Monday, November 28, 2011

OS block size for Linux and Windows

Determine OS block size for Linux and Windows


A block is a uniformly sized unit of data storage for a filesystem. Block size can be an important consideration when setting up a system that is designed for maximum performance.


Block size in Linux : If we want to confirm the block size of any filesystem of Ubuntu or any other Linux OS, tune2fs command is here to help:

ubuntu# tune2fs -l /dev/sda1 | grep Block
Block count: 4980736
Block size: 4096
Blocks per group: 32768


From this example, we can see that the default block size for the filesystem on /dev/sda1 partition is 4096 bytes, or 4k. That's the default block size for ext3 filesystem.

OS block size in Solaris :

$perl -e '$a=(stat ".")[11]; print $a'
8192

or
$df -g | grep 'block size'

Block size in Window Machine : If OS is using ntfs system use the below command :

C:\>fsutil fsinfo ntfsinfo D:
NTFS Volume Serial Number : 0x7a141d52141d12ad
Version : 3.1
Number Sectors : 0x00000000036b17d0
Total Clusters : 0x00000000006d62fa
Free Clusters : 0x00000000001ed190
Total Reserved : 0x0000000000000170
Bytes Per Sector : 512
Bytes Per Cluster : 4096 <<=== (block size)
Bytes Per FileRecord Segment : 1024
Clusters Per FileRecord Segment : 0
Mft Valid Data Length : 0x0000000005b64000
Mft Start Lcn : 0x00000000000c0000
Mft2 Start Lcn : 0x000000000036b17d
Mft Zone Start : 0x000000000043c9c0
Mft Zone End : 0x000000000044b460

Tuesday, November 22, 2011

nslookup

Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel. This article includes several tips for using Nslookup.exe.


MORE INFORMATIONTo use Nslookup.exe, please note the following: The TCP/IP protocol must be inst...To use Nslookup.exe, please note the following:
•The TCP/IP protocol must be installed on the computer running Nslookup.exe
•At least one DNS server must be specified when you run the IPCONFIG /ALL command from a command prompt.
•Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be appended to the current context. For example, the current DNS settings are att.com and a query is performed on www.microsoft.com; the first query will go out as www.microsoft.com.att.com because of the query being unqualified. This behavior may be inconsistent with other vendor's versions of Nslookup, and this article is presented to clarify the behavior of Microsoft Windows NT Nslookup.exe
•If you have implemented the use of the search list in the Domain Suffix Search Order defined on the DNS tab of the Microsoft TCP/IP Properties page, devolution will not occur. The query will be appended to the domain suffixes specified in the list. To avoid using the search list, always use a Fully Qualified Domain Name (that is, add the trailing dot to the name).

Nslookup.exe can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:


nslookup [-option] [hostname] [server]

To start Nslookup.exe in interactive mode, simply type "nslookup" at the command prompt:


C:\> nslookup
Default Server: nameserver1.domain.com
Address: 10.0.0.1
>

Typing "help" or "?" at the command prompt will generate a list of available commands. Anything typed at the command prompt that is not recognized as a valid command is assumed to be a host name and an attempt is made to resolve it using the default server. To interrupt interactive commands, press CTRL+C. To exit interactive mode and return to the command prompt, type exit at the command prompt.

The following is the help output and contains the complete list of options:


Commands: (identifiers are shown in uppercase, [] means optional)

NAME - print info about the host/domain NAME using default
server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option

all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,
and so on
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (for example, A, ANY, CNAME, MX,
NS, PTR, SOA, SRV)
querytype=X - same as type
class=X - set query class (for example, IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request

server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to
FILE)

-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (for example, A, CNAME,
MX, NS, PTR, and so on)

view FILE - sort an 'ls' output file and view it with pg
exit - exit the program

A number of different options can be set in Nslookup.exe by running the set command at the command prompt. A complete listing of these options is obtained by typing set all. See above, under the set command for a printout of the available options.




