Linux Blimp

DNF aka Dandified YUM is a next generation Package Manager for RPM based Distribution. It was first introduced in Fedora 18 and it has replaced YUM utility in recent release of Fedora 22.

DNF aims at improving the bottlenecks of YUM viz., Performance, Memory Usages, Dependency Resolution, Speed and lots of other factors. DNF does Package Management using RPM, libsolv and hawkey library. Though it does not come per-installed in CentOS and RHEL 7 you can yum, dnf and use it alongside the yum.

You may like to read more about DNF here:

1. Reasons Behind Replacing Yum with DNF

The latest stable release of DNF is 1.0 (at the time of writing of post) which was released on May 11, 2015. It (and all previous version of DNF) is mostly written in Python and is released under GPL v2 License.

Installation of DNF

DNF in not available in the default repository of RHEL/CentOS 7. However Fedora 22 ships with DNF implemented officially.

To install DNF on RHEL/CentOS systems, you need to first install and enable epel-release repository.

# yum install epel-release
OR
# yum install epel-release -y

Though it is not ethical to use ‘-y‘ with yum as it is recommended to see what is being installed in your system. However if this does not matter you much you may use ‘-y’ with yum to install everything automatically without user’s intervention.

Next, install DNF package using yum command from epel-release repository.

# yum install dnf

After dnf installed successfully, it’s time to show you 27 practical usage of dnf commands with examples that will help you to manage packages in RPM based distribution easily and effectively.

1. Check DNF Version

Check the version of DNF installed on your System.

# dnf --version

2. List Enabled DNF Repositories

The option ‘repolist‘ with dnf command, will display all enabled repositories under your system.

# dnf repolist

3. List all Enabled and Disabled DNF Repositories

The option ‘repolist all‘ will print all the enabled/disabled repositories under your system.

# dnf repolist all

4. List all Available and Installed Packages using DNF

The command “dnf list” will list all the available packages from all the repositories and installed packages on your Linux system.

# dnf list

5. List all Installed Packages using DNF

While the “dnf list” command shows all the available/installed packages from all the repositories. However, you have the option to list only the installed packages using option “list installed” as shown below.

# dnf list installed

6. List all Available Packages using DNF

Similarly, the “list available” option, will list all the packages available to be installed from all the enabled repositories.

# dnf list available

7. Search for a Package using DNF

If incase, you’ve no idea about the package that you want install, in such situation you may use ‘search‘ option with dnf command to search for the package that matches the word or string (say nano).

# dnf search nano

8. See what Provides a file/sub-package?

The dnf option “provides” find the name of the package that provides specific file/sub-package. For example, if you would like to find what provides ‘/bin/bash‘ on your system?

# dnf provides /bin/bash

9. Get Details of a Package using DNF

Let’s assume you want to know the information of a package before installing it on the system, you may use “info” switch to get a detailed information about a package (say nano) as below.

# dnf info nano

10. Install a Package with DNF

To install a package called nano, just run the below command it will automatically resolve and install all required dependencies for package nano.

# dnf install nano

11. Updating a Package using DNF

You may update only a specific package (say systemd) and leave everything on the system untouched.

# dnf update systemd

12. Check for System Updates using DNF

Check updates for all the system packages installed into the system simply as.

# dnf check-update

13. Update All System Packages using DNF

You may update the whole system including all the installed packages with following commands.

# dnf update
OR
# dnf upgrade

14. Remove/Erase a Package using DNF

To remove or erase any unwanted package (say nano), you may use “remove” or “erase” switch with dnf command to remove it.

# dnf remove nano
OR
# dnf erase nano

15. Remove Orphan Packages using DNF

Those packages that were installed to satisfy dependency may be useless if not being used by other applications. To remove those orphan packages execute the below command.

# dnf autoremove

16. Remove Cached Packages using DNF

A lot of time we encounter out-of-date headers and unfinished transactions which results into error while executing dnf. We may clean all the cached packages and headers containing remote package information simply by executing.

# dnf clean all

17. Get Help on Specific DNF Command

You may get help of any specific dnf command (say clean) just by executing the below command.

# dnf help clean

18. List all DNF Commands and Options

To list help on all available dnf commands and option simply type.

# dnf help

19. View History of DNF

You may call dnf history to look at the list of already executed dnf commands. This way you can be aware of what was installed/removed with time stamp.

# dnf history

20. List all Group Packages

The command “dnf grouplist” will print all available or installed packages, if nothing is mentioned, it will list all known groups.

# dnf grouplist

21. Install a Group Package using DNF

To install a Group of packages bundled together as group package (say Educational Software) simply as.

# dnf groupinstall 'Educational Software'

22. Update a Group Package

Let’s update a Group Package (say Educational Software) by executing the below command.

# dnf groupupdate 'Educational Software'

23. Remove a Group Package

We can remove the group Package (say Educational Software) as.

# dnf groupremove 'Educational Software'

24. Install a Package from Specific Repository

DNF makes it possible to install any specific package (say phpmyadmin) from a repo (epel) as simply as,

# dnf --enablerepo=epel install phpmyadmin

25. Synchronize Installed Packages to Stable Release

The command “dnf distro-sync” will provides necessary options to synchronize all installed packages to most recent stable version available from any enabled repository. If no package is selected, all installed packages are synchronized.

# dnf distro-sync

26. Reinstall a Package

The command “dnf reinstall nano” will reinstall an already installed package (say nano).

# dnf reinstall nano

27. Downgrade a Package

The option “downgrade” will downgrades the named package (say acpid) to lower version if possible.

# dnf downgrade acpid

Sample Output

Using metadata from Wed May 20 12:44:59 2015
No match for available package: acpid-2.0.19-5.el7.x86_64
Error: Nothing to do.

My observation: DNF does not downgraded the package as it is supposed to. It has also been reported as bug.

Conclusion

DNF is the upper state of the end of the art Package Manager YUM. It tends to do a lot of processing automatically which is not going to be praised by many experienced Linux System Administrator, as I believe. As a matter of example:

1. --skip-broken is not recognized by DNF and there is no alternative.
2. There is nothing like ‘resolvedep‘ command however you may run dnf provides.

1. There is no ‘deplist‘ command to find package dependency.
2. You exclude a repo, means the exclusion apply on all operations, unlike yum which excludes those repos only at the time of install and updates, etc.

Several Linux users are not happy the way Linux Ecosystem is moving. First Systemd removed init system v and now DNF will be replacing YUM sooner in Fedora 22 and later in RHEL and CentOS.

What do you think? are distributions and the whole Linux ecosystem is not valuing it’s users and moving against their will. Also it is often said in IT industry – “Why fix, If not broken?”, and neither init System V is broken nor YUM.

That’s all for now. Please let me know your valuable thoughts in the comments below. Like and share us and help us get spread.

Source

In this tutorial, I am going to take your through steps you can use to delete a user’s account together with his/her home directory on a Linux system.

