Jul 22, 2010

Mengetahui proses ID from port yang di buka

--base--

Untuk mengetahui suatu proses yang sedang berjalan, dalam linux kita bisa mengetahuinya dengan command "ps". Akan tetapi bagaimana jika kita ingin mematikan suatu proses tetapi kita hanya tahu port yang di buka oleh port tersebut.
Berikut singkatnya

--1--
Sebagai contoh dengan nmap kita melihat data sebagai berikut
[root@database1 bin]# nmap localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2010-07-22 14:50 WIT
Interesting ports on database1 (127.0.0.1):
(The 1642 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
111/tcp  open  rpcbind
631/tcp  open  ipp
3306/tcp open  mysql
8009/tcp open  ajp13
8080/tcp open  http-proxy
8082/tcp open  blackice-alerts

--2--
misal kita ingin mematikan proses untuk port 8082
[root@database1 bin]# lsof -w -n -i tcp:8082
COMMAND   PID USER   FD   TYPE DEVICE SIZE NODE NAME
java    20131 root   75u  IPv6 769223       TCP *:8082 (LISTEN)

--selanjut nya--
terserah anda bisa di kill ato di liatin doang
:D


--ceck n jajal --

[root@database1 bin]# kill -9 20131

[root@database1 bin]# nmap localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2010-07-22 14:50 WIT
Interesting ports on database1 (127.0.0.1):
(The 1643 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
111/tcp  open  rpcbind
631/tcp  open  ipp
3306/tcp open  mysql
8009/tcp open  ajp13
8080/tcp open  http-proxy

Nmap run completed -- 1 IP address (1 host up) scanned in 0.214 seconds

Jul 18, 2010

Clear The Cache From Memory ubuntu linux

---musabab--

lack of RAM memory for some people who have little RAM, might become problematic in linux. on linux technology, cache of memory  that store in RAM can also make a system  provide an unoptimal response. And this happened to me: D
soo... what should we do now......

--1--
let's check the memory usage


root@tH3-unD3r:/home/game# free -m
total used free shared buffers cached
Mem: 497 482 15 0 45 180
-/+ buffers/cache: 256 240
Swap: 1004 18 985

--2--
then run this command

root@tH3-unD3r:/home/game# sync; echo 3 > /proc/sys/vm/drop_caches

--check n jajal--
and see the results

tested by mee on xubuntu linux 10.04 LTS

Jul 14, 2010

setting snmpd di ubuntu n enterprise linux

-- info --

take a look on here to gain more experiance about it... :D

-- 1 --
first step all you have to do is preparation the software what is needed. on the way i will split it into 2 way, ubuntu and enterprise way.

-- ubuntu way --
install it with
$ sudo apt-get install snmpd snmp

make backup and edit file snmp.conf
#mv /etc/snmp/snmp.conf /etc/snmp/snmp.conf_old
#vi /etc/snmp/snmp.conf
this is the sample config of snmp.conf

# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec local     localhost        public
com2sec localNet  192.168.1.0/24   public
com2sec localhost localhost        public
#com2sec readonly  default         public
#com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
group MyROSystem v1        local
group MyROSystem v2c       local
group MyROSystem usm       local
group MyROGroup v1         localNet
group MyROGroup v2c        localNet
group MyROGroup usm        localNet
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .1.3.6.1.2.1.1

also edit file /etc/default/snmpd
# This file controls the activity of snmpd and snmptrapd

# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs

# snmpd control (yes means start daemon).
SNMPDRUN=yes

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no

# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes
and restart service
/etc/init.d/snmpd restart

-- enterprise way --
install it using
# yum install net-snmp net-snmp-utils net-snmp-devel
make backup and edit file snmp.conf
#mv /etc/snmp/snmp.conf /etc/snmp/snmp.conf_old
#vi /etc/snmp/snmp.conf
this is a sample of snmp.conf
rocommunity  public
syslocation  "monitor DataCenter"
syscontact  sakti.dwi@localhost
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
com2sec mynetwork 192.168.1.0/24 mycommunity
group MyRWGroup v2c local
group MyROGroup v2c mynetwork
group MyRWGroup v2c otherv3user
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc                           
access MyROGroup "" any noauth 0 all none none
access MyRWGroup "" any noauth prefix all all all                              
com2sec notConfigUser default public
com2sec notConfigUser default public                                  
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

and restart service
 /etc/init.d/snmpd restart

-- cek n jajal --
run this command
#snmpwalk -Os -c public -v 1 192.168.1.212 system


sysDescr.0 = STRING: Linux localhost.localdomain 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686
sysObjectID.0 = OID: netSnmpAgentOIDs.10
sysUpTimeInstance = Timeticks: (925895) 2:34:18.95
sysContact.0 = STRING: sakti.dwi@localhost
sysName.0 = STRING: localhost.localdomain
sysLocation.0 = STRING: "monitor DataCenter"
sysORLastChange.0 = Timeticks: (17) 0:00:00.17
sysORID.1 = OID: snmpFrameworkMIBCompliance
sysORID.2 = OID: snmpMPDCompliance
sysORID.3 = OID: usmMIBCompliance
sysORID.4 = OID: snmpMIB
sysORID.5 = OID: tcpMIB
sysORID.6 = OID: ip
sysORID.7 = OID: udpMIB
sysORID.8 = OID: vacmBasicGroup
sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
and so on
this out put mean that snmpd is work

-- other chek --
this is monitoring tool that use snmp

Jul 8, 2010

ssh tunnel on linux mechine

-- pertama --

base on tunneling on my previous post ( if you wanna see it)

-- next --
in my case, how to tunnel ssh connection is a must. ans this is the story..

-- basically --
all you need to know is the right formula. n the formula is


ssh -L localport:host:hostport user@ssh_server 

-- on check n jajal --

ssh -L 1122:1.2.3.4:22 user@brekele.inc 

the explanation is we make local port 1121. it redirect our connection to 1.2.3.4 on port 22 ( how simple it is)

--other option --
you can put -L more than one. maybe you wanna make tunnel to vnc port or another else


ssh -L 1122:1.2.3.4:22 -L 1123:1.2.3.4:5901 user@brekele.inc

source : www.linuxhorizon.ro