Troubleshooting Kdump error "Memory for crashkernel is not reserved"

In case getting following error while starting kdump service

Memory for crashkernel is not reserved
Please reserve memory by passing "crashkernel=X@Y" parameter to the kernel

If your server is having more than 4GB of RAM then crashkernel=auto (in /etc/grub.conf line starting with kernel)will automatically Reserve memory else need to specify in following format:


crashkernel=0M-2G:128M,2G-6G:256M

If physical memory is 0MB to 2GB then 128MB of memory will be reserved
If physical memory is 2MB to 6GB then 256MB of memory will be reserved

Now REBOOT server for kdump changes to take effect (1st time after kdump installed, a new INITRD will be generated)

Thats it!!!

What Are Unix/Linux Processes And Their Types.......

A process is a running instance of a program. In this article we used two terms ‘program’ and ‘running instance’. Suppose we run a program simultaneously 5 times, then corresponding to each instance there will be a process running in the system. So we say that a process is a “running instance” of a program.

As you already know, you can use ps command to view the processes running on your system. For effective use of the ps command, refer to 7 Practical PS Command Examples for Process Monitoring.

1. Peeping Inside a Process

Now, since we are clear with what exactly a process is, lets dig a bit deeper to see what a process consists of. A Unix process can be thought of as a container which contains:

Program Instructions

Program instructions are kept in text segments which are executed by CPU. Usually for programs like text editors which are executed frequently the text segment is shared. This segment has read only privileges which means that a program cannot modify its text segment.

Data

Mostly the data is kept in data segment. Data segment can be classified into initialized data segment and uninitialized data segment. As the name suggest, initialized data segment contains those global variables which are initialized before hand while uninitialized data segment (also known as ‘BSS’ segment) contains uninitialized global variables. Also, static variables are stored in data segment.

Local variables which are local to functions are stored on stack. Stack is particular to a function and besides containing the information about local variables it also contains information about the address where the flow will return once the execution of function is done. Stack also contains information about the callers environment, like some of the machine registers are also stored on stack. A function which is called allocates memory for its local variables and temporary variables on stack itself. In case of recursive function an independent stack for each function call exists.

Then there is data which is stored on heap. This memory for this data is allocated on runtime on heap segment. Heap segment is not local to a process but shared across processes. This is the reason why C programmers worry a lot about memory leaks which are caused on heap segment and may affect other processes on the system.

Command line arguments and environment variables

A process also contains room for storing environment variables and the command line arguments that we pass to the program. Usually the vector containing the command line information is stored here and then the address of this vector of information and number of elements in vector is copied to ‘argv’ and ‘argc’ (the two arguments to ‘main()’ function).

Besides the above information, a process also contains information like

• State of its I/O
• Its priority and other control information

One of the most important control information for a process is the privileges. A process directly inherits all the privileges of the user who has triggered this process. For example a process triggered by user who does not have superuser privileges cannot do stuff that require root privileges while a process triggered by root can do any thing that it is programmed to do. An exception to the above rule is where a process can acquire greater privileges than the user who triggered it if the setuid or setgid bit is set for that particular process. But we will not go into much detail about it here(refer to the man pages of setuid and setgid for more information on this).

2. Background and foreground processes

As we already discussed that we can start a process by its name in Unix. Like some standard programs ‘ls’, ‘ps’ etc can be started by just typing their name on the shell prompt. There are two ways in which we can start a process

• Starting in foreground
• Starting in background

Suppose there is a utility that consumes some time and does a count. Lets say the the name of the utility is ‘count’ Now to trigger and run the program in foreground, I run the following command (where ‘count’ is the name of the binary from the code above) :

$ ./count
Counting done

So we see that, after running the binary ‘./count’, it took almost 10 seconds before the output was displayed on stdout and until then the shell was occupied by this process only. ie You could not perform any other operation on the same shell. Now, to trigger a process in background, add ‘&’ at the end of the command:

$ ./count &
[1] 4120

$ # Do some work on shell while the above program is working in the background

$ Counting done

The ampersand ‘&’ sign indicates that this process needs to be run as a background process. By running a background process, we can have access to the shell for doing any further operations. Like, in the output above, after running the binary ‘count’ in background, I used a couple of more commands on the same shell and when the binary ‘count’ was done with its processing, the output was thrown back on the same shell(the last line). So we can conclude that by default every process runs in foreground, receives input(if any) from keyboard and returns output to the user. While a background process is one which gets disconnected from the keyboard and user can use the same shell to do more operations.