Looking up Different Data Types
To look up different data types within the domain name space, use the set type or set q[uerytype] command at the command prompt. For example, to query for the mail exchanger data, type the following:

C:\> nslookup
Default Server: ns1.domain.com
Address: 10.0.0.1

> set q=mx
> mailhost
Server: ns1.domain.com
Address: 10.0.0.1

mailhost.domain.com MX preference = 0, mail exchanger =
mailhost.domain.com
mailhost.domain.com internet address = 10.0.0.5
>

The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.




Querying Directly from Another Name Server
To query another name server directly, use the server or lserver commands to switch to that name server. The lserver command uses the local server to get the address of the server to switch to, while the server command uses the current default server to get the address.

Example:

C:\> nslookup

Default Server: nameserver1.domain.com
Address: 10.0.0.1

> server 10.0.0.2

Default Server: nameserver2.domain.com
Address: 10.0.0.2
>

Using Nslookup.exe to Transfer Entire Zone
Nslookup can be used to transfer an entire zone by using the ls command. This is useful to see all the hosts within a remote domain. The syntax for the ls command is:


ls [- a | d | t type] domain [> filename]

Using ls with no arguments will return a list of all address and name server data. The -a switch will return alias and canonical names, -d will return all data, and -t will filter by type.

Example:


>ls domain.com
[nameserver1.domain.com]
nameserver1.domain.com. NS server = ns1.domain.com
nameserver2.domain.com NS server = ns2.domain.com
nameserver1 A 10.0.0.1
nameserver2 A 10.0.0.2

>

Zone transfers can be blocked at the DNS server so that only authorized addresses or networks can perform this function. The following error will be returned if zone security has been set:

*** Can't list domain example.com.: Query refused
For additional information, see the following article or articles in the Microsoft Knowledge Base:

193837 (http://support.microsoft.com/kb/193837/EN-US/ ) Windows NT 4.0 DNS Server Default Zone Security Settings
Back to the top
Troubleshooting Nslookup.exe
Default Server Timed Out
When starting the Nslookup.exe utility, the following errors may occur:

*** Can't find server name for address w.x.y.z: Timed out
NOTE: w.x.y.z is the first DNS server listed in the DNS Service Search Order list.


*** Can't find server name for address 127.0.0.1: Timed out
The first error indicates that the DNS server cannot be reached or the service is not running on that computer. To correct this problem, either start the DNS service on that server or check for possible connectivity problems.

The second error indicates that no servers have been defined in the DNS Service Search Order list. To correct this problem, add the IP address of a valid DNS server to this list.

For additional information, see the following article or articles in the Microsoft Knowledge Base:

172060 (http://support.microsoft.com/kb/172060/EN-US/ ) NSLOOKUP: Can't Find Server Name for Address 127.0.0.1
Can't Find Server Name when Starting Nslookup.exe
When starting the Nslookup.exe utility, the following error may occur:


*** Can't find server name for address w.x.y.z: Non-existent domain

This error occurs when there is no PTR record for the name server's IP address. When Nslookup.exe starts, it does a reverse lookup to get the name of the default server. If no PTR data exists, this error message is returned. To correct make sure that a reverse lookup zone exists and contains PTR records for the name servers.

For additional information, see the following article or articles in the Microsoft Knowledge Base:

172953 (http://support.microsoft.com/kb/172953/EN-US/ ) How to Install and Configure Microsoft DNS Server
Nslookup on Child Domain Fails
When querying or doing a zone transfer on a child domain, Nslookup may return the following errors:


*** ns.domain.com can't find child.domain.com.: Non-existent domain *** Can't list domain child.domain.com.: Non-existent domain

In DNS Manager, a new domain can be added under the primary zone, thus creating a child domain. Creating a child domain this way does not create a separate db file for the domain, thus querying that domain or running a zone transfer on it will produce the above errors. Running a zone transfer on the parent domain will list data for both the parent and child domains. To work around this problem, create a new primary zone on the DNS server for the child domain.

