details and also the program to check those details
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password

# Define the maximum number of child process to spawn for authentication
auth_param basic children 5

# User will see this message "Squid proxy-caching web server" in authentication box
auth_param basic realm Squid proxy-caching web server

# Time to live after a successful authentication
auth_param basic credentialsttl 2 hours

# To make username case insensitive
auth_param basic casesensitive off

Step IV: Now, add the following ACL in the same file in acl section and also allow the ACL:

# This rule will add and allow all the users having a successful authentication
acl valid_users proxy_auth REQUIRED
http_access allow valid_users

Save and exit the file

Step V: Restart the Squid Service
  
[root@sashwat ~] # service squid restart

That's it, Now configure your browser to use this proxy and try to open any webpage, The authentication box will pop up.

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to Disable USB Storage on Linux.

If you administrating a small or large workstations running with Linux Desktops and want to disable the USB ports for security so that no one can copy the data via USB storage like - Pen Drive.
I am explaining the following steps to disable the USB port:

There are total three ways to do it:

1. By grub.conf:
Edit the grub.conf and add the following line (you need to login as root).

# vi /boot/grub/grub.conf

Then add the following lines on the right kernel version

kernel / vmlinuz <your-kernel-version> rhgb quiet nousb

save and exit the file and reboot the system to disable the USB ports and boot time.

2. Type the following command:

# echo 'install usb-storage :'>> /etc/modprobe.conf

you can also remove USB Storage driver, Enter:

# ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage-ko
# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage-ko /root

3. Disable by BIOS:
Disable USB from system BIOS configuration option and make sure BIOS is password protected.

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

How to enable / disable user account on Linux.

Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.

To lock, you can use the Below command:

#passwd -l username (where username is the login id).

This option is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string.
 
After that, if someone try to login using this account, the system will return:
 
# su - username
 
This account is currently not available.

To Unlock the same account
 
Following command re-enables an account by changing the password back to its previous value i.e. to value before using -l option.

#passwd -u username

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Step by Step Install & Configure Squid Proxy Server on Linux.

Squid is a Proxy Server in Linux used for web filtering. Its widely used for increasing web server speed by caching repeated data.

1. Install Squid Server: 
Squid Server can be easily install using yum command line tool -

# Yum Install Squid

2. Setup Port and start Service:

Squid Server by default run on port 3128, If we want to change Squid Server port, Edit Squid configuration file and change http_port value:

#vi /etc/squid/squid.conf

Change http_port value

http_port 8080

Save and quite configuration file

Now Start/Restart Squid Service

#service squid restart

3. Configure Squid to Block Specific Websites:
If we have a long list of domain, Create a file /etc/squid/deniedsites.squid and put domain names one per line and add below rules in Squid configuration file:

#vi /etc/squid/squid.conf

acl badsites dstdomain ""/etc/squid/deniedsites.squid""
http_access deny badsites

Save and quite configuration file

deniedsites.squid file content example:

#cat /etc/squid/deniedsites.squid

www.rediffmail.com
www.yahoo.com
www.xxx.com

4. Configure Squid to Block Specific Keyword:
If we have a long list of specific keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rules in Squid configuration file:

#vi /etc/squid/squid.conf

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

Save and quite configuration file

blockkeywords.lst file content example:

#cat /etc/squid/blockkeywords.lst

rediffmail
yahoo
xxx
hotmail

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Ldap Server Interview Questions and Answers for Unix/Linux

Q-1: - Is there Graphical editors for LDAP ?
Ans: - Yes, Following are some GUI based tools for LDAP

- GQ

- Java LDAP Browser/Editor

- Softerra LDAP Browser

Q-2: - What can i do if my application doesn't speak to LDAP ?

Ans: - Gateway that translate one directory access protocol into another.

Q-3: - How can i join information contained in different directories ?

Ans: - Distributed, Multivendor directories glued together by referrals and references.

Q-4: - What is "LDIF" ?

Ans: - The LDAP Interchange Format (LDIF) is a standard text file format for storing LDAP configuration information and directory contents. LDIF files are often used to import new data into your directory or make changes to existing data.

Q-5: - Name the object class types ?

Ans: - 

- Structural Object class

- Auxiliary Object class

- Abstract object classes

Q-6: - What is the name of main configuration file name for LDAP server ?

Ans: - slapd.conf

Q-7: - What is LDAP ?

Ans: - LDAP stands for Lightweight Directory Access Protocol. In plain and simple terms, its a database whereby it has all the details of all of organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on corporate intranetand whether or not you know the domain name, IP address, or geographic whereabouts. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA). Its a not a relational database. Outlook and other email programs uses LDAP to search for a recipient in an organization. 

Q-8: - Whats the relation ship between LDAP and JNDI?