For more information on foreground and background processes refer to: How to Manage UNIX Background Jobs

3. Types of process

So we see that process is a concept that is fundamental to an operating system. Almost every activity on an OS takes form of a process to do some stuff. There are different types of processes running on a system, some of them are :

Child processes

A process that is created by some other process during run-time. Usually child processes are created to execute some binary from within an existing process. Child processes are created using fork() system call. Normally process are made to run through shell/terminal. In that case the shell becomes the parent and the executed process becomes the child process. On Unix/Linux each process has a parent except the init process(we will learn about this later).

Daemon Processes

These are special processes that run in background. They are system related process that have no associated terminal. These processes run will root permissions and usually provide services to processes. As we already know that a daemon process does not have an attached terminal, well to achieve this the process has to be detached from the terminal. The ideal way on Linux/Unix to do this is to run a process through terminal and from within this process create another process and then terminate the parent process. Since the parent is terminated so now the child will become independent of the terminal and would be taken over by init process and hence would become a daemon process. A typical example would be a mail daemon that waits for the arrival of e-mails and notify when a mail is received.

Orphan processes

Usually a process creates a child process (as described above) and when the child process terminates, a signal is issued to the parent so that parent can do all the stuff that it is required to do when one of the child gets terminated. But there are situations when parent gets killed. In that case the child processes become orphan and then taken under by the init process. Though the init process takes the ownership of the orphan process but still these process are called as orphan as their original parents no longer exists.

Zombie process

When a child process gets terminated or completes its execution, then its entry in the process table remains until the parent process fetches the status information of the terminated child. So, until then the terminated process enters zombie state and is known as zombie process.  When a process is terminated then all the memory and resources associated with the process are released but the entry of the process in process table exists. A signal SIGCHILD is send to the parent of the process (that just terminated). Typically, the handler of this signal in the parent executes a ‘wait’ call that fetches the exit status of the terminated process and then the entry of this zombie process from the process table is also removed.

4. The init process

As we discussed earlier, init process is the 5th stage in the 6 Stage of Linux Boot Process.

You would be cognizant of the famous ‘chicken and egg’ theory regarding who came first. In terms of processes, as each process has a parent process, the same question can be asked about parent or child process. Well, fortunately there is an answer here. The answer is the init process that is started as a first process during boot sequence. That means there is no parent of init process. Lets verify it, since PID of init is ’1′, we use the ps command :

So we see from the output that PPID is 0, which means that there is no parent for this process.

$ ps -l 1
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY        TIME CMD
4 S     0     1     0  0  80   0 -  5952 poll_s ?          0:00 /sbin/init

Reference : http://www.thegeekstuff.com/2012/02/unix-process-overview/

Install D-Link DWA 525 N 150 Wireless Over Linux or Fedora 14

After a long time spending over google I find some useful NOTES over how to install D-Link DWA 525 N 150 Wireless Drivers, which are here:

Run command "lspci |grep -i network"
Output will be like :
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
06:02.0 Network controller: RaLink Device 3060

Go to http://www.ralinktech.com/support.php?s=2 and download RT3062PCI/mPCI/CB/PCIe(RT3060/RT3062/RT3562/RT3592)

This will ask for your Name and Mail ID, enter and when you click on Accept this will ask you for save or open. Save file to anywhere on your machine, lets say in /opt/

Go to /opt/ and run following command:
cd /opt
tar zxvf DPO_RT3562_3592_3062_LinuxSTA_V2.4.1.1_20101217.tgz
cd DPO_RT3562_3592_3062_LinuxSTA_V2.4.1.1_20101217

Change following in os/linux/config.mk file
vim os/linux/config.mk
HAS_WPA_SUPPLICANT = n -> HAS_WPA_SUPPLICANT = y
HAS_NATIVE_WPA_SUPPLICANT_SUPPORT = n -> HAS_NATIVE_WPA_SUPPLICANT_SUPPORT = y

After making above changes run following:
make
make install

After successfully completion of above command, run following:
insmod os/linux/rt3562sta.ko

Thats it!!! Setup a wireless connection through Network Connection and Enjoy your wi-fi network :)