To learn how to create user accounts and manage them on Linux systems, read the following articles from the links below:

1. 15 “useradd” Command Examples to Manage User Accounts in Linux
2. 15 “usermod” Command Examples to Change/Modify User Account Names in Linux
3. How to Manage Users & Groups with File Permissions in Linux

As a System Administrator in Linux, you may have to remove users account at after sometime when a user account may become dormant for so long, or user may leave the organization or company or any other reasons.

When removing user accounts on a Linux system, it is also important to remove their home directory to free up space on the storage devices for new system users or other services.

1. For demonstration purpose, first I will start by creating two user accounts on my system that is user tecmintand user linuxsay with their home directories /home/tecmint and /home/linusay respectively using addusercommand.

# adduser tecmint
# passwd tecmint

# adduser linuxsay
# passwd linuxsay

From the screenshot above, I have used the adduser command to create user accounts on Linux. You can also use useradd command, both are same and does the same job.

2. Let’s now move further to see how to delete or remove user accounts in Linux using deluser (For Debian and it’s derivatives) and userdel (For RedHat/CentOS based systems) command.

The directives inside the configuration file for deluser and userdel commands determine how this it will handle all user files and directory when you run the command.

Let us look at the configuration file for the deluser command which is /etc/deluser.conf on Debian derivatives such as Ubuntu, Kali, Mint and for RHEL/CentOS/Fedora users, you can view the /etc/login.defsfiles.

The values in the these configuration are default and can be changed as per your needs.

# vi /etc/deluser.conf         [On Debian and its derivatives]
# vi /etc/login.defs           [On RedHat/CentOS based systems]

3. To delete a user with home directory, you can use the advanced way by following these steps on your Linux server machine. When users are logged on to the server, they use services and run different processes. It is important to note that user can only be deleted effectively when they are not logged on to the server.

Lock User Accounts in Linux

Start by locking the user account password so that there is no access for the user to the system. This will prevent a user from running processes on the system.

The passwd command including the –lock option can help you achieve this:

# passwd --lock tecmint

Locking password for user tecmint.
passwd: Success

Find and Kill All Running Processes of User

Next find out all running processes of user account and kill them by determine the PIDs (Process IDs) of processes owned by the user using:

# pgrep -u tecmint

1947
1959
2091
2094
2095
2168
2175
2179
2183
2188
2190
2202
2207
2212
2214

# ps -f --pid $(pgrep -u tecmint)

UID        PID  PPID  C STIME TTY      STAT   TIME CMD
tecmint   1947     1  0 10:49 ?        SLl    0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
tecmint   1959  1280  0 10:49 ?        Ssl    0:00 mate-session
tecmint   2091  1959  0 10:49 ?        Ss     0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/im-launch mate-session
tecmint   2094     1  0 10:49 ?        S      0:00 /usr/bin/dbus-launch --exit-with-session /usr/bin/im-launch mate-session
tecmint   2095     1  0 10:49 ?        Ss     0:00 //bin/dbus-daemon --fork --print-pid 6 --print-address 9 --session
tecmint   2168     1  0 10:49 ?        Sl     0:00 /usr/lib/dconf/dconf-service
tecmint   2175  1959  0 10:49 ?        Sl     0:02 /usr/bin/mate-settings-daemon
tecmint   2179  1959  0 10:49 ?        Sl     0:47 marco
tecmint   2183     1  0 10:49 ?        Sl     0:00 /usr/lib/gvfs/gvfsd
tecmint   2188  1959  0 10:49 ?        Sl     0:00 mate-panel
tecmint   2190     1  0 10:49 ?        Sl     0:00 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
tecmint   2202     1  0 10:49 ?        S<l    0:20 /usr/bin/pulseaudio --start --log-target=syslog
tecmint   2207  1959  0 10:49 ?        S      0:00 /bin/sh /usr/bin/startcaja
tecmint   2212     1  0 10:49 ?        Sl     0:03 /usr/bin/python /usr/lib/linuxmint/mintMenu/mintMenu.py
tecmint   2214     1  0 10:49 ?        Sl     0:11 /usr/lib/mate-panel/wnck-applet
....

# killall -9 -u tecmint

-bash: killall: command not found

# yum install psmisc       [On RedHat/CentOS 7.x]
# dnf install psmisc       [On Fedora 21+ versions]

# tar jcvf /user-backups/tecmint-home-directory-backup.tar.bz2 /home/tecmint

# deluser --remove-home tecmint      [On Debian and its derivatives]
# userdel --remove tecmint           [On RedHat/CentOS based systems]

Computers are connected in a network to exchange information or resources each other. Two or more computer connected through network media called computer network. There are number of network devices or media are involved to form computer network. Computer loaded with Linux Operating System can also be a part of network whether it is small or large network by its multitasking and multiuser natures. Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.

1. ifconfig

ifconfig (interface configurator) command is use to initialize an interface, assign IP Address to interface and enable or disable interface on demand. With this command you can view IP Address and Hardware / MAC address assign to interface and also MTU (Maximum transmission unit) size.

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:28:FD:4C
          inet addr:192.168.50.2  Bcast:192.168.50.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe28:fd4c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4824 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6125302 (5.8 MiB)  TX bytes:536966 (524.3 KiB)
          Interrupt:18 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 b)  TX bytes:480 (480.0 b)

ifconfig with interface (eth0) command only shows specific interface details like IP Address, MAC Address etc. with -a options will display all available interface details if it is disable also.

# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:28:FD:4C
          inet addr:192.168.50.2  Bcast:192.168.50.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe28:fd4c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6127464 (5.8 MiB)  TX bytes:539648 (527.0 KiB)
          Interrupt:18 Base address:0x2000

Assigning IP Address and Gateway

Assigning an IP Address and Gateway to interface on the fly. The setting will be removed in case of system reboot.

# ifconfig eth0 192.168.50.5 netmask 255.255.255.0

Enable or Disable Specific Interface

To enable or disable specific Interface, we use example command as follows.

Enable eth0

# ifup eth0

Disable eth0

# ifdown eth0

Setting MTU Size

By default MTU size is 1500. We can set required MTU size with below command. Replace XXXX with size.

# ifconfig eth0 mtu XXXX

Set Interface in Promiscuous mode

Network interface only received packets belongs to that particular NIC. If you put interface in promiscuousmode it will received all the packets. This is very useful to capture packets and analyze later. For this you may require superuser access.

# ifconfig eth0 - promisc

2. PING Command

PING (Packet INternet Groper) command is the best way to test connectivity between two nodes. Whether it is Local Area Network (LAN) or Wide Area Network (WAN). Ping use ICMP (Internet Control Message Protocol) to communicate to other devices. You can ping host name of ip address using below command.

# ping 4.2.2.2

PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=44 time=203 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=44 time=201 ms
64 bytes from 4.2.2.2: icmp_seq=3 ttl=44 time=201 ms

OR

# ping www.tecmint.com

PING tecmint.com (50.116.66.136) 56(84) bytes of data.
64 bytes from 50.116.66.136: icmp_seq=1 ttl=47 time=284 ms
64 bytes from 50.116.66.136: icmp_seq=2 ttl=47 time=287 ms
64 bytes from 50.116.66.136: icmp_seq=3 ttl=47 time=285 ms

In Linux ping command keep executing until you interrupt. Ping with -c option exit after N number of request (success or error respond).