Ans: - JNDI has classes provided by SUN that will help ur appln interact with and LDAP server. JNDI appln work similarly to JDBC applns once and be free to use 'drivers' from different vendors. SUN provides the "driver" that will help interact with the LDAP server. Sun also provides "drivers" for other naming services (like CORBA). 

Q-9: - Why LDAP is called light weight?

Ans: - LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients.

LDAP servers store "directories" which are access by LDAP clients.

LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP

(Directory Access Protocol) defined in the OSI network protocol stack.

Q-10: - what is SLAPD?

Ans: - SLAPD stands for Stand-Alone LDAP.Clients connect to the server over the LDAP protocol, usually using a network-based connection (though SLAPD provides a UNIX socket listener).

Q-11: - Which daemons are required for LDAP server?

Ans: - slapd and slurpd

Q-12: - Tell me the name of three LDAP Client utilities or Applications

Ans: - 

ldapsearch

ldapadd

ldapmodify

Q-13: - Define Schemas?

Ans: - Schemas provide definitions of the different object classes and attribute types that OpenLDAP should support. Using these, OpenLDAP can determine what entries it is allowed to store, whether any given entry is valid, and how entries should optimally be stored.

Q-14: - Explain modulepath directive?

Ans: - The modulepath directive provides the full path to the directory where the  modules (the compiled libraries) are stored.

Q-15: - Explain moduleload directive?

Ans: - The moduleload directive instructs OpenLDAP to load a particular module.

Q-16: - What is HDB?

Ans: - HDB is the new generation storage mechanism for OpenLDAP. Like its predecessor, the BDB backend, HDB uses the Oracle BerkeleyDB database for storage, but HDB stores entries hierarchically, a perfect fit for LDAP's tree structure. The old BDB backend is still supported, and you can use it by specifying bdb instead of hdb in the database directive.

Q-17: - Which utility is used to Encrypt the password?

Ans: - ldappasswd

Q-18: - How you will verify LDAP configuration file?

Ans: - Use "slaptest" utility.

slaptest -v -f /etc/ldap/slapd.conf

Q-19: - Which configuration file is required for LDAP clients?

Ans: - ldap.conf

Q-20: - Explain "SIZELIMIT" directive?

Ans: - This directive indicates the upper limits on the number of records returned.

Q-21: - Explain "TIMELIMIT" directive?

Ans: - This directive will give the information about the amount of time the client will wait for the server to respond.

Q-22: - Tell me the name of logical operators which are used  in ldap filters.

Ans: - AND (&), OR (|), and NOT (!)

Q-23: - What Does slapadd Do?

Ans: - The slapadd utility reads the slapd.conf file, loads the appropriate backend databases, and then reads LDIF data.

Q-24: - Which web based tool you have used for LDAP?

Ans: - phpLDAPadmin    

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Sendmail Server Interview Questions and Answers for Linux.

Q-1: - How to start sendmail server ?
Ans: - service sendmail restart

Q-2: - On which ports sendmail and sendmail with SSL works ?
Ans: - By default, Sendmail uses TCP and UDP port 25 for non-encrypted transfers. If the
Sendmail server is configured to use SSL for encrypting email sent and received, it uses
port 465.

Q-3: - Explain use of "trusted-users" file ?
Ans: - List of users that can send email as other users without a warning including
system users such as apache for the Apache HTTP Server.

Q-4: - Explain the use of "local-host-names" file ?
Ans: - If the email server should be known by different hostnames, list the host-
names in this file, one line per hostname. Any email sent to addresses at these
hostnames is treated as local mail. The FEATURE(`use_cw_file’) option must
be enabled in the sendmail.mc file for this file to be referenced.

Q-5: - explain the use of /etc/aliases file ?
Ans: - /etc/aliases, can be used to redirect email from one user to another. By default, it includes redirects for system accounts to the root user. It can then be used to redirect all email for the root user to the user account for the system administrator. 

Q-6: - Can we use SSL Encryption with Sendmail ?
Ans: - Yes, Sendmail can be configured to encrypt email sent and received using SSL (secure sockets layer). 

Q-7: - What is Sendmail ?
Ans: - Sendmail is an MTA, meaning it accepts email messages sent to it using the SMTP proto-
col and transports them to another MTA email server until the messages reach their destinations. It also accepts email for the local network and delivers them to local mail spools, one for each user.

Q-8: - What is the role of MUA ?
Ans: - An MUA (Mail User Agent) with access to the mailbox file, directly or through a network file system, can read messages from the disk and display them for the user. This is generally a console or webmail application running on the server.

Q-9: - Which are the important configuration files for Sendmail server ?
Ans: - The /etc/mail/ directory contains all the Sendmail configuration files, with sendmail.cf
and submit.cf being the main configuration files. The sendmail.cf file includes options
for the mail transmission agent and accepts SMTP connections for sending email. The
submit.cf file configures the mail submission program.