Friday, November 18, 2011

Boot sequence summary

You may find that your server isn't actually booting to runlevel 3, maybe it's going to 5 (with graphical login)? who -r or runlevel should tell you the current runlevel, and grep initdefault /etc/inittab the boot-time default.


Boot sequence summary
1BIOS
2Master Boot Record (MBR)
3Kernel
4init

--------------------------------------------------------------------------------

BIOS
Load boot sector from one of:

•Floppy
•CDROM
•SCSI drive
•IDE drive

--------------------------------------------------------------------------------

Master Boot Record
•MBR (loaded from /dev/hda or /dev/sda) contains:
◦lilo
■load kernel (image=), or
■load partition boot sector (other=)
◦DOS
■load "bootable" partition boot sector (set with fdisk)
•partition boot sector (eg /dev/hda2) contains:
◦DOS
■loadlin
◦lilo
■kernel

--------------------------------------------------------------------------------

LILO
One minute guide to installing a new kernel

•edit /etc/lilo.conf
◦duplicate image= section, eg:
image=/bzImage-2.2.12
label=12
read-only
◦man lilo.conf for details
•run /sbin/lilo
•(copy modules)
•reboot to test

--------------------------------------------------------------------------------

Kernel
•initialise devices
•(optionally loads initrd, see below)
•mount root FS
◦specified by lilo or loadin
◦kernel prints:
■VFS: Mounted root (ext2 filesystem) readonly.
•run /sbin/init, PID 1
◦can be changed with boot=
◦init prints:
■INIT: version 2.76 booting

--------------------------------------------------------------------------------

initrd
Allows setup to be performed before root FS is mounted

•lilo or loadlin loads ram disk image
•kernel runs /linuxrc
◦load modules
◦initialise devices
◦/linuxrc exits
•"real" root is mounted
•kernel runs /sbin/init
Details in /usr/src/linux/Documentation/initrd.txt


--------------------------------------------------------------------------------

/sbin/init
•reads /etc/inittab
•runs script defined by this line:
◦si::sysinit:/etc/init.d/rcS
•switches to runlevel defined by
◦id:3:initdefault:

--------------------------------------------------------------------------------

sysinit
•debian: /etc/init.d/rcS which runs
◦/etc/rcS.d/S* scripts
■symlinks to /etc/init.d/*
◦/etc/rc.boot/* (depreciated)
•redhat: /etc/rc.d/rc.sysinit script which
◦load modules
◦check root FS and mount RW
◦mount local FS
◦setup network
◦mount remote FS

--------------------------------------------------------------------------------

Example Debian /etc/rcS.d/ directory
README
S05keymaps-lct.sh -> ../init.d/keymaps-lct.sh
S10checkroot.sh -> ../init.d/checkroot.sh
S20modutils -> ../init.d/modutils
S30checkfs.sh -> ../init.d/checkfs.sh
S35devpts.sh -> ../init.d/devpts.sh
S35mountall.sh -> ../init.d/mountall.sh
S35umsdos -> ../init.d/umsdos
S40hostname.sh -> ../init.d/hostname.sh
S40network -> ../init.d/network
S41ipmasq -> ../init.d/ipmasq
S45mountnfs.sh -> ../init.d/mountnfs.sh
S48console-screen.sh -> ../init.d/console-screen.sh
S50hwclock.sh -> ../init.d/hwclock.sh
S55bootmisc.sh -> ../init.d/bootmisc.sh
S55urandom -> ../init.d/urandom

--------------------------------------------------------------------------------

Run Levels
•0 halt
•1 single user
•2-4 user defined
•5 X11
•6 Reboot
•Default in /etc/inittab, eg
◦id:3:initdefault:
•Change using /sbin/telinit

--------------------------------------------------------------------------------

Run Level programs
•Run programs for specified run level
•/etc/inittab lines:
◦1:2345:respawn:/sbin/getty 9600 tty1
■Always running in runlevels 2, 3, 4, or 5
■Displays login on console (tty1)
◦2:234:respawn:/sbin/getty 9600 tty2
■Always running in runlevels 2, 3, or 4
■Displays login on console (tty2)
◦l3:3:wait:/etc/init.d/rc 3
■Run once when switching to runlevel 3.
■Uses scripts stored in /etc/rc3.d/
◦ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
■Run when control-alt-delete is pressed

