#!/bin/bash
# Created by Rodel
# 27/08/2020
MAIL=`which mail`
THIS_SERVER=`hostname -s`
RCPTS="rodel@test.com"
check_ntp_return_value () {
ntpq_count=$(ntpq -p |grep -e '*'|awk '{print $9}' | wc -l)
# ntpq_count="0"
if [ "$ntpq_count" -ne "0" ];
then
check_ntp_offset;
else
message=$(echo "No NTP master ip address assign <example: *192.168.0.x>. Please login to the server and check. Thank you.")
send_email "$message";
fi
}
check_ntp_offset () {
ntpq_p=$(ntpq -p |grep -e '*'|awk '{print $9}')
ntpq_p=${ntpq_p%.*}
# ntpq_p="6001"
ntpq_server=$(ntpq -pn |grep -e '*'|awk '{print $1}' | sed 's/*//g')
if [ "$ntpq_p" -gt "6000" ];
then
message1=$(echo "Critical - `hostname` Offset value is $ntpq_p greater than 6000 milliseconds")
message2=$(ntp_sync)
send_email "$message1 \n\n Executing ntpdate...\n$message2";
else
exit 0
fi
}
ntp_sync () {
# ntpdate -q $ntpq_server >> /dev/null 2>&1
ntpdate -q $ntpq_server
}
send_email () {
STR2="${1}"
echo -e "${STR2}" | ${MAIL} -s "[${THIS_SERVER}] NTP Synchronization Alert" "${RCPTS}"
}
check_ntp_return_value
Category Archives: Centos Notes
Reinstall broken packages in Linux
yum reinstall \*
How to create CentOS Local Repository Server
mkdir /mnt/iso
mount /dev/cdrom /mnt/iso
mkdir /home/repos/LocalRepo/CentOS/7.0/ -p
cp -ar /mnt/iso/Packages/* /home/repos/LocalRepo/CentOS/7.0/
umount /dev/cdrom /mnt/iso
cd /home/repos/LocalRepo/CentOS/7.0/
rpm -i deltarpm-3.6-3.el7.x86_64.rpm
rpm -i libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
rpm -i python-deltarpm-3.6-3.el7.x86_64.rpm
rpm -i createrepo-0.9.9-28.el7.noarch.rpm
vi /etc/yum.conf
file:///home/repos/LocalRepo/CentOS/7.0
yum install apr-1.4.8-3.el7.x86_64.rpm apr-util-1.5.2-6.el7.x86_64.rpm httpd-tools-2.4.6-67.el7.centos.x86_64.rpm mailcap-2.1.41-2.el7.noarch.rpm httpd-2.4.6-67.el7.centos.x86_64.rpm
systemctl start httpd
systemctl status httpd
systemctl enable httpd
ln -s /home/repos/LocalRepo/CentOS/7.0/ /var/www/html/CentOS7.0
vi localrepo.repo
[localrepo]
name=Custom Repository
baseurl=file:///var/www/html/CentOS7.0
gpgcheck=0
enabled=1
createrepo -v /var/www/html/CentOS7.0/
yum repolist
vi /etc/yum.conf
#file:///home/repos/LocalRepo/CentOS/7.0
systemctl stop firewalld
systemctl disable firewalld
vi /etc/sysconfig/selinux
SELINUX=disabled
yum install vsftpd
systemctl start vsftpd
systemctl status vsftpd
systemctl enable vsftpd
yum repolist
yum install yum-utils.noarch
yum-config-manager –disable “CentOS-7 – Base”
Enable IP Forwarding in Linux
1) Edit/Add the following line below in sysctl.conf
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
#sysctl -p /etc/sysctl.conf
Disable FirewallD and enable/import IPTables rules
1) Clear the default firewall rules in FirewallD.
#iptables -F
#iptables -t nat -F
2) Disable firewalld.
#systemctl stop firewalld
#systemctl disable firewalld
#systemctl mask firewalld
3) Install iptables-services.
#yum install iptables-services
#systemctl start iptables
#systemctl enable iptables
4)Clear again the iptables rules.
#iptables -F
#iptables -t nat -F
5) Import iptable rules and saved it or create a new iptable rules.
#iptables-restore < iptables
#service iptables save
#service iptables stop
#service iptables start
How to Allow SNMP ports in Redhat/CentOS 7
firewall-cmd --zone=public --add-port=161/udp --permanent
firewall-cmd --zone=public --add-port=161/tcp --permanent
firewall-cmd --zone=public --add-port=162/udp --permanent
firewall-cmd --zone=public --add-port=162/tcp --permanent
firewall-cmd --reload
Crontab which run on every 1st Monday of the month
30 11 1-7 * * [[ $(date +\%a) = Mon ]] && mailx -s "Test cron script" test@test.com< /root/myfile
Add restricted user in linux manually.
The code below will only allow the following commands.
ping
ssh
telnet
traceroute
ifconfig
route
Add_Restricted_User.sh
#!/bin/sh
# Add restricted user in linux manually.
# August 13, 2015
# Created by Rodel
for a in `cat /opt/scripts/Add_Restricted_User/serverlist.txt`;
do
for b in `cat /opt/scripts/Add_Restricted_User/usernames.txt`;
do echo $a $b; ssh $a "useradd -s /bin/rbash '$b'; echo -e '$b:mypassword' | chpasswd;\
cd /home/$b;\
rm -rf .bash_logout .bash_profile .bashrc .profile .bash_login .emacs .mozilla;\
mkdir /home/$b/bin;\
cd /home/$b/bin;\
ln -s /bin/ping ping;\
ln -s /usr/bin/ssh ssh;\
ln -s /usr/bin/telnet telnet;\
ln -s /bin/traceroute traceroute;\
ln -s /sbin/ifconfig ifconfig;\
ln -s /sbin/route route;\
chmod 2070 -R /home/$b;\
chown root:$b /home/$b;\
chown root:root /home/$b/bin -Rf;\
chmod -Rf 755 /home/$b/bin;\
chmod u+s /home/$b/bin/ping;"
rsync -azP .profile root@$a:/home/$b;\
ssh $a "chown root:$b /home/$b/.profile && chmod 750 /home/$b/.profile";done
done
.profile environmental settings.
export PATH=$HOME/bin
export PS1="[\u@\h \W]$ "
export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S - '
export PROMPT_COMMAND='history -n;history -a'
export HISTSIZE=10000
alias netinfo='echo -e "Ifconfig\n"; ifconfig -a; echo -e "Route\n"; route -n'
alias alias=""
readonly PROMPT_COMMAND
readonly HISTSIZE
readonly HISTFILE
readonly HOME
readonly HISTIGNORE
readonly HISTCONTROL
echo -e "\nAvailable Commands:\nping\nssh\ntelnet\ntraceroute\nnetinfo - print network info\n\n"
Allow incoming/outgoing SNMP traffic in IPTables
Allow outgoing SNMP traffic in IPTables
iptables -A INPUT -i eth0 -p udp -s
iptables -A OUTPUT -p udp -s
Allow incoming SNMP traffic in IPTables
iptables -A INPUT -i eth0 -p udp -s 152.102.124.31 --dport 161:162 -j ACCEPT
iptables -A OUTPUT -p udp -d 152.102.124.31 --dport 1024:65535 -j ACCEPT
Allow Incoming/Outgoing ICMP traffic in IPTables
Enable or allow ICMP ping incoming client request.
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -s
iptables -A OUTPUT -p icmp --icmp-type 0 -s
Allow or enable outgoing ping request.
iptables -A INPUT -i eth0 -p icmp --icmp-type 0 -s
iptables -A OUTPUT -p icmp --icmp-type 8 -s