Archive for the 'fedora' Category

Install nfdump and nfsen netflow tools in Linux

Date: February 23, 2011. Categories: applications, cisco, debian, fedora, howtos, linux, ubuntu and unix. Comments

Using nfsen it is possible to view IP traffic statistics on Linux interfaces including the graphs showing data sent and received (see the screenshot to the right) as well as historical information about all data transfers. So after you’ve configured nfsen and nfdump to monitor traffic on certain Linux server or router you’ll be able to answer the following example questions: What IP was downloading data through 48161 last Wednesday? or How many bytes were sent to IP 8.8.8.8 via 53 port from Linux server? These are the only examples so nfdump and nfdump netflow tools gives you wide range of capabilities to monitor and analyze traffic on your Linux host.

Netflow is the protocol developed by Cisco to manage data about IP traffic. In a few words using Netflow you can collect data about all IP data send/received on multiple Cisco/Linux/BSD/Juniper hosts and send it to central Netflow collector that will show you the nice graphs and also will allow to have a complete picture of what data was sent/received on those hosts (including destination and source IP, port, bytes transfered, int/out interfaces etc). Nfdump is netflow collector. Nfsen is graphical tools for generating graphs and querying Nfdump for historical traffic reports. In this article you will see how to deploy all this staff in Linux.

Netflow probe is required to collect IP traffic data on Linux host. In general this piece of sofware will sit in background, store every network activity on certain network interface and then send collected data to Netflow collector nfdump. As Netflow probe I prefer fprobe that is totally simple application that just does its job. If you feel that fprobe is not what you need or there are some problems with installing it you can try softflowd that can do the same job.

Install fprobe from sources:

cd /usr/src/
sudo -s
wget http://sourceforge.net/projects/fprobe/files/fprobe/1.1/fprobe-1.1.tar.bz2/download
tar -xvjf fprobe-1.1.tar.bz2
cd fprobe-1.1
./configure --prefix=/
make
make install

Point fprobe to one of network interfaces of Linux host and make it to send data to Netflow collector:

fprobe -i eth0 11.22.33.44:23456

In above example fprobe stores all data trasnfers on eth0 network interface and sends collected data to 11.22.33.44 host via 23456 UDP port (you may want to change firewall rules to make Netflow working over 23456 UDP port).

Install nfdump Netflow collector from sources:

cd /usr/src/
sudo -s
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.2/nfdump-1.6.2.tar.gz/download
tar -xvzf nfdump-1.6.2.tar.gz
cd nfdump-1.6.2
./configure --prefix=/ --enable-nfprofile
make make
install

When finished Netflow collector becomes ready so you can start capturing traffic from Netflow probe. If you don’t need any graphical tools like nfsen described below you can just start collector and save Netflow data in /var/neflow/ directory (THIS STEP IS OPTIONAL):

/bin/nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l /var/netflow/

In order to install nfsen from sources you have to get all its prerequisites, run one of below lines depending on what Linux distro you’re using (1st line is for Fedora, Centos, Redhat while 2nd line is for Ubuntu, Debian, Mint and similar):

yum install rrdtool rrdtool-devel rrdutils perl-rrdtool -y

or

aptitude install rrdtool librrd2-dev librrd-dev librrd4 librrds-perl librrdp-perl

Compile nfsen from sources:

cd /usr/src/
sudo -s
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.5/nfsen-1.3.5.tar.gz/download
tar -xvzf nfsen-1.3.5.tar.gz
cd nfsen-1.3.5
cp etc/nfsen-dist.conf etc/nfsen.conf

In order to continue the installation you should edit file etc/nfsen.conf to specify where to install nfsen, web server’s username (yes, you have to install apache, lighttpd, nginx or any other web server first), its document root directory etc. The major section of that config file is ‘Netflow sources’ that must list all hosts you’ve started Netflow probes at. Here is an example section for monitoring above Linux host:

%sources = (
    'Linux-Host-eth0'    => { 'port' => '23456', 'col' => '#ff0000', 'type' => 'netflow' },
);

When finished it’s time to actually install nfsen using installation script:

./install.pl etc/nfsen.conf

In case of successful installation you will be notified with corresponding congratulations message so it would be proper time to start nfsen daemon:

/path/to/nfsen/bin/nfsen start

Now you can open http://localhost/nfsen/nfsen.php at Linux host where nfsen was installed to start using this Netflow tool and see some graphs. Notice that it takes about 5-10 minutes to see first bars at the graphs, if the graphs are still empty you will have to check at least the following:

1. If fprobe is able to communicate to Netwflow collector and can send Netflow data to it (use ‘ps ax | grep fprobe’ and Linux host being monitored and tcpdump tool at Netflow collector).
2. If Netflow collector is started and can receive data from Netflow probe. Use ‘ps ax | grep nfcapd’ and tcpdump at Netflow collector Linux host.