# ping -c 5 www.tecmint.com

PING tecmint.com (50.116.66.136) 56(84) bytes of data.
64 bytes from 50.116.66.136: icmp_seq=1 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=2 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=3 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=4 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=5 ttl=47 time=285 ms

--- tecmint.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4295ms
rtt min/avg/max/mdev = 285.062/285.324/285.406/0.599 ms

3. TRACEROUTE Command

traceroute is a network troubleshooting utility which shows number of hops taken to reach destination also determine packets traveling path. Below we are tracing route to global DNS server IP Address and able to reach destination also shows path of that packet is traveling.

# traceroute 4.2.2.2

traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 60 byte packets
 1  192.168.50.1 (192.168.50.1)  0.217 ms  0.624 ms  0.133 ms
 2  227.18.106.27.mysipl.com (27.106.18.227)  2.343 ms  1.910 ms  1.799 ms
 3  221-231-119-111.mysipl.com (111.119.231.221)  4.334 ms  4.001 ms  5.619 ms
 4  10.0.0.5 (10.0.0.5)  5.386 ms  6.490 ms  6.224 ms
 5  gi0-0-0.dgw1.bom2.pacific.net.in (203.123.129.25)  7.798 ms  7.614 ms  7.378 ms
 6  115.113.165.49.static-mumbai.vsnl.net.in (115.113.165.49)  10.852 ms  5.389 ms  4.322 ms
 7  ix-0-100.tcore1.MLV-Mumbai.as6453.net (180.87.38.5)  5.836 ms  5.590 ms  5.503 ms
 8  if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17)  216.909 ms  198.864 ms  201.737 ms
 9  if-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2)  203.305 ms  203.141 ms  202.888 ms
10  if-5-2.tcore1.WV6-Madrid.as6453.net (80.231.200.6)  200.552 ms  202.463 ms  202.222 ms
11  if-8-2.tcore2.SV8-Highbridge.as6453.net (80.231.91.26)  205.446 ms  215.885 ms  202.867 ms
12  if-2-2.tcore1.SV8-Highbridge.as6453.net (80.231.139.2)  202.675 ms  201.540 ms  203.972 ms
13  if-6-2.tcore1.NJY-Newark.as6453.net (80.231.138.18)  203.732 ms  203.496 ms  202.951 ms
14  if-2-2.tcore2.NJY-Newark.as6453.net (66.198.70.2)  203.858 ms  203.373 ms  203.208 ms
15  66.198.111.26 (66.198.111.26)  201.093 ms 63.243.128.25 (63.243.128.25)  206.597 ms 66.198.111.26 (66.198.111.26)  204.178 ms
16  ae9.edge1.NewYork.Level3.net (4.68.62.185)  205.960 ms  205.740 ms  205.487 ms
17  vlan51.ebr1.NewYork2.Level3.net (4.69.138.222)  203.867 ms vlan52.ebr2.NewYork2.Level3.net (4.69.138.254)  202.850 ms vlan51.ebr1.NewYork2.Level3.net (4.69.138.222)  202.351 ms
18  ae-6-6.ebr2.NewYork1.Level3.net (4.69.141.21)  201.771 ms  201.185 ms  201.120 ms
19  ae-81-81.csw3.NewYork1.Level3.net (4.69.134.74)  202.407 ms  201.479 ms ae-92-92.csw4.NewYork1.Level3.net (4.69.148.46)  208.145 ms
20  ae-2-70.edge2.NewYork1.Level3.net (4.69.155.80)  200.572 ms ae-4-90.edge2.NewYork1.Level3.net (4.69.155.208)  200.402 ms ae-1-60.edge2.NewYork1.Level3.net (4.69.155.16)  203.573 ms
21  b.resolvers.Level3.net (4.2.2.2)  199.725 ms  199.190 ms  202.488 ms

4. NETSTAT Command

Netstat (Network Statistic) command display connection info, routing table information etc. To displays routing table information use option as -r.

# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.50.0    *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.50.1    0.0.0.0         UG        0 0          0 eth0

For more examples of Netstat Command, please read our earlier article on 20 Netstat Command Examples in Linux.

5. DIG Command

Dig (domain information groper) query DNS related information like A Record, CNAME, MX Record etc. This command mainly use to troubleshoot DNS related query.

# dig www.tecmint.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.tecmint.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

For more examples of Dig Command, please read the article on 10 Linux Dig Commands to Query DNS.

6. NSLOOKUP Command

nslookup command also use to find out DNS related query. The following examples shows A Record (IP Address) of tecmint.com.

# nslookup www.tecmint.com
Server:         4.2.2.2
Address:        4.2.2.2#53

Non-authoritative answer:
www.tecmint.com canonical name = tecmint.com.
Name:   tecmint.com
Address: 50.116.66.136

For more NSLOOKUP Command, read the article on 8 Linux Nslookup Command Examples.

7. ROUTE Command

route command also shows and manipulate ip routing table. To see default routing table in Linux, type the following command.

# route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0

Adding, deleting routes and default Gateway with following commands.

Route Adding

# route add -net 10.10.10.0/24 gw 192.168.0.1

Route Deleting

# route del -net 10.10.10.0/24 gw 192.168.0.1

Adding default Gateway

# route add default gw 192.168.0.1

8. HOST Command

host command to find name to IP or IP to name in IPv4 or IPv6 and also query DNS records.

# host www.google.com

www.google.com has address 173.194.38.180
www.google.com has address 173.194.38.176
www.google.com has address 173.194.38.177
www.google.com has address 173.194.38.178
www.google.com has address 173.194.38.179
www.google.com has IPv6 address 2404:6800:4003:802::1014

Using -t option we can find out DNS Resource Records like CNAME, NS, MX, SOA etc.

# host -t CNAME www.redhat.com

www.redhat.com is an alias for wildcard.redhat.com.edgekey.net.

9. ARP Command

ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP tables. To see default table use the command as.

# arp -e

Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.50.1             ether   00:50:56:c0:00:08   C                     eth0

10. ETHTOOL Command

ethtool is a replacement of mii-tool. It is to view, setting speed and duplex of your Network Interface Card (NIC). You can set duplex permanently in /etc/sysconfig/network-scripts/ifcfg-eth0 with ETHTOOL_OPTS variable.

# ethtool eth0

Settings for eth0:
        Current message level: 0x00000007 (7)
        Link detected: yes

11. IWCONFIG Command

iwconfig command in Linux is use to configure a wireless network interface. You can see and set the basic Wi-Fi details like SSID channel and encryption. You can refer man page of iwconfig to know more.

# iwconfig [interface]

12. HOSTNAME Command

hostname is to identify in a network. Execute hostname command to see the hostname of your box. You can set hostname permanently in /etc/sysconfig/network. Need to reboot box once set a proper hostname.

