The ulimit programs allow to limit system-wide resource use using a normal configuration file - /etc/security/limits.conf. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.
$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 20
file size (blocks, -f) unlimited
pending signals (-i) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) unlimited
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Example;
smartgeek hard nproc 20
@geeks hard nproc 50
Above will prevent user “smartgeek” to create more than 20 process and anyone in the geeks group from having more than 50 processes.
There are many more setting and limits that you can set on a particular user or to a entire group like ..
using below configuration will prevent any users in the system to logins not more than 3 places at same time.
* hard maxlogins 3
Limit on size of core file
* hard core 0
Friday, August 07, 2009
Linux as Internet Gateway
Step 1. Add 2 Network cards to the Linux box
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)
# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
NETWORK=xx.xx.xx.0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1 # Provided by the ISP
Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
# cat ifcfg-eth1
BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=”"
IPADDR=192.168.1.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes
Step 5. Host Configuration (Optional)
# cat /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step 7. DNS Configuration
# cat /etc/resolv.conf
nameserver 208.67.222.222 # Primary DNS Server provided by the ISP
nameserver 208.67.220.220 # Secondary DNS Server provided by the ISP
Step 8. NAT configuration with IP Tables
First of all you have to flush and delete existing Firewall rules. So flush rules by typing in terminal:
iptables -F
iptables -t nat -F
iptables -t mangle -F
Now delete these chains:
iptables -X
iptables -t nat -X
iptables -t mangle -X
# Set up IP FORWARDing and Masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
# Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)
>echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables save
service iptables restart
# Check if iptables is set to start during boot up
chkconfig –list iptables
Step 9. Testing
Ping the Gateway of the network from client system: ping 192.168.2.1
Try it on your client systems: ping google.com
Configuring PCs on the network (Clients)
All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.
Windows 2000, XP, Configuration:
Select “Start” + Settings” + “Control Panel”
Select the “Network” icon
Select the tab “Configuration” and double click the component “TCP/IP” for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
Select the tabs:
“Gateway”: Use the internal network IP address of the Linux box. (192.168.1.1)
“DNS Configuration”: Use the IP addresses of the ISP Domain Name Servers.
“IP Address”: The IP address (192.168.XXX.XXX – static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)
# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
NETWORK=xx.xx.xx.0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1 # Provided by the ISP
Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
# cat ifcfg-eth1
BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=”"
IPADDR=192.168.1.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes
Step 5. Host Configuration (Optional)
# cat /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step 7. DNS Configuration
# cat /etc/resolv.conf
nameserver 208.67.222.222 # Primary DNS Server provided by the ISP
nameserver 208.67.220.220 # Secondary DNS Server provided by the ISP
Step 8. NAT configuration with IP Tables
First of all you have to flush and delete existing Firewall rules. So flush rules by typing in terminal:
iptables -F
iptables -t nat -F
iptables -t mangle -F
Now delete these chains:
iptables -X
iptables -t nat -X
iptables -t mangle -X
# Set up IP FORWARDing and Masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
# Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)
>echo 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configuration
service iptables save
service iptables restart
# Check if iptables is set to start during boot up
chkconfig –list iptables
Step 9. Testing
Ping the Gateway of the network from client system: ping 192.168.2.1
Try it on your client systems: ping google.com
Configuring PCs on the network (Clients)
All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.
Windows 2000, XP, Configuration:
Select “Start” + Settings” + “Control Panel”
Select the “Network” icon
Select the tab “Configuration” and double click the component “TCP/IP” for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
Select the tabs:
“Gateway”: Use the internal network IP address of the Linux box. (192.168.1.1)
“DNS Configuration”: Use the IP addresses of the ISP Domain Name Servers.
“IP Address”: The IP address (192.168.XXX.XXX – static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here
Recover password MySQL
Step # 1 : Stop mysql service
# /etc/init.d/mysql stop
Step # 2: Start to MySQL server w/o password:
# mysqld_safe –skip-grant-tables &
Or
edit my.cnf
[mysqld]
skip-grant-tables
start the server
service mysqld start
Step # 3: Connect to mysql server using mysql client:
# mysql -u root
Step # 4: Setup new MySQL root user password
mysql> use mysql;
mysql> update user set password=PASSWORD(”NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:
# /etc/init.d/mysql stop
Step # 6: Start MySQL server and test it
# /etc/init.d/mysql start
# mysql -u root -p
# /etc/init.d/mysql stop
Step # 2: Start to MySQL server w/o password:
# mysqld_safe –skip-grant-tables &
Or
edit my.cnf
[mysqld]
skip-grant-tables
start the server
service mysqld start
Step # 3: Connect to mysql server using mysql client:
# mysql -u root
Step # 4: Setup new MySQL root user password
mysql> use mysql;
mysql> update user set password=PASSWORD(”NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:
# /etc/init.d/mysql stop
Step # 6: Start MySQL server and test it
# /etc/init.d/mysql start
# mysql -u root -p
Subscribe to:
Posts (Atom)