Linux Security

----->   Enable Authentication for Single-User Mode

Single-User Mode is used for a system recovery. However, by default, no authentication is used if single-user mode is selected. This can be used to bypassing security on the server and gaining root access. To enable authentication for single-user mode, open the /etc/inittab, file:

 
# vi /etc/inittab

Add the following line to the file:

~~:S:wait:/sbin/sulogin

 

-----> Disable Interactive Hotkey Startup at Boot

A few Linux distribution like Fedora, CentOS or RHEL allows the console user to perform an interactive system startup by pressing [I] key. Using interactive boot, attacker can disable the firewall and other system services. Open /etc/sysconfig/init file:

# vi /etc/sysconfig/init

Modify the setting as follows:

PROMPT=no

-----> Setup Time-out for Login Shells

 Go into the user's home director:

# vi .bash_profile

TMOUT=300
readonly TMOUT
export TMOUT

In case of dealing with SSH, we need to define/enter the following:

To set an idle timeout interval, after this interval has passed, the idle user will be automatically logged out. Open /etc/ssh/sshd_config file, enter:

vi /etc/ssh/sshd_config

Find ClientAliveInterval and set to 300 (5 minutes) as follows:

ClientAliveInterval 300
ClientAliveCountMax 0

Save and close the file. Restart sshd:
# service sshd restart

Find command examples and auto remove files/folders

Following command search for files which are not accessed since last 15 days:

find /path/to/base/directory/for/search -mtime +15

Use cmin instead of mtime in case you want to search in minutes

Following command search for files which are not accessed since last 2 minutes:

find /path/to/base/directory/for/search -cmin +2


Automatically remove files which are not accessed within last 15 days:

find /path/to/base/directory/for/search -mtime +15 -exec rm -rf {} \;

NOTE: {} these braces are having the result (files/folders) from first command ' find /path/to/base/directory/for/search -mtime +15 '.

How To Install Java JDK or JRE on Ubuntu or Debian

How do I Install Java on Ubuntu or Debian OS?
Answer: If Java is not installed, you’ll get the following error message when you do java -version.

# java -version
The program 'java' can be found in the following packages:
* gij-4.3
* java-gcj-compat-headless
* openjdk-6-jre-headless
* cacao
* gij-4.2
* jamvm
* kaffe
Try: apt-get install

-su: java: command not found

Search for Java Package that needs to be Installed

Before installing, you may want to do apt-cache search to find out all available packages that starts with sun-java.
As shown below, you’ll find both Java5 and Java6 JDK and JRE related packages.

# sudo apt-get update

# apt-cache search ^sun-java
sun-javadb-client - Java DB client
sun-javadb-common - Java DB common files
sun-javadb-core - Java DB core
sun-javadb-demo - Java DB demo
sun-javadb-doc - Java DB documentation
sun-javadb-javadoc - Java DB javadoc
sun-java5-bin - Sun Java(TM) Runtime Environment (JRE) 5.0 (architecture dependent files)
sun-java5-demo - Sun Java(TM) Development Kit (JDK) 5.0 demos and examples
sun-java5-doc - Sun JDK(TM) Documention -- integration installer
sun-java5-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java5-jdk - Sun Java(TM) Development Kit (JDK) 5.0
sun-java5-jre - Sun Java(TM) Runtime Environment (JRE) 5.0 (architecture independent files)
sun-java5-plugin - The Java(TM) Plug-in, Java SE 5.0
sun-java5-source - Sun Java(TM) Development Kit (JDK) 5.0 source files
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent files)
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-doc - Sun JDK(TM) Documention -- integration installer
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independent files)
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files

Install Java on Ubuntu

Execute sudo apt-get install sun-java6-jdk to install the Java 6 JDK on Ubuntu as shown below. If you need only the run time environment, install sun-java6-jre.