# hostname 

tecmint.com

13. GUI tool system-config-network

Type system-config-network in command prompt to configure network setting and you will get nice Graphical User Interface (GUI) which may also use to configure IP Address, Gateway, DNS etc. as shown below image.

# system-config-network

This article can be useful for day to day use of Linux Network administrator in Linux / Unix-like operating system. Kindly share through our comment box if we missed out.

Source

In this article, we will explain one of the critical Linux system administration tasks – performance monitoring in regards to system/CPU load and load averages.

Before we move any further, let’s understand these two important phrases in all Unix-like systems:

• System load/CPU Load – is a measurement of CPU over or under-utilization in a Linux system; the number of processes which are being executed by the CPU or in waiting state.
• Load average – is the average system load calculated over a given period of time of 1, 5 and 15 minutes.

In Linux, the load-average is technically believed to be a running average of processes in it’s (kernel) execution queue tagged as running or uninterruptible.

Note that:

• All if not most systems powered by Linux or other Unix-like systems will possibly show the load average values somewhere for a user.
• A downright idle Linux system may have a load average of zero, excluding the idle process.
• Nearly all Unix-like systems count only processes in the running or waiting states. But this is not the case with Linux, it includes processes in uninterruptible sleep states; those waiting for other system resources like disk I/O etc.

How to Monitor Linux System Load Average

There are numerous ways of monitoring system load average including uptime which shows how long the system has been running, number of users together with load averages:

$ uptime

07:13:53 up 8 days, 19 min,  1 user,  load average: 1.98, 2.15, 2.21

The numbers are read from left to right, and the output above means that:

• load average over the last 1 minute is 1.98
• load average over the last 5 minutes is 2.15
• load average over the last 15 minutes is 2.21

High load averages imply that a system is overloaded; many processes are waiting for CPU time.

We will uncover this in the next section in relation to number of CPU cores. Additionally, we can as well use other well known tools such as top and glances which display a real-time state of a running Linux system, plus many other tools:

Top Command

$ top

top - 12:51:42 up  2:11,  1 user,  load average: 1.22, 1.12, 1.26
Tasks: 243 total,   1 running, 242 sleeping,   0 stopped,   0 zombie
%Cpu(s): 17.4 us,  2.9 sy,  0.3 ni, 74.8 id,  4.6 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  8069036 total,   388060 free,  4381184 used,  3299792 buff/cache
KiB Swap:  3906556 total,  3901876 free,     4680 used.  2807464 avail Mem 

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                                                        
 6265 tecmint   20   0 1244348 170680  83616 S  13.3  2.1   6:47.72 Headset                                                                                                                                        
 2301 tecmint    9 -11  640332  13344   9932 S   6.7  0.2   2:18.96 pulseaudio                                                                                                                                     
 2459 tecmint   20   0 1707692 315628  62992 S   6.7  3.9   6:55.45 cinnamon                                                                                                                                       
 2957 tecmint   20   0 2644644 1.035g 137968 S   6.7 13.5  50:11.13 firefox                                                                                                                                        
 3208 tecmint   20   0  507060  52136  33152 S   6.7  0.6   0:04.34 gnome-terminal-                                                                                                                                
 3272 tecmint   20   0 1521380 391324 178348 S   6.7  4.8   6:21.01 chrome                                                                                                                                         
 6220 tecmint   20   0 1595392 106964  76836 S   6.7  1.3   3:31.94 Headset                                                                                                                                        
    1 root      20   0  120056   6204   3964 S   0.0  0.1   0:01.83 systemd                                                                                                                                        
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kthreadd                                                                                                                                       
    3 root      20   0       0      0      0 S   0.0  0.0   0:00.10 ksoftirqd/0                                                                                                                                    
    5 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:0H   
....

Glances Tool

$ glances

TecMint (LinuxMint 18 64bit / Linux 4.4.0-21-generic)                                                                                                                                               Uptime: 2:16:06

CPU      16.4%  nice:     0.1%                                        LOAD    4-core                                        MEM     60.5%  active:    4.90G                                        SWAP      0.1%
user:    10.2%  irq:      0.0%                                        1 min:    1.20                                        total:  7.70G  inactive:  2.07G                                        total:   3.73G
system:   3.4%  iowait:   2.7%                                        5 min:    1.16                                        used:   4.66G  buffers:    242M                                        used:    4.57M
idle:    83.6%  steal:    0.0%                                        15 min:   1.24                                        free:   3.04G  cached:    2.58G                                        free:    3.72G

NETWORK     Rx/s   Tx/s   TASKS 253 (883 thr), 1 run, 252 slp, 0 oth sorted automatically by cpu_percent, flat view
enp1s0     525Kb   31Kb
lo           2Kb    2Kb     CPU%  MEM%  VIRT   RES   PID USER        NI S    TIME+ IOR/s IOW/s Command 
wlp2s0        0b     0b     14.6  13.3 2.53G 1.03G  2957 tecmint      0 S 51:49.10     0   40K /usr/lib/firefox/firefox 
                             7.4   2.2 1.16G  176M  6265 tecmint      0 S  7:08.18     0     0 /usr/lib/Headset/Headset --type=renderer --no-sandbox --primordial-pipe-token=879B36514C6BEDB183D3E4142774D1DF --lan
DISK I/O     R/s    W/s      4.9   3.9 1.63G  310M  2459 tecmint      0 R  7:12.18     0     0 cinnamon --replace
ram0           0      0      4.2   0.2  625M 13.0M  2301 tecmint    -11 S  2:29.72     0     0 /usr/bin/pulseaudio --start --log-target=syslog
ram1           0      0      4.2   1.3 1.52G  105M  6220 tecmint      0 S  3:42.64     0     0 /usr/lib/Headset/Headset 
ram10          0      0      2.9   0.8  409M 66.7M  6240 tecmint      0 S  2:40.44     0     0 /usr/lib/Headset/Headset --type=gpu-process --no-sandbox --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,2
ram11          0      0      2.9   1.8  531M  142M  1690 root         0 S  6:03.79     0     0 /usr/lib/xorg/Xorg :0 -audit 0 -auth /var/lib/mdm/:0.Xauth -nolisten tcp vt8
ram12          0      0      2.6   0.3 79.3M 23.8M  9651 tecmint      0 R  0:00.71     0     0 /usr/bin/python3 /usr/bin/glances
ram13          0      0      1.6   4.8 1.45G  382M  3272 tecmint      0 S  6:25.30     0    4K /opt/google/chrome/chrome 
...

The load averages shown by these tools is read /proc/loadavg file, which you can view using the cat commandas below:

$ cat /proc/loadavg

2.48 1.69 1.42 5/889 10570

To monitor load averages in graph format, check out: ttyload – Shows a Color-coded Graph of Linux Load Average in Terminal

On desktop machines, there are graphical user interface tools that we can use to view system load averages.