--------------------------------------------------------------------------------

Typical /etc/rc3.d/ directory
When changing runlevels /etc/init.d/rc 3:
•Kills K##scripts
•Starts S##scripts
K25nfs-server -< ../init.d/nfs-server
K99xdm -< ../init.d/xdm
S10sysklogd -< ../init.d/sysklogd
S12kerneld -< ../init.d/kerneld
S15netstd_init -< ../init.d/netstd_init
S18netbase -< ../init.d/netbase
S20acct -< ../init.d/acct
S20anacron -< ../init.d/anacron
S20gpm -< ../init.d/gpm
S20postfix -< ../init.d/postfix
S20ppp -< ../init.d/ppp
S20ssh -< ../init.d/ssh
S20xfs -< ../init.d/xfs
S20xfstt -< ../init.d/xfstt
S20xntp3 -< ../init.d/xntp3
S89atd -< ../init.d/atd
S89cron -< ../init.d/cron
S99rmnologin -< ../init.d/rmnologin

--------------------------------------------------------------------------------

Boot Summary
•lilo
◦/etc/lilo.conf
•debian runs
◦/etc/rcS.d/S* and /etc/rc.boot/
◦/etc/rc3.d/S* scripts
•redhat runs
◦/etc/rc.d/rc.sysinit
◦/etc/rc.d/rc3.d/S* scripts

Monday, November 14, 2011

command to find the process of the port

netstat -tupln |grep 40110
tcp 0 0 0.0.0.0:40110 0.0.0.0:* LISTEN 23347/httpd
ps -ef|grep httpd

Sunday, November 13, 2011

History command with timestamp

History is a common command for shell to list out all the executed commands. It is very useful when it comes to investigation on what commands was executed that tear down the server. With the help of last command, you be able to track the login time of particular user as well as the the duration of the time he/she stays login.

last
...
mysurface tty7 :0 Mon Oct 6 20:07 - down (00:00)
reboot system boot 2.6.24.4-64.fc8 Mon Oct 6 20:06 (00:00)
mysurface pts/8 10.168.28.44 Mon Oct 6 17:42 - down (01:58)
mysurface pts/7 :0.0 Mon Oct 6 17:41 - 19:40 (01:59)
mysurface pts/6 :0.0 Mon Oct 6 17:27 - 19:40 (02:13)
mysurface pts/5 :0.0 Mon Oct 6 17:27 - 19:40 (02:13)
mysurface pts/5 :0.0 Mon Oct 6 15:52 - 15:59 (00:07)
...If the command line history could provides the date time of the commands being executed, that may really narrow down the scope of the user actions that cause the server malfunction. By default, history do not append with timestamp, but it is easy to configure it to display timestamp, you just need to set one environment variable HISTTIMEFORMAT.

HISTTIMEFORMAT takes format string of strftime. Check out the strftime manual to choose and construct the timestamp that suit your taste. My favorite is “%F %T “.

export HISTTIMEFORMAT="%F %T "Execute history again and you will see the effect on the spot, bare in mind that the timestamp for command lines that executed at previous sessions may not valid, as the time was not tracked.

...
994 2008-10-16 02:27:40 exit
995 2008-10-16 01:12:20 iptables -nL
996 2008-10-16 01:47:46 vi .bash_profile
997 2008-10-16 01:47:55 history
998 2008-10-16 01:48:03 . .bash_profile
999 2008-10-16 01:48:04 history
1000 2008-10-16 01:48:09 exit
1001 2008-10-16 02:27:43 history
...I would suggest you to put the export into ~/.bash_profile as well as /root/.bash_profile. In case you do not have .bash_profile, you can choose to put into ~/.bashrc.