Q-10: - How to configure sendmail to accept mail for local delivery that is addressed to other hosts?

Ans: - Create a /etc/mail/local-host-names file. Put into that file the hostnames and domain names for which sendmail should accept mail for local delivery. Enter the names with one hostname or domain name per line. And also make sure that Sendmail configuration file should contain "use_cw_file" option.

dnl Load class $=w with other names for the local host
FEATURE(`use_cw_file')

Q-11: - When an organization stores aliases on an LDAP server, how you will configure sendmail to read aliases from the LDAP server?

Ans: - Use "sendmail -bt -d0" command to check the sendmail compiler options. If sendmail was not compiled with LDAP support, recompile and reinstall sendmail.

Add an ALIAS_FILE define, containing the string ldap  to the sendmail configuration.

# Set the LDAP cluster value
define(`confLDAP_CLUSTER', `wrotethebook.com')
# Tell sendmail that aliases are available via LDAP
define(`ALIAS_FILE', `ldap:')

Q-12: - How to forward emails of a local user to external address?
Ans: - Add an alias to the aliases file for each user whose mail must be forwarded to another system. The recipient field of the alias entry must be a full email address that includes the host part. After adding the desired aliases, rebuild the aliases database file with the newaliases command.

Q-13: - You have been asked to create a sendmail configuration that sends all local mail to a mail hub, while directly delivering mail addressed to external systems.

Ans: - Create a sendmail configuration containing the MAIL_HUB define to identify the mail relay host for local mail. Use the LOCAL_USER command to exempt the root user's mail from relaying.

dnl Define a relay server for local mail
define(`MAIL_HUB', `smtp.test.com')
dnl Users whose mail is not passed to the mail hub
LOCAL_USER(root)

Rebuild and reinstall sendmail.cf, and then restart sendmail.

Q-14: - How to  configure multiple mail queues?
Ans: - mkdir /var/spool/mqueue/queue.1

mkdir /var/spool/mqueue/queue.2
mkdir /var/spool/mqueue/queue.3

chmod 700 /var/spool/mqueue/queue.1
chmod 700 /var/spool/mqueue/queue.2
chmod 700 /var/spool/mqueue/queue.3

Add the QUEUE_DIR define to the sendmail configuration to use the new queue directories.

dnl Declare the queue directory path
define(`QUEUE_DIR', `/var/spool/mqueue/queue.*')

Q-15: - How to  disable certain SMTP commands?
Ans: - Add the confPRIVACY_FLAGS define to the sendmail configuration to set Privacy Options that disable unwanted, optional SMTP commands. Here we will disables the EXPN, VRFY, VERB, and ETRN commands.

dnl Disable EXPN, VRFY, VERB and ETRN
define(`confPRIVACY_FLAGS', `noexpn,novrfy,noverb,noetrn')

Rebuild and reinstall sendmail.cf, and then restart sendmail.

l

Q-16: - In which Sendmail configuration file we have to make changes?
Ans: - we will make the changes only in the sendmail.mc file, and the changes will be moved into the sendmail.cf file for us.

Q-17: -  When Sendmail dispatches your email, it places the servers hostname behind your username, which becomes the "from address" in the email (ie. user@mail.test.com).But we want to use the domain name and not the hostname?
Ans: - define(`confDOMAIN_NAME', `test.com')dnl

FEATURE(`relay_entire_domain')dnl

Q-18: - What does /etc/mail/access file contains?
Ans: - The access database ("/etc/mail/access") is a list of IP addresses and domainnames of allowable connections.

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

and cat  /etc/mail/access

localhost.localdomain      RELAY
localhost                              RELAY
127.0.0.1                             RELAY
192.168.0                            RELAY
test.com                              RELAY

Q-19: - How to restrict sendmail to sending a big file?
Ans: - define(`confMAX_MESSAGE_SIZE',`52428800')dnl

or If you are using a PHP based webmail application like SquirrelMail, you can adjust the max file size in php.ini file.

vi php.ini

post_max_size = 50M
upload_max_filesize = 50M
memory_limit = 64M

Q-20: - How to set 25 recipients for each email?
Ans: - define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl

Q-21: - Which antivirus you have integrated with sendmail ?
Ans: - ClaimAV

Q-22: - What is Clamav-Milter?
Ans: - Clamav-Milter is a tool to integrate sendmail and clamAV antivirus.

Q-23: - Which configuration files are required to integrate sendmail and ClaimAV antivirus?
Ans: - milter.conf and clamav-milter

Q-24: - How to test sendmail integration with ClaimAV?
Ans: - grep Milter /var/log/maillog

You have to get following type of messages.

sendmail: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on mail.test.com
sendmail: Milter add: header: X-Virus-Status: Clean  

Q-25: - Which tool you have used to block spamming?
Ans: - SpamAssassin

Q-26: - What does "/etc/mail/" directory contains?
Ans: - The /etc/mail/ directory contain all the Sendmail configuration files, with sendmail.cf and submit.cf being the main configuration files.