Understanding System Average Load in Relation Number of CPUs

We can’t possibly explain system load or system performance without shedding light on the impact of the number of CPU cores on performance.

Multi-processor Vs Multi-core

• Multi-processor – is where two or more physical CPU’s are integrated into a single computer system.
• Multi-core processor – is a single physical CPU which has at least two or more separate cores (or what we can also refer to as processing units) that work in parallel. Meaning a dual-core has 2 two processing units, a quad-core has 4 processing units and so on.

Furthermore, there is also a processor technology which was first introduced by Intel to improve parallel computing, referred to as hyper threading.

Under hyper threading, a single physical CPU core appears as two logical CPUs core to an operating system (but in reality, there is one physical hardware component).

Note that a single CPU core can only carry out one task at a time, thus technologies such as multiple CPUs/processors, multi-core CPUs and hyper-threading were brought to life.

With more than one CPU, several programs can be executed simultaneously. Present-day Intel CPUs use a combination of both multiple cores and hyper-threading technology.

To find the number of processing units available on a system, we may use the nproc or lscpu commands as follows:

$ nproc
4

OR
lscpu

Another way to find the number of processing units using grep command as shown.

$ grep 'model name' /proc/cpuinfo | wc -l

4

Now, to further understand system load, we will take a few assumptions. Let’s say we have load averages below:

23:16:49 up  10:49,  5 user,  load average: 1.00, 0.40, 3.35

On a single core system this would mean:

• The CPU was fully (100%) utilized on average; 1 processes was running on the CPU (1.00) over the last 1 minute.
• The CPU was idle by 60% on average; no processes were waiting for CPU time (0.40) over the last 5 minutes.
• The CPU was overloaded by 235% on average; 2.35 processes were waiting for CPU time (3.35) over the last 15 minutes.

On a dual-core system this would mean:

• The one CPU was 100% idle on average, one CPU was being used; no processes were waiting for CPU time(1.00) over the last 1 minute.
• The CPUs were idle by 160% on average; no processes were waiting for CPU time. (0.40) over the last 5 minutes.
• The CPUs were overloaded by 135% on average; 1.35 processes were waiting for CPU time. (3.35) over the last 15 minutes.

You might also like:

1. 20 Command Line Tools to Monitor Linux Performance – Part 1
2. 13 Linux Performance Monitoring Tools – Part 2
3. Perf- A Performance Monitoring and Analysis Tool for Linux
4. Nmon: Analyze and Monitor Linux System Performance

In conclusion, if you are a system administrator then high load averages are real to worry about. When they are high, above the number of CPU cores, it signifies high demand for the CPUs, and low load averages below the number of CPU cores tells us that CPUs are underutilized.

Source

pydash is a lightweight web-based monitoring tool for Linux written in Python and Django plus Chart.js. It has been tested and can run on the following mainstream Linux distributions: CentOS, Fedora, Ubuntu, Debian, Arch Linux, Raspbian as well as Pidora.

You can use it to keep an eye on your Linux PC/server resources such as CPUs, RAM, network stats, processes including online users and more. The dashboard is developed entirely using Python libraries provided in the main Python distribution, therefore it has a few dependencies; you don’t need to install many packages or libraries to run it.

In this article, we will show you how to install pydash to monitor Linux server performance.

How to Install pyDash in Linux System

1. First install required packages: git and Python pip as follows:

-------------- On Debian/Ubuntu -------------- 
$ sudo apt-get install git python-pip

-------------- On CentOS/RHEL -------------- 
# yum install epel-release
# yum install git python-pip

-------------- On Fedora 22+ --------------
# dnf install git python-pip

2. If you have git and Python pip installed, next, install virtualenv which helps to deal with dependency issues for Python projects, as below:

# pip install virtualenv
OR
$ sudo pip install virtualenv

3. Now using git command, clone the pydash directory into your home directory like so:

# git clone https://github.com/k3oni/pydash.git
# cd pydash

4. Next, create a virtual environment for your project called pydashtest using the virtualenv command below.

$ virtualenv pydashtest #give a name for your virtual environment like pydashtest

Important: Take note the virtual environment’s bin directory path highlighted in the screenshot above, yours could be different depending on where you cloned the pydash folder.

5. Once you have created the virtual environment (pydashtest), you must activate it before using it as follows.

$ source /home/aaronkilik/pydash/pydashtest/bin/activate

From the screenshot above, you’ll note that the PS1 prompt changes indicating that your virtual environment has been activated and is ready for use.

6. Now install the pydash project requirements; if you are curious enough, view the contents of requirements.txtusing the cat command and the install them using as shown below.

$ cat requirements.txt
$ pip install -r requirements.txt

7. Now move into the pydash directory containing settings.py or simple run the command below to open this file to change the SECRET_KEY to a custom value.

$ vi pydash/settings.py

Save the file and exit.

8. Afterward, run the django command below to create the project database and install Django’s auth system and create a project super user.

$ python manage.py syncdb

Answer the questions below according to your scenario:

Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): admin
Email address: aaronkilik@gmail.com
Password: ###########
Password (again): ############

9. At this point, all should be set, now run the following command to start the Django development server.

$ python manage.py runserver

10. Next, open your web browser and type the URL: http://127.0.0.1:8000/ to get the web dashboard login interface. Enter the super user name and password you created while creating the database and installing Django’s auth system in step 8 and click Sign In.

11. Once you login into pydash main interface, you will get a section for monitoring general system info, CPU, memory and disk usage together with system load average.

Simply scroll down to view more sections.

12. Next, screenshot of the pydash showing a section for keeping track of interfaces, IP addresses, Internet traffic, disk read/writes, online users and netstats.

13. Next is a screenshot of the pydash main interface showing a section to keep an eye on active processes on the system.

For more information, check out pydash on Github: https://github.com/k3oni/pydash.

That’s it for now!

Source

Icinga is a modern open source monitoring tool that originated from a Nagios fork, and now has two parallel branches, Icinga 1 and Icinga 2. What this tool does is, not to different from Nagios due to the fact that it still uses Nagios plugins and add-ons and even configuration files to check and monitor network services and hosts, but some differences can be spotted on web interfaces, especially on new web interface, reporting capability and easy add-ons development.

This topic will concentrate on a basic installation of Icinga 1 Monitoring Tool from binaries on CentOS or RHEL 7, using RepoForge (previously known as RPMforge) repositories for CentOS 6, with the classical web interface held by Apache Webserver and the use of Nagios Plugins that will be installed on your system.

Read Also: Install Nagios Monitoring Tool in RHEL/CentOS

Requirements

A basic LAMP installation on RHEL/CentOS 7.0 without MySQL and PhpMyAdmin, but with these PHP modules: php-cli
php-pear php-xmlrpc php-xsl php-pdo php-soap php-gd.

1. Installing Basic LAMP in RHEL/CentOS 7.0

Step 1: Installing Icinga Monitoring Tool

1. Before proceeding with Icinga installation from binaries add RepoForge repositories on your system by issuing the following command, depending on your machine.