If you can add anything — feel free to drop a comment below.

How to assign range of IP addresses in Linux?

Date: November 26, 2010. Categories: centos, distros, fedora and linux. Comments

ip address exampleAs we know Linux allows to assign almost unlimited number of IP addresses to its interfaces. Such additional IPs applied to the same NIC are known as secondary IP addresses or just secondaries. Some time ago i faced a problem on how to apply about 500 IP addresses to one Linux box and then ensure that all of them get online after Linux reboots. There are several ways to accomplish this taks so i would like to share them all.

Shell script with ifconfig commands

This is one of the most inefficient ways to get many IP addresses applied to one network interface. Anyways it allows to create as many aliases for the interface as you like so you should create shell script and execute it every time Linux boots.

touch /path/to/script.sh
chmod +x /path/to/script.sh
vi /path/to/script.sh

Now you should add there shell lines which will apply IP addresses, e.g. the following one applies 60 IP addresses to eth0 interface:

for n in {3..63};  do ifconfig eth0:${n} 10.10.10.${n} netmask 255.255.255.0 up; done

If you type ‘ifconfig’ now you will very long output like this one:

eth0:3  Link encap:Ethernet  HWaddr 00:50:8D:D1:24:DB
          inet addr:10.10.10.3  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x2000 

eth0:4  Link encap:Ethernet  HWaddr 00:50:8D:D1:24:DB
          inet addr:10.10.10.4  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x2000

...

eth0:63  Link encap:Ethernet  HWaddr 00:50:8D:D1:24:DB
          inet addr:10.10.10.63  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x2000

If you decide to delete those IPs you can run the following line as a remedy:

for n in {3..63};  do ifconfig eth0:${n} 0.0.0.0 &> /dev/null; done

Once you finished editing /path/to/script.sh script you should add it to startup, so put the line /path/to/script.sh into /etc/rc.local file that Linux executes every time it boots. Please notice that in various distributions this file may be missing so consult with distro’s docs to get where it is stored.

Redhat/Centos/Fedora network scripts

Users of these Linux distributions can apply ranges of IP addresses using ifcfg-eth0-range0 files which are read during initialization of network interfaces during boot up process. The following example will make Linux to apply 200 IP addresses to eth1 during booting:

[root ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth1-range0

IPADDR_START=192.168.1.1
IPADDR_END=192.168.1.200
CLONENUM_START=10

CLONENUM_START value specifies starting identifier of alias that will be applied to eth1 interface, in above example the first 192.168.1.1 will be assigned to eth1:10 alias. The last IP of the range 192.168.1.200 will be applied to eth:210 sub-interface. This is totally easy approach.

Loopback interface

Did you know that by one line presented below you assign 1022 virtual IP addresses to your Linux system? Here it is:

ifconfig lo:0 10.0.0.1/22

Now you can make sure of this by pinging IPs from that range (10.0.0.1 – 10.0.3.254).

[root ~]#ping 10.0.0.1 -c 1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.063 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.063/0.063/0.063/0.000 ms

...

[root ~]#[root@whitehorse /]# ping 10.0.3.254 -c 1
PING 10.0.0.1 (10.0.3.254) 56(84) bytes of data.
64 bytes from 10.0.3.254: icmp_seq=1 ttl=64 time=0.063 ms

--- 10.0.3.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.063/0.063/0.063/0.000 ms

If you still feel that the first suggested way meets your requirements better than the third one please read more about loopback interface at wikipedia — loopbacks are much more useful than aliases in most cases.

Hope it helps!

How to monitor traffic at Cisco router using Linux (Netflow)

Date: November 25, 2010. Categories: applications, cisco, debian, distros, fedora, howtos, linux, perl and ubuntu. Comments

By default Cisco IOS doesn’t provide any traffic monitoring tools like iftop or iptraff available in Linux. While there are lots of proprietary solutions for this purpose including Cisco Netflow Collection, you are free to choose nfdump and nfsen open source software to monitor traffic of one or many Cisco routers and get detailed monitoring data through your Linux command line or as graphs at absolutely no cost.

