Sending email using Command line + Scripting with example

Trial 1:

mail -s "This is a subject" john.doe@test.net < /root/myBodyFile

This simple command will send the email to john.doe@test.net with the subject "This is a subject" and body with the content of the file /root/myBodyFile

Trial 2:

You could check if your linux machine delievered the message to john doe or not.

# mail

If you see any MAILER-DAEMON@ , check if it is for john.doe@test.net (i.e email recepient) or not.

There could be various possible issues.

In my case I am using PostFix as my MTA.
I have configured mailrelayhost for my MTA.

For postfix, you can go to

#vi /etc/postfix/main.ca
------
-----
mailrelayhost= < specify ur mailrelay host or IP address of your mail server >
-----
-----

And also make sure that your linux machine's IP address is allowed to send email using email server (contact your email server administrator). He will add IP address of your linux machine as trusted host in his email server

Trail 3:

I would like to create alias so that I can send email to the group of people. It's easy.

Login as a root in your linux machine

#vi /etc/aliases
-----
----
#myEmailGroup: List of all emails separated by comma
-----
-----
ServerAlert: user1@gmail.com,user2@hotmail.com,214000000@txt.att.net
-----
-----

Next step is to load all the aliases

#newaliases

#echo $?
If it returns 0, then above command was executed succesfully


Finally you can send email to the group of users by

#mail -s "Hi.. all of you" ServerAlert < /root/myBodyFile


Application of email alert for the Asterisk PRI monitoring:

1. Create the script file

#vi astPRIcontrol.sh
#!/bin/bash
#author DShah erdevendra@gmail.com
#created on 10/22/10
#This script checks the PRI status; If PRI is down, it pages the admins

pristatus=echo /usr/sbin/asterisk -rx "pri show spans" |grep -i down

if [ -z $pristatus ]
then
#echo "PRI up"
notify=0
else
#echo "PRI down"
notify=1
fi

if [ $notify -eq 1 ]
then
mail -s " PRI down" Server_Alert < /root/pristatus

fi


2. Change the permission (make the script executable)

#chmod 700 /root/astPRIstatus.sh

3. Create a file called /root/pristatus

#vi /root/pristatus
PRI at asterisk server is down

4. Add the script file in crontab: it runs the script every minute

#crontab -e

*/1 * * * * bash /root/astPRIstatus.sh >/dev/null

Basic guide for Logrotate in Linux

Log files in Linux usually reside at /var/log... It keeps on growing so log management is essential. Log management is usually achieved using logrotate. Logrotate is managed by cronjobs in Linux.

For logrotate, you can configure /etc/logrotate.conf or create the individual configuration files for each application or each log file in /etc/logrotate.d

step 1:

Let's say, I have VOIP application 'asterisk' running on my system. Asterisk generates various log files under /var/log/asterisk directory. I would create astlog under /etc/logrotate.d to manage the log files.

#cd /etc/logrotate.d
#vi astlog
/var/log/asterisk/full /var/log/asterisk/messages /var/log/asterisk/debug /var/log/asterisk/*.log {
nocompress
daily
rotate 5
missingok
copytruncate
}

Here we listed all the log files to be managed and provided the attributes of the log management. Don't compress the log file, rotate the log file daily, max number of log rotation 5 ( i.e logfilexxx.1, logfilexxx.2, .... , logfilexxx.5). It only keeps 5 log files. With copytruncate option, the original log file is truncated in place after creating a copy, instead of moving the old log file and optionally creating a new one. It is useful when some program cannot be told its logfile and thus might continue writing(apending) to the previous log file.

[you can use #stat < filename > or # ls -l < filename > to check the inode number
copytruncate helps the log file to preserver it's inode(unique file number) ]

If you don't want to use copytruncate option, then you have to tell the program that log file has been recreated (with new INODE number). For example, in my case I could have done

#cd /etc/logrotate.d
#vi astlog
/var/log/asterisk/full /var/log/asterisk/messages /var/log/asterisk/debug /var/log/asterisk/*.log {
nocompress
daily
rotate 5
missingok
create

        postrotate
                /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
    endscript

}

Here, we are telling our program 'asterisk' to reload logger as new log file has been created after log rotation.

step 2:

By default, Logrotate is scheduled daily. You can find 'logrotate' under /etc/cron.daily

Let's look at /etc/crontab

# less /etc/crontab
SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * * root test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1


The time to execute the scripts is managed by crontab. /usr/lib/cron/run-crons script controls the cron.hourly, cron.daily, cron.weekly and cron.monthly. run_crons runs every 15 minutes and ensures that cron jobs are taken care of.