For 86-64-bit

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

For 32-bit

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm

2. After RepoForge repositories had been added on your system, start with Icinga basic installation without the web interface yet, by running the following command.

# yum install icinga icinga-doc

3. The next step is to try to install Icinga web interface provided by icinga-gui package. It seems that for the moment this package has some unresolved issues with CentOS/RHEL 7, and will generate some transaction check errors, but you can feel free to try to install the package, maybe meanwhile the problem was resolved.

Still, if you get the same errors on your machine as the pictures below shows you, use the following approach as further described, to be able to install Icinga web interface.

# yum install icinga-gui

4. The procedure to install icinga-gui package which provides the web interface is the following. First download the binary package form RepoForge website using wget command.

For 86-64-bit

# wget http://pkgs.repoforge.org/icinga/icinga-gui-1.8.4-4.el6.rf.x86_64.rpm

For 32-bit

# wget http://pkgs.repoforge.org/icinga/icinga-gui-1.8.4-4.el6.rf.i686.rpm

5. After wget finishes downloading the package, create a directory named icinga-gui (you can choose other name if you want), move icinga-gui RPM binary to that folder, enter the folder and extract RPM package contents by issuing the next series of commands.

# mkdir icinga-gui
# mv icinga-gui-* icinga-gui
# cd icinga-gui
# rpm2cpio icinga-gui-* | cpio -idmv

6. Now that you have the extracted icinga-gui package, use ls command to visualize folder content – it should result three new directories – etc, usr and var. Start by executing a recursive copying of all three resulted directories on your system root file system layout.

# cp -r etc/* /etc/
# cp -r usr/* /usr/
# cp -r var/* /var/

Step 2: Modify Icinga Apache Configuration file and System Permissions

7. As presented on this article introduction, your system needs to have Apache HTTP server and PHP installed in order to be able to run Icinga Web Interface.

After you finished the above steps, a new configuration file should be now present on Apache conf.d path named icinga.conf. In order to be able to access Icinga from a remote location from browser, open this configuration file and replace all its content with the following configurations.

# nano /etc/httpd/conf.d/icinga.conf

Make sure you replace all file content with the following.

ScriptAlias /icinga/cgi-bin "/usr/lib64/icinga/cgi"

<Directory "/usr/lib64/icinga/cgi">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   AuthName "Icinga Access"
   AuthType Basic
   AuthUserFile /etc/icinga/passwd

   <IfModule mod_authz_core.c>
      # Apache 2.4
      <RequireAll>
         Require all granted
         # Require local
         Require valid-user
      </RequireAll>
   </IfModule>

   <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order allow,deny
      Allow from all
      #  Order deny,allow
      #  Deny from all
      #  Allow from 127.0.0.1
      Require valid-user
    </IfModule>
 </Directory>

Alias /icinga "/usr/share/icinga/"

<Directory "/usr/share/icinga/">

#  SSLRequireSSL
   Options None
   AllowOverride All
   AuthName "Icinga Access"
   AuthType Basic
   AuthUserFile /etc/icinga/passwd

   <IfModule mod_authz_core.c>
      # Apache 2.4
      <RequireAll>
         Require all granted
         # Require local
         Require valid-user
      </RequireAll>
   </IfModule>

   <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order allow,deny
      Allow from all
      #  Order deny,allow
      #  Deny from all
      #  Allow from 127.0.0.1
      Require valid-user
   </IfModule>
</Directory>

8. After you have edited Icinga httpd configuration file, add Apache system user to Icinga system group and use the following system permissions on next system paths.

# usermod -aG icinga apache
# chown -R icinga:icinga /var/spool/icinga/*
# chgrp -R icinga /etc/icinga/*
# chgrp -R icinga /usr/lib64/icinga/*
# chgrp -R icinga /usr/share/icinga/*

9. Before starting Icinga system process and Apache server, make sure you also disable SELinux security mechanism by running setenforce 0 command and make the changes permanent by editing /etc/selinux/configfile, changing SELINUX context from enforcing to disabled.

# nano /etc/selinux/config

Modify SELINUX directive to look like this.

SELINUX=disabled

You can also use getenforce command to view SELinux status.

10. As the last step before starting Icinga process and web interface, as a security measure you can now modify Icinga Admin password by running the following command, and then start both processes.

# htpasswd -cm /etc/icinga/passwd icingaadmin
# systemctl start icinga
# systemctl start httpd

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm
# yum install yum install nagios-plugins nagios-plugins-all

Linux operating systems have tons of open source network monitoring tools on the web. Say, you can use iftop command to check bandwidth usage, netstat command to see reports on interface statistics or top commandto watch running process on your system. But if you are really looking for something that can give you a real time statistics of your network bandwidth of per process usage, then NetHogs is the only utility you should look for.

What is NetHogs?

NetHogs is an open source command line program (similar to Linux top command) that is used for monitor real time network traffic bandwidth used by each process or application.

From NetHogs Project Page

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.

Install NetHogs in RHEL, CentOS and Fedora

To install nethogs, you must turn on EPEL repository under your Linux systems and then run the following yum command to download and install nethogs package.

# yum install nethogs

Sample Output

[root@tecmint ~]# yum -y install nethogs

Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
 * base: mirrors.hns.net.in
 * epel: mirror.nus.edu.sg
 * extras: mirrors.hns.net.in
 * rpmfusion-free-updates: mirrors.ustc.edu.cn
 * rpmfusion-nonfree-updates: mirror.de.leaseweb.net
 * updates: mirrors.hns.net.in
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nethogs.i686 0:0.8.0-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================
 Package				Arch				Version					Repository					Size
===========================================================================================================
Installing:
 nethogs				i686				0.8.0-1.el6				epel						28 k

Transaction Summary
===========================================================================================================
Install       1 Package(s)

Total download size: 28 k
Installed size: 50 k
Downloading Packages:
nethogs-0.8.0-1.el6.i686.rpm														|  28 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nethogs-0.8.0-1.el6.i686                                                          1/1
  Verifying  : nethogs-0.8.0-1.el6.i686                                                          1/1

Installed:
  nethogs.i686 0:0.8.0-1.el6

Complete!

Install NetHogs in Ubuntu, Linux Mint and Debian

To install nethogs, type the following apt-get command to install nethogs package.

$ sudo apt-get install nethogs

Sample Output

tecmint@tecmint:~$ sudo apt-get install nethogs

[sudo] password for tecmint: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  nethogs
0 upgraded, 1 newly installed, 0 to remove and 318 not upgraded.
Need to get 27.1 kB of archives.
After this operation, 100 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu/ quantal/universe nethogs i386 0.8.0-1 [27.1 kB]
Fetched 27.1 kB in 1s (19.8 kB/s)  
Selecting previously unselected package nethogs.
(Reading database ... 216058 files and directories currently installed.)
Unpacking nethogs (from .../nethogs_0.8.0-1_i386.deb) ...
Processing triggers for man-db ...
Setting up nethogs (0.8.0-1) ...