Below is beginner’s guide that helps to quickly deploy netflow collector and visualizer under Linux and impress everybody by cute and descriptive graphs like these:

nfsen screen

It is highly recommended to look through Netflow basics to get brief understanding of how it works before configuring anything. For example, here is Cisco’s document that gives complete information about Netflow. In a few words to get started you should enable netflow exporting on Cisco router and point it to netflow collector running under Linux. Exported data will contain complete information about all packets the router has received/sent so nfdump and nfsen working under Linux will collect it and visualize to present you the graph like above example.

Cisco Router Setup

1. Enable flow export on ALL Cisco router’s interfaces that send and receive some traffic, here is an example:

Router1# configure terminal
Router1(config)#interface FastEthernet 0/0
Router1(config-if)#ip route-cache flow input
Router1(config-if)#interface FastEthernet 0/1
Router1(config-if)#ip route-cache flow input
...

2. Setup netflow export:

Router1# configure terminal
Router1(config)#ip flow-export source FastEthernet0/0
Router1(config)#ip flow-export source FastEthernet0/1
Router1(config)#ip flow-export version 5
Router1(config)#ip flow-export destination 1.1.1.1 23456

Where 1.1.1.1 is IP address of Linux host where you plan to collect and analyze netflow data. 23456 is port number of netflow collector running on Linux.

Linux Setup

1. Download and install nfdump.

cd /usr/src/
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.2/nfdump-1.6.2.tar.gz/download
tar -xvzf nfdump-1.6.2.tar.gz
cd nfdump-1.6.2
./configure --prefix=/ --enable-nfprofile
make
make install

2. Download and install nfsen.

It requires web server with php module and RRD so make sure you have the corresponding packages installed. I hope you’re running httpd with php already so below are rrd/perl related packages installation hints only.

Fedora/Centos/Redhat users should type this:

yum install rrdtool rrdtool-devel rrdutils perl-rrdtool

Ubuntu/Debian:

aptitude install rrdtool librrd2-dev librrd-dev librrd4 librrds-perl librrdp-perl

If you run some exotic Linux distribution just install everything that is related to rrd + perl.

At last, nfsen installation:

cd /usr/src/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.5/nfsen-1.3.5.tar.gz/download
tar -xvzf nfsen-1.3.5.tar.gz
cd nfsen-1.3.5
cp etc/nfsen-dist.conf etc/nfsen.conf

In order to continue you should edit file etc/nfsen.conf to specify where to install nfsen, web server’s username, its document root directory etc. That file is commented so there shouldn’t be serious problems with it.

One of the major sections of nfsen.conf is ‘Netflow sources’, it should contain exactly the same port number(s) you’ve configured Cisco with — recall ‘ip flow-export …’ line where we’ve specified port 23456. E.g.

%sources = (
    'Router1'    => { 'port' => '23456', 'col' => '#0000ff', 'type' => 'netflow' },
);

Now it’s time to finish the installation:

./install.pl etc/nfsen.conf

In case of success you’ll see corresponding notification after which you will have to start nfsen daemon to get the ball rolling:

/path/to/nfsen/bin/nfsen start

From this point nfdump started collecting netflow data exported by Cisco router and nfsen is hardly working to visualize it — just open web browser and go to http://linux_web_server/nfsen/nfsen.php to make sure. If you see empty graphs just wait for a while to let nfsen to collect enough data to visualize it.

That’s it!

The easiest way to split and merge pdf files in Ubuntu

Date: June 18, 2010. Categories: centos, debian, fedora, linux and ubuntu. Comments

The easiest way to split, merge or edit pdf files in Ubuntu is to use pdftk utility. This rather old (latest version was released in 2006) but still simple and powerful program can be installed in Ubuntu (Debian or any deb-family Linux distribution) by the following command in terminal:

sudo aptitude install pdftk
(if you run Fedora, RedHat or CentOS use this one: sudo yum install pdftk)

Split large pdf into many one-page files:

pdftk largepdfile.pdf burst

(as the result you will get many small files like pg_0001.pdf, pg_0002.pdf and so on).

Merge files into one PDF file:

pdftk *.pdf cat output onelargepdfile.pdf

pdftk is extremely powerful and makes it possible to do almost anything with input pdf files. Thus above two commands are just examples showing how to split and merge pdf files in Ubuntu easily.