Q-27: - Explain the use of /etc/mail/relay-domains file?
Ans: - The /etc/mail/relay-domains file is used to determine domains from which it will relay mail. The contents of the relay-domains file should be limited to those domains that can be trusted not to originate spam.

Q-28: - What is the name of spamassassin configuration file?
Ans: - /etc/mail/spamassassin/local.cf

Q-29: - How to check mail Queue of sendmail?
Ans: - /usr/lib/sendmail -bp
or
mailq

Q-30: - How to use  m4 macro processor to generate a new sendmail.cf?
Ans: - m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

For any query please feel free to contact me my email id is sashwatkatore@gmail.com.

Apache Server Interview Questions and Answers for Linux.

Q-1: - What is location of log files for Apache server ?
Ans: - /var/log/httpd

Q-2: - What are the types of virtual hosts ?
Ans: - name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.

Q-3: - How to restart Apache web server ?
Ans: - service httpd restart

Q-4: - How to check the version of Apache server ?
Ans: - rpm -qa |grep httpd

Q-5: - What is meaning of "Listen" in httpd.conf file ?
Ans: - Port number on which to listen for nonsecure (http) transfers.

Q-6: - What is DocumentRoot ?
Ans: - it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.

Q-7: - On which port Apache server works ?
Ans: - http - port 80 & https - port 443

Q-8: - Tell me name of main configuration file of Apache server ?
Ans: - httpd.conf

Q-9: - On which version of apache you have worked ?
Ans: - httpd-2.2.3

Q-10: - What do you mean by a valid ServerName directive?
Ans: - The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.

Q-11: - What is the main difference between <Location> and <Directory> sections?
Ans: - Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page

Q-12: - What is the use of mod_perl module?

Ans: - mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.

Q-13: - If you have added “loglevel Debug” in httpd.conf file, than what will happen?
Ans: - It will give you more information in the error log in order to debug a problem.

Q-14: - Can you record the MAC (hardware) address of clients that access your server.
Ans: - No

Q-15: - Can you record all the cookies sent to your server by clients in Web Server logs?
Ans: - Yes, add following lines in httpd.conf file.

CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"

Q-16: - Can we do automatically roll over the Apache logs at specific times without having to shut down and restart the server?
Ans: - Yes

Use CustomLog and the rotatelogs programs

Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined

Q-17: - What we can do to find out how people are reaching your site?
Ans: - Add the following effector to your activity log format. %{Referer}

Q-18: - If you have only one IP address, but you want to host two web sites on your server. What will you do?Ans: - In this case I will use Name Based Virtual hosting.

ServerName 10.111.203.25
NameVirtualHost *:80

<VirtualHost *:80>
ServerName web1.test.com
DocumentRoot /var/www/html/web1
</VirtualHost>

<VirtualHost *:80>
ServerName web2.test2.com
DocumentRoot /var/www/html/web2
</VirtualHost>

Q-19: - Can I serve content out of a directory other than the DocumentRootdirectory?
Ans: - Yes, by using “Alias” we can do this.

Q-20: - If you have to more than one URL map to the same directory but you don't have multiple Alias directives. What you will do?
Ans: - In this case I will use “AliasMatch” directives.

The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.

Q-21: - How you will put a limit on uploads on your web server?
Ans: - This can be achieved by LimitRequestBody directive.

<Directory "/var/www/html/data_uploads">
LimitRequestBody 100000
</Directory>

Here I have put limit of 100000 Bytes

Q-22: - I want to stop people using my site by Proxy server. Is it possible?
Ans: - <Directory proxy:http://www.test.com/myfiles>
Order Allow,Deny
Deny from all
Satisfy All
</Directory>

Q-23: - What is mod_evasive module?
Ans: - mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.

Q-24: - How t to enable PHP scripts on your server?
Ans: - If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php

Q-25: - Which tool you have used for Apache benchmarking?
Ans: - ab (Apache bench)

ab -n 1000 -c 10 http://www.test.com/test.html

Q-26: - Can we cache files which are viewed frequently?
Ans: - Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html

Q-27: - Can we have two apache servers having diff versions?
Ans: - Yes, you can have two different apache servers on one server, but they can't listen to the same port at the same time.Normally apache listens to port 80 which is the default HTTP port. The second apache version should listen to another port with the Listen option in httpd.conf, for example to port 81.

For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type www.example.com:81 in the browser window and you will be connected to the second apache instance.

  For any query please feel free to contact me my email id is sashwatkatore@gmail.com.