Using NetHogs Utility

To run the nethogs utility, type the following command under red-hat based systems.

# nethogs

To execute it, you will must have root permissions, so run with sudo command as shown.

$ sudo nethogs

Sample Previews:

As you see above the send and received lines show the amount of traffic being used by per process. The total sent and received usage of bandwidth calculated at the bottom. You can sort and change the order by using the interactive controls discussed below.

NetHogs Command Line Options

Following are the nethogs command line options. Using ‘-d‘ to add a refresh rate and ‘device name‘ to monitor specific given device or devices bandwidth (default is eth0). For example, to set 5 seconds as your refresh rate, then type the command as.

# nethogs -d 5

$ sudo nethogs -d 5

To monitor specific device (eth0) network bandwidth only, use the command as.

# nethogs eth0

$ sudo nethogs eth0

To monitor network bandwidth of both eth0 and eth1 interfaces, type the following command.

# nethogs eth0 eth1

$ sudo nethogs eth0 eth1

Other Options and Usage

-d : delay for refresh rate.
-h : display available commands usage.
-p : sniff in promiscious mode (not recommended).
-t : tracemode.
-V : prints Version info.

NetHogs Interactive Controls

Following are some useful interactive controls (Keyboard Shortcuts) of nethogs program.

-m : Change the units displayed for the bandwidth in units like KB/sec -> KB -> B-> MB.
-r : Sort by magnitude of respectively traffic.
-s : Sort by magnitude of sent traffic.
-q : Hit quit to the shell prompt.

Source

Petit is a free and open source command line based log analysis tool for Unix-like as well as Cygwin systems, designed to rapidly analyze log files in enterprise environments.

It is intended to follow the Unix philosophy of small fast and easy to use, and can be used to inspect/supports different log file formats including syslog and Apache log files.

Petit Features

• Supports for log analysis.
• Auto-detects and supports various log file formats( e.g. Syslog, Apache Access, Apache Error, Snort Log, Linux Secure Log, and raw log files).
• Supports for log Hashing .
• Supports command line graphing.
• Supports for word discovery and count with common stop-words within log data.
• Supports for log reduction for easy reading.
• Provides various default and specially made filters.
• Supports fingerprints, useful in identifying and excluding reboot signatures.
• Offers several output options for wide screen terminals and character selection and many more.

In this tutorial, we will show you how to install and use Petit log analysis tool in Linux to pull out useful information from system logs in a various ways.

How to Install and Use Petit Log Analysis Tool in Linux

Petit can be installed from the default repositories of Debian/Ubuntu and its derivatives, using apt package management tool as shown below.

$ sudo apt install petit

On RHEL/CentOS/Fedora systems, download and install the .rpm package like this.

# wget http://crunchtools.com/wp-content/files/petit/petit-current.rpm
# rpm -i petit-current.rpm

Once installed, it’s time to see the Petit basic usage with examples..

Hashing a Log File

This is a straightforward petit function – it sums up the number of lines discovered in a log file. It’s output comprises of the number of similar lines found in the log and what the group broadly looked like as shown below.

# petit --hash /var/log/yum.log
OR
# petit --hash --fingerprint /var/log/messages

2:	Mar 18 14:35:54 Installed: libiec61883-1.2.0-4.el6.x86_64
2:	Mar 18 15:25:18 Installed: xorg-x11-drv-i740-1.3.4-11.el6.x86_64
1:	Dec 16 12:36:23 Installed: 5:mutt-1.5.20-7.20091214hg736b6a.el6.x86_64
1:	Dec 16 12:36:22 Installed: mailcap-2.1.31-2.el6.noarch
1:	Dec 16 12:40:49 Installed: mailx-12.4-8.el6_6.x86_64
1:	Dec 16 12:40:20 Installed: man-1.6f-32.el6.x86_64
1:	Dec 16 12:43:33 Installed: sysstat-9.0.4-31.el6.x86_64
1:	Dec 16 12:36:22 Installed: tokyocabinet-1.4.33-6.el6.x86_64
1:	Dec 16 12:36:22 Installed: urlview-0.9-7.el6.x86_64
1:	Dec 16 12:40:19 Installed: xz-4.999.9-0.5.beta.20091007git.el6.x86_64
1:	Dec 16 12:40:19 Installed: xz-lzma-compat-4.999.9-0.5.beta.20091007git.el6.x86_64
1:	Dec 16 12:43:31 Updated: 2:tar-1.23-15.el6_8.x86_64
1:	Dec 16 12:43:31 Updated: procps-3.2.8-36.el6.x86_64
1:	Feb 18 12:40:27 Erased: mysql
1:	Feb 18 12:40:28 Erased: mysql-libs
1:	Feb 18 12:40:22 Installed: MariaDB-client-10.1.21-1.el6.x86_64
1:	Feb 18 12:40:12 Installed: MariaDB-common-10.1.21-1.el6.x86_64
1:	Feb 18 12:40:10 Installed: MariaDB-compat-10.1.21-1.el6.x86_64
1:	Feb 18 12:54:50 Installed: apr-1.3.9-5.el6_2.x86_64
......

Finding Number Of Lines Produced by a Daemon

Using the --daemon option helps to output a basic report of lines produced by particular system daemon as shown in the example below.

# petit --hash --daemon /var/log/syslog

847:	vmunix:
48:	CRON[#]:
30:	dhclient[#]:
26:	nm-dispatcher:
14:	rtkit-daemon[#]:
6:	smartd[#]:
5:	ntfs-#g[#]:
4:	udisksd[#]:
3:	mdm[#]:
2:	ag[#]:
2:	syslogd
1:	cinnamon-killer-daemon:
1:	cinnamon-session[#]:
1:	pulseaudio[#]:

Finding Number Of Lines Produced by a Host

To find all the number of lines generated by a particular host, use the --host flag as shown below. This can be useful when analyzing log files for more than one host.

# petit --host /var/log/syslog

999:	tecmint

Performing a Word Count in a Log File

This function is used to search and display qualitatively significant words in a log file.

# petit --wordcount /var/log/syslog

845:	[
97:	[mem
75:	ACPI:
64:	pci
62:	debian-sa#
62:	to
51:	USB
50:	of
49:	device
47:	&&
47:	(root)
47:	CMD
47:	usb
41:	systemd#
36:	ACPI
32:	>
32:	driver
32:	reserved
31:	(comm#
31:	-v

Graphing a Log File

This works in a key/value bar charting format, for side by side comparison of distributions as shown in the examples below.

To graph the first 60 seconds in a syslog, use the --sgrapg flag like this.

# petit --sgraph /var/log/syslog

#                                                           
#                                                           
#                                                           
#                                                           
#                                                           
############################################################
59                            29                           58 

Start Time:	2017-06-08 09:45:59 		Minimum Value: 0
End Time:	2017-06-08 09:46:58 		Maximum Value: 1
Duration:	60 seconds 			Scale: 0.166666666667

Tracking Particular Words in a Log File

This example shows how to track and graph a specific word (e.g “dhcp” in the command below) in a log file.