16 GB encrypted candy file

Date: May 5, 2010. Categories: backup, centos, debian, distros, docs, fedora, hacks, linux, shell and ubuntu. Comments

Update: as far as cryptoloop is vulnerable and is not maintained I don’t recommend using below approach for creating encrypted for for those of you who require strong security. Use truecrypt to create encrypted filesystem within a file instead.

passwords.txtToday it came to my mind that it is time to make sensitive information stored on my usb flash drive encrypted but still transportable and easy to use. But I don’t want to have whole my 32 GB usb drive fully encrypted using truecrypt or something similar. It is just toooo slow. I also don’t want to use GPG for uncompressing files and directories every time I would like to read them and then create new GPG compressed file every time I save changes. This eats too much of my time and system resources. At the same time it is necessary to be able to use that usb drive under windows, mac, linux whatever (read/write files) but still have my directory structure with sensitive files encrypted. Here is the solution: create encrypted filesystem within a file named, say, 16GB.candy.bin that could be stored on regular windows formatted usb flash drive and then mounted under Linux using the password.

When it becomes necessary I can mount that 16GB.candy.bin as the regular ext3 filesystem with all those stuff like permissions, ownership etc. that is available on ext3 but not in FAT or NTFS. On my windows formatted flash drive candy takes only 16 GB so I can use the rest of space to store not so sensitive information like mp3, movies or photos. Moreover I on windows or linux to read it.

Let’s create that 16GB.candy.bin file with encrypted ext3 filesystem (read below explanations below carefully before just to copy/paste commands into CLI):

[root@artemn root]# cd /path/to/candy/

[root@artemn root]# modprobe cryptoloop

[root@artemn root]# modprobe aes

[root@artemn root]# dd if=/dev/urandom of=16GB.candy.bin bs=1048576 count=16000

[root@artemn root]# losetup -e aes /dev/loop0 16GB.candy.bin

[root@artemn root]# mkfs.ext3 /dev/loop0

[root@artemn root]# tune2fs -i 0 -c 0 /dev/loop0

Here are some points: using above commands we create encrypted file of 16 GB so if you need to have more or less just change “count=16000″ in dd line. “count=16000″ means 16GB so “count=20″ means 20MB. Path ‘/path/to/candy/’ is for example only so you should change it to real directory that is able to host encrypted file (16 GB in above example). Command losetup is present in most Linux distributions (btw I recommend Ubuntu especially newly released Lucid Lynx) but if it is not use your disro’s packet manager to install it or compile from sources (for super geeks only, Mr. Stallman if you read this article — Hello). Reader, you can replace “/dev/urandom” in dd line with “/dev/zero” that will make that command to finish faster but will lower security level of resulting file (read about AES for better understanding). You will need to enter the password when running losetup command so make sure it safe and long enough like ‘6U2sAsR37Hn8122dGsaPrew1twt’ but not ‘abc123′ or ‘iloveyou’.

Once commands are done you will get 16GB.candy.bin containing encrypted ext3 filesystem. You can store this file where ever you want, say, on a flash drive. If you loose it nobody won’t be able to open it until he (or she!) cracked AES encryption (use long passwords to prevent this). As the next step it is required to mount filesystem and store some files/directories in it:

[root@artemn root]# mkdir -p /mnt/candy

[root@artemn root]# cd /path/to/candy/

[root@artemn root]# mount -t ext3 -o loop,encryption=aes 16GB.candy.bin /mnt/candy

[root@artemn root]# cd /mnt/candy

[root@artemn root]# #save files, edit them, view or anything you want

[root@artemn root]# cd /

[root@artemn root]# umount /mnt/candy

When you unmount 16GB.candy.bin the changes are already saved there so it’s not required to compress and encrypt anything unlike with GPG.

P.S. This post is inspired by Loopback tricks article. Thanks to the author. Good luck!

« Previous Entries
Pages: 1 2 3 4 5 6 7 Next
Friendly Sites:Who is behind Linux Screw?
GeekyBits³ | Bash Cures Cancer | OMG! Ubuntu!
My SysAd Blog | Web Upd8
ZEPY | Linux config Wiki | Planet Sysadmin
a non-geek's linux notes | Linux Today
TuxArena: The arena of Tux | LinuxAlt.Com
 My name is Artem N. (artiomix AT gmail DOT com) and I'm Linux/Unix, Cisco systems engineer. The main idea of Linux Screw is to share relevant knowledge, skills and observations over The Web. Here you can find a lot of information related to different Linux distributions, FreeBSD, IOS as well as a other Open Source around staff. Read more ››