In SLES, if you need to change the default daily time , you can go to YAST --> System --> /etc/sysconfig editor --> System --> Cron --> DAILY_TIME and change the time.

Let's say, I want logrotation to be done at OFF hours (10:30 pm) to avoid the possible load on the server, then, I can change DAILY_TIME to 22:30

For more information:

http://www.linuxtopia.org/online_books/suse_linux_guides/SLES10/suse_enterprise_linux_server_installation_admin/sec_suse_pakete.html

NFS (Network File System) in SUSE Linux

NFS server allows transparent acess to programs,files or storage space on the server.

Service:Program/Daemon:Start Script

Port mapper: /sbin/portmap : /etc/init.d/portmap

NFS Server: /usr/sbin/rpc.nfsd and /usr/sbin/rpc.mountd : /etc/init.d/nfsserver

NFS server configuration overview:

All configurations for NFS server are stored in the file /etc/exports. Client-side configuration takes place using the file /etc/fstab.
For the NFS server to start automatically when the computer is booted, the coressponding symbolic links in the runlevel directories must be generated. If you configure the NFS server with YaST, this is done automatically; otherwise, you need to generate them with

#insserv nfsserver

or
#chkconfig nfsserver on


In SUSE Linux, it's very easy to setup NFS server using YaST.

Configure and start NFS server:

To use YaST to configure the NFS server, start Yast and then select Network Services > NFS Server.

or
you can do everything manually
You need to set permissions for exported directories in /etc/exports

#vi /etc/exports
/var/backup *(ro)
/var/work *(rw,sync)


[
Note: if you are specifying the write permission, make sure that the directory has write permission for OTHER user. You can add the write permission to the directory/file by
#chmod o+w /var/work
]

Restart the server to reflect the changes

#rcnfsserver restart


Configure and start NFS Client:

To configure the NFS server, start Yast and then select Network Services > NFS Client. Add all the NFS server and mount point information.

I would recommend YaST for client setup, as it will automatically populate /etc/fstab with the provided NFS server information. You can check /etc/fstab file after you configure NFS client using YaST.

Router ARP Cache not releasing Server IP Address

I moved all IP address from old to a new server. However, I can't ping those servers as those IP addresses are not get updated due to arp cache issues ( IPs are cached on the router). How to solve this issue?

As ARP stands Address Resolution Protocol, it is used to resolve IP address to the corresponding Ethernet address. ARP maintains the mapping betweeen IP address and MAC address in a table in a memory called ARP cache. The entries in this table are dynamicaly added and removed. This is common and well known issue as most network admin configure their routers with a long ARP cache timeout. As a result my requests are going to the old server. If I move IP address, it may take hours before server can communicate. To get rid of this problem, we need to request the MAC address for it's own IP which will cause routers and other hardware update ARP cache. This is called a 'unsolicited ARP' or 'gratuitous ARP'

We can use 'arping command' to send an ARP request to resolve its won IP address.

#arping -U -I [Interface Name] [IP Address]

e.g
#arping -U -I eth1 192.168.1.2

where,
-U : Unsolicited ARP mode to update neighbours ARP cache. No replies are expected
-I eth1: Name of network device where to send ARP request packets.

Pure-FTP on SLES OES2

I will be talking about PURE-FTP

Installation:

You can install pure-ftp using YAST ( interactive tool for software installation on SLES/OES2)

# rpm -qagrep ftp
pure-ftpd-1.0.20-24.13

Configuration:

Configuration files:

/etc/pure-ftpd/pure-ftpd.conf
/etc/ftpusers


Make sure that service is running and will startup on next reboot

#chkconfig --list grep ftp
pure-ftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

pure-ftpd is the name of the deamon/service. If there were 'off' on runleve 3 and 5, you could run the command

#chkconfig pure-ftpd on


/etc/pure-ftpd/pure-ftpd.conf file is very clean and nicely described.

Some of the parameters are:
ChrootEveryone yes
TrustedGID 100

NoAnonymous yes
UnixAuthentication yes

NoRename yes
and many more


Make sure that, after making some changes on this file, you have to restart the service.

#service pure-ftpd restart



Additional Tips:

What should I do to give ftp user (say ftpuser) access to some different directory?

Ans: Say, ftpuser is chrooted to /home/ftpuser. So, he won't be able to access other than /home/ftpuser. Say, ftpuser need access to /tmp/backup. You can create a shortcut for /tmp/backup in /home/ftpuser. However, 'ln' command will not help in FTP. You will have to use 'mount --bind ' command

#mount --bind /tmp/backup /home/ftpuser/backup

You can go to /etc/bash.bashrc and add the above line to mount the drive automatically at every reboot.