# cat /var/log/messages | grep error | petit --mgraph

#                        #                          #       
#                        #                          #       
#                        #                          #       
#                        #                          #       
#                        #                          #       
############################################################
10                            40                           09 

Start Time:	2017-06-08 10:10:00 		Minimum Value: 0
End Time:	2017-06-08 11:09:00 		Maximum Value: 2
Duration:	60 minutes 			Scale: 0.333333333333

Additionally, to show samples for each entry in a log file, use the –allsamples option like this.

# petit --hash --allsample /var/log/syslog

Important Petit Files:

• /var/lib/petit/fingerprint_library – used to construct custom fingerprint files.
• /var/lib/petit/fingerprints (aggregate fingerprint files) – used to filter out reboots and other events not considered vital by the system administrator.
• /var/lib/petit/filters/

For more information and usage options, read the petit man page like this.

# man petit
OR
# petit -h

Petit Homepage: http://crunchtools.com/software/petit/

Also read through these useful guides concerning log monitoring and management in Linux:

1. 4 Good Open Source Log Monitoring and Management Tools for Linux
2. How to Manage System Logs (Configure, Rotate and Import Into Database) in Linux
3. How to Setup and Manage Log Rotation Using Logrotate in Linux
4. Monitor Server Logs in Real-Time with “Log.io” Tool on Linux

Source

Опубликовано: 19 мар. 2019 г.

Hey folks, take a quick look at the upcoming Ubuntu 19.04 default GNOME versions.

The awesome wallpaper in the end is created by SylviaRitter and you can get it from her DeviantArt here: https://www.deviantart.com/sylviaritt…

More info about Ubuntu 19.04 features can be found on our website: https://itsfoss.com/ubuntu-19-04-rele…

Basically, Ubuntu 19.04 Disco Dingo adds little to what we already have in Ubuntu 18.10. There are a few improvements here and there but you won’t notice a lot of difference from the previous release of Ubuntu 18.10 Cosmic Cuttlefish.

Some of the promised new features like Android Integration is still nowhere to be seen.

If you are using Ubuntu 18.04, you may like the looks.

Music created by Mozart and performed by Bernd Krueger is licensed under a Creative Commons Attribution License:

https://creativecommons.org/licenses/…Source: http://www.piano-midi.de/mozart.htm

Source

For those of you in the hosting business, or if you’re hosting your own servers and exposing them to the Internet, securing your systems against attackers must be a high priority.

mod_security (an open source intrusion detection and prevention engine for web applications that integrates seamlessly with the web server) and mod_evasive are two very important tools that can be used to protect a web server against brute force or (D)DoS attacks.

Read Also : How to Install Linux Malware Detect with ClamAV as Antivirus Engine

mod_evasive, as its name suggests, provides evasive capabilities while under attack, acting as an umbrella that shields web servers from such threats.

This assumes that you have a LAMP server installed on your system. If not, please check this article before proceeding further.

1. Install LAMP stack in RHEL/CentOS 7

You will also need to setup iptables as the default firewall front-end instead of firewalld if you’re running RHEL/CentOS 7 or Fedora 21. We do this in order to use the same tool in both RHEL/CentOS 7/6 and Fedora 21.

Step 1: Installing Iptables Firewall on RHEL/CentOS 7 and Fedora 21

To begin, stop and disable firewalld:

# systemctl stop firewalld
# systemctl disable firewalld

Then install the iptables-services package before enabling iptables:

# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables

Step 2: Installing Mod_Security and Mod_evasive

In addition to having a LAMP setup already in place, you will also have to enable the EPEL repository in RHEL/CentOS 7/6 in order to install both packages. Fedora users don’t need to enable any repo, because epel is a already part of Fedora project.

# yum update && yum install mod_security mod_evasive

When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.

# ls -l /etc/httpd/conf.d

Now, in order to integrate these two modules with Apache and have it load them when it starts, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf, respectively:

LoadModule evasive20_module modules/mod_evasive24.so
LoadModule security2_module modules/mod_security2.so

Note that modules/mod_security2.so and modules/mod_evasive24.so are the relative paths, from the /etc/httpd directory to the source file of the module. You can verify this (and change it, if needed) by listing the contents of the /etc/httpd/modules directory:

# cd /etc/httpd/modules
# pwd
# ls -l | grep -Ei '(evasive|security)'

Then restart Apache and verify that it loads mod_evasive and mod_security:

# service httpd restart 		[On RHEL/CentOS 6 and Fedora 20-18]
# systemctl restart httpd 		[On RHEL/CentOS 7 and Fedora 21]

[Dump a list of loaded Static and Shared Modules]

# httpd -M | grep -Ei '(evasive|security)'				

# mkdir /etc/httpd/crs-tecmint
# cd /etc/httpd/crs-tecmint
# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master

# tar xzf master
# mv SpiderLabs-owasp-modsecurity-crs-ebe8790 owasp-modsecurity-crs

# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

<IfModule security2_module>
    Include crs-tecmint/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
    Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf
</IfModule>

<IfModule mod_security2.c>
	SecRuleEngine On
	SecRequestBodyAccess On
	SecResponseBodyAccess On 
	SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream 
	SecDataDir /tmp
</IfModule>

<IfModule mod_evasive24.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>

# setsebool -P httpd_can_sendmail 1

DOSEmailNotify you@yourdomain.com

DOSSystemCommand </command>

#!/bin/sh
# IP that will be blocked, as detected by mod_evasive
IP=$1
# Full path to iptables
IPTABLES="/sbin/iptables"
# mod_evasive lock directory
MOD_EVASIVE_LOGDIR=/var/log/mod_evasive
# Add the following firewall rule (block all traffic coming from $IP)
$IPTABLES -I INPUT -s $IP -j DROP
# Remove lock file for future checks
rm -f "$MOD_EVASIVE_LOGDIR"/dos-"$IP"

DOSSystemCommand "sudo /usr/local/bin/scripts-tecmint/ban_ip.sh %s"

apache ALL=NOPASSWD: /usr/local/bin/scripts-tecmint/ban_ip.sh
Defaults:apache !requiretty

#Defaults requiretty

# service httpd restart 		[On RHEL/CentOS 6 and Fedora 20-18]
# systemctl restart httpd 		[On RHEL/CentOS 7 and Fedora 21]

Then the offending IP is blocked by iptables:

Conclusion

With mod_security and mod_evasive enabled, the simulated attack causes the CPU and RAM to experiment a temporary usage peak for only a couple of seconds before the source IPs are blacklisted and blocked by the firewall. Without these tools, the simulation will surely knock down the server very fast and render it unusable during the duration of the attack.

We would love to hear if you’re planning on using (or have used in the past) these tools. We always look forward to hearing from you, so don’t hesitate to leave your comments and questions, if any, using the form below.

Reference Links

https://www.modsecurity.org/
http://www.zdziarski.com/blog/?page_id=442

Source