# sudo apt-get install sun-java6-jdk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-2.6.28-11 linux-headers-2.6.28-11-generic
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
gsfonts-x11 java-common odbcinst1debian1 sun-java6-bin sun-java6-jre unixodbc
Suggested packages:
equivs sun-java6-demo openjdk-6-doc sun-java6-source sun-java6-plugin ia32-sun-java6-plugin sun-java6-fonts
libmyodbc odbc-postgresql libct1
The following NEW packages will be installed:
gsfonts-x11 java-common odbcinst1debian1 sun-java6-bin sun-java6-jdk sun-java6-jre unixodbc
0 upgraded, 7 newly installed, 0 to remove and 68 not upgraded.
Need to get 54.5MB of archives.
After this operation, 161MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://us.archive.ubuntu.com jaunty/main java-common 0.30ubuntu4 [80.3kB]
Get:2 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-jre 6-16-0ubuntu1.9.04 [6421kB]
Get:3 http://us.archive.ubuntu.com jaunty/main odbcinst1debian1 2.2.11-16build3 [66.3kB]
Get:4 http://us.archive.ubuntu.com jaunty/main unixodbc 2.2.11-16build3 [295kB]
Get:5 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-bin 6-16-0ubuntu1.9.04 [29.1MB]
Get:6 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-jdk 6-16-0ubuntu1.9.04 [18.5MB]
Get:7 http://us.archive.ubuntu.com jaunty/main gsfonts-x11 0.21 [10.5kB]
Fetched 54.5MB in 4min 53s (186kB/s)
Preconfiguring packages ...
Selecting previously deselected package java-common.
(Reading database ... 142715 files and directories currently installed.)
Unpacking java-common (from .../java-common_0.30ubuntu4_all.deb) ...
Selecting previously deselected package sun-java6-jre.
Unpacking sun-java6-jre (from .../sun-java6-jre_6-16-0ubuntu1.9.04_all.deb) ...
Selecting previously deselected package odbcinst1debian1.
Unpacking odbcinst1debian1 (from .../odbcinst1debian1_2.2.11-16build3_i386.deb) ...
Selecting previously deselected package unixodbc.
Unpacking unixodbc (from .../unixodbc_2.2.11-16build3_i386.deb) ...
Selecting previously deselected package sun-java6-bin.
Unpacking sun-java6-bin (from .../sun-java6-bin_6-16-0ubuntu1.9.04_i386.deb) ...
sun-dlj-v1-1 license has already been accepted
Selecting previously deselected package sun-java6-jdk.
Unpacking sun-java6-jdk (from .../sun-java6-jdk_6-16-0ubuntu1.9.04_i386.deb) ...
sun-dlj-v1-1 license has already been accepted
Selecting previously deselected package gsfonts-x11.
Unpacking gsfonts-x11 (from .../gsfonts-x11_0.21_all.deb) ...
Processing triggers for doc-base ...
Processing 3 added doc-base file(s)...
Registering documents with scrollkeeper...
Processing triggers for man-db ...
Processing triggers for shared-mime-info ...
Setting up java-common (0.30ubuntu4) ...
Setting up odbcinst1debian1 (2.2.11-16build3) ...
Setting up unixodbc (2.2.11-16build3) ...
Setting up gsfonts-x11 (0.21) ...
Setting up sun-java6-bin (6-16-0ubuntu1.9.04) ...
Setting up sun-java6-jre (6-16-0ubuntu1.9.04) ...
Setting up sun-java6-jdk (6-16-0ubuntu1.9.04) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place

During the installation, you’ll be prompted with the following window, where you have to read the “Operating System Distributor License for Java” and click on OK.
After reading the license terms, you’ll be prompted with the following window, where you have to agree to the “license terms” by clicking on Yes.

Verify the Java Installation

Finally, execute java -version and make sure Java is installed properly as shown below.

# java -version
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Server VM (build 14.2-b01, mixed mode)

Implement System protection against DOS/DDOS

bash# vi /etc/sysctl.conf

add the below code:

# Enable IP spoofing protection, turn on Source Address Verification

net.ipv4.conf.all.rp_filter = 1

# Enable TCP SYN Cookie Protection

net.ipv4.tcp_syncookies = 1


Add the below code in /etc/rc.local and restart network
for f in /proc/sys/net/ipv4/conf/*/rp_filter;

do echo 1 > done


echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Squid Transparent proxy with Iptables

While configuring squid as a transparent proxy we have to Add only single word "transparent"  into the squid.conf file:

Find line

http_port 3128

and change to

http_port 3128 transparent

This line will make your Squid as Transparent proxy.

Then In Iptables we need to add following entries:

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

eth0 = Private Network (LAN)
eth1 = Public Network IP

This command will redirect all requests which are coming from Private Network (LAN) for destination port 80 to 3128 (Squid Port). Then Squid will match all the ACL's criteria and forward request to Internet.