Have a fun :)

User add/remove in SLES

[Note: Don't use [ ] bracket in command line. You have been warned! ]

In SLES, adding user and removing user from the system requires some special flags to be used in command line.

To add user

#useradd -m [username]

-m flag enables to create /home/[username] directory

#useradd -r -m [username]

-r flag create a system account. A system account is an user with an UID between SYSTEM_UID_MIN and SYSTEM_UID_MAX as defined in /etc/login.defs, if no UID is specified. The GROUPS entry in /etc/default/useradd is ignored, too.

#passwd [username]
to create/change the password



Check out this after you add the user

#tail /etc/passwd --> This file contains user's information
testuser:x:1001:100::/home/testuser:/bin/bash
testuserdev:x:103:100::/home/testuserdev:/bin/false

testuser is created using only -m flag. Since, it is regular user, it is allowed to make login in the shell. It uses /bin/bash shell. [Remember, without shell you can't login. As shell is the middleware between user and kernel]

testuserdev is created using -r -m flag. Since, it is system user, it is not allowed to login in the shell. That's the reason, it has /bin/false




To remove the user
#userdel [username]

This will simply remove the user account credentials, but all the files in /home/[username] directory is not removed

#userdel -r [username]

-r flag forces to remove /home/[username] directory as well while deleting the user.

Grant access to Anonymous user for FTP read/write operation

In SLES, anonymous user is chrooted to /srv/ftp directory
In CentOS and RedHat linux, anonymous user is chrooted to /var/ftp directory

(when I say chrooted, I mean that '/sr/ftp' acts like '/' for anonymous user. This prevents anonymous user to hack into the root structure of the ftp server)

Make some changes on vsftpd.conf so that anonymous user can do read/write operation.
However, before making any changes, make a backup copy of vsftpd.conf


Server01:/srv/ftp # diff /etc/vsftpd.conf /etc/vsftpd.conf.bak
+anon_upload_enable=YES
-#anon_upload_enable=YES
+ anon_mkdir_write_enable=YES
-#anon_mkdir_write_enable=YES
+ anon_other_write_enable=YES
-#anon_other_write_enable=YES
Now you have to grant "WRITE" access to "other" user in /srv/ftp directory

#chmod o+w /srv/ftp
After that, restart the ftp server

#service vsftpd restart



Try login into the ftp server as anonymous user and try to use 'get' and 'put' commands to download and upload files.

:)



However, above process may not fullfill your needs.
So, try something different

--> Create FTP user

#useradd -r -m ftpuser
#passwd ftpuser
(you can give any name u like)

--> Chroot the user to it's home directory. i.e /home/ftpuser will be root for the ftp user

Server01:~ # diff /etc/vsftpd.conf /etc/vsftpd.conf.backup+chroot_list_enable=YES
-#chroot_list_enable=YES
+chroot_list_file=/etc/vsftpd.chroot_list
- #chroot_list_file=/etc/vsftpd.chroot_list

--> Restart ftp server

#service vsftpd restart



Now, try to login in ftp server using username and password. You can upload and download flawlessly now. You can't break into the root structure of the server as you are in chroot jail of /home/[username]
Have a fun! :)


Today, one of my friend asked me, can we define /var/ftp rather than /srv/ftp as the root directory for the ftpuser in SLES?
Of course, yes. However, you have to hack in /etc/vsftpd.conf

FTPserver#vi /etc/vsftpd.conf
........
write_enable=YES
local_enable=YES
chroot_list_enable=YES
#anonymous_enable=YES
#anon_world_readable_only=YES
....
userlist_enable=YES
userlist_deny=NO
local_root=/var/ftp/
listen_address=[ftp server IP address]


#vi /etc/vsftpd.user_list
add the list of the allowed ftp users over here

#service vsftpd restart


That's it. Try it. ;D

Firewall in SuSe Linux

How to check if Firewall is running or not?
Ans: You have to check if the Firewall service is running or not.

# /sbin/rcSuSEfirewall2 status
Checking the status of SuSEfirewall2 running

It is tellling you that Firewall is running. Firewall blocks telnet/ssh/scp by default.
You can stop firewall by following command

# /sbin/rcSuSEfirewall2 stop

Now try to telnet/ssh/scp into the server remotely, you should be able to make connection


You can use 'chkconfig' command to check the service startup status after reboot.

# chkconfig --list|grep firewall
SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off
SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off

In my case, it says that firewall will not start automatically after next reboot as it's has off status in every terminal (1 thru' 5)


If you are not feeling comfortable playing with command line, you can use YAST for the firewall management. 'Firewall' is located in 'Security and Users' option.

#yast


Have a good one!