Disk Space Monitor Tool

Server disk space is a critical resource that must be closely watched to prevent potential server downtime and failures. How many times have you gotten unexpected errors, lost data, and downtime just because the free space slowly went below an acceptable level?

NetWrix Disk Space Monitor is a FREE tool for IT professionals to keep track of server disk space on domain controllers, file servers, SharePoint servers, Exchange servers, database servers and others. The product centrally monitors the free disk space of specified servers and sends daily reports and alerts about low disk space conditions based on configured thresholds. The freeware version supports up to 10 servers, the Standard edition supports unlimited number of servers.

Product features:

* Monitors multiple servers at a time;
* Sends daily reports about all servers running below certain disk space thresholds;
* Can be configured and put into use easily.

At standard Edition,

* You can choose the Network share either whole server for watching the disk space.
* You do not have options to listening more than 10 servers or shares.
* You can send the report to many Mail ID's with the seperator ";" (without quotes)

Disk Space Monitor Tool Link : http://www.netwrix.com/disk_space_monitor_freeware.html

Courtesy : http://www.netwrix.com

Service Monitor Tool

Windows services are critical processes that support required server functionality, such as Active Directory, email, DNS, automatic updates, etc. Sometimes Windows services fail to start or accidentally stop, and server administrators constantly have to keep an eye on such situations to prevent costly system outages and user productivity losses. One example is Microsoft Exchange Server, which has several services, such as Information Store and SMTP; the failure of even one of these services results in suspended e-mail delivery or even lost messages until the services are started again.

Service Monitor is a FREEWARE tool to monitor critical Windows services and optionally restart them after failure. The tool monitors all automatic startup services on multiple servers at a time and sends e-mail alerts when one or more services stops unexpectedly. The optional automatic restart feature ensures that all monitored services are up and running without downtime. The tool is lightweight and very easy to configure: install, enter computer names, and supply your e-mail address.

Features and benefits:

* One installation watches multiple computers at a time;
* Monitors all Windows services with startup type set to Automatic;
* Sends alerts by e-mail when services stop or fail to start at boot time;
* Optionally starts failed services;
* Optionally reboots computers when one or more services fail.

These features only available after purchase the professional pack.

At Freeware,

You can monitor 10 servers at time.

* Need to watch the all services at each server.
* Every 10 Minutes , you will get the report to your configured mail ID.
* Do not have more options like, Time interval and choosing the services.
* You can send the report to many Mail ID's with the seperator ";" (without quotes)

Disk Space Monitor Tool Link : http://www.netwrix.com/disk_space_monitor_freeware.html

Courtesy : http://www.netwrix.com

How to Update Vista Drivers in a WinPE 2.X Bootable WIM Image

Checkout WinPE project from SVN (Subversion) in:
C:\users\\Desktop\WinPE

Stage drivers in:
c:\users\\desktop\drivers

Create mountpoint for bootable WIM image:
mkdir c:\mnt

Cd to WIM sources directory:
cd c:\users\\Desktop\WinPE\sources\

Mount bootable WIM image R/W:
imagex /mountrw WinPE.wim 1 c:\mnt

Add driver(s) to mounted WIM image:
peimg /inf=c:\users\\desktop\drivers\.inf c:\mnt\Windows
peimg /inf=c:\users\\desktop\drivers\.inf c:\mnt\Windows

Unmount and Commit Changes to WIM image:
imagex /unmount /commit c:\mnt

Check all Changes into SVN (Subversion)
svn commit

Delete the WinPE Directory

Re-Create the WinPE Directory

Export the (Updated) WinPE Project from SVN (Subversion) to:
C:\users\\Desktop\WinPE

Create a New Bootable ISO Image with the Exported Project:
oscdimg -n -b"C:\Program Files\Windows OPK\Tools\PETools\x86\boot\etfsboot.com" C:\users\\Desktop\WinPE c:\user\\Desktop\winpe_NEW.iso

How to create / remove NT services at Windows

The Windows NT Resource Kit provides two utilities that allow you to create a Windows NT user-defined service for Windows NT applications and some 16-bit applications (but not for batch files).

Instrsrv.exe installs and removes system services from Windows NT and Srvany.exe allows any Windows NT application to run as a service.

To create a Windows NT user-defined service, perform the following steps:

1. At a MS-DOS command prompt(running CMD.EXE), type the following command:

path\INSTSRV.EXE My Service path\SRVANY.EXE

where path is the drive and directory of the Windows NT Resource Kit (i.e., C:\RESKIT) and My Service is the name of the service you are creating.

Example:
C:\Program Files\Resource Kit\Instsrv.exe Notepad C:\Program Files\Resource Kit\Srvany.exe

NOTE: To verify that the service was created correctly, check the registry to verify that the ImagePath value under

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service name

is set to point to SRVANY.EXE. If this is not set correctly, the service will stop shortly after it starts and return an Event ID 7000 "The service name failed to start."

NOTE: You should back up the registry before you edit it.

2. Run Registry Editor (Regedt32.exe)and locate the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
3. From the Edit menu, click Add Key. Type the following and click OK:

Key Name: Parameters
Class :

4. Select the Parameters key.

5. From the Edit menu, click Add Value. Type the following and click OK:

Value Name: Application
Data Type : REG_SZ
String : \

where \ is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)

6. Close Registry Editor.

By default, a newly created service it configured to run Automatically when the system is restarted. To change this setting to Manual, run the Services applet from Control Panel and change the Startup value to Manual. A service set to Manual can be started in one of several ways:
- From the Services applet in Control Panel

- From a MS-DOS command prompt, type the following:

NET START

- Use the Sc.exe utility from the Resource Kit. Type the following from a MS-DOS command prompt:

\Sc.exe start

where is the drive and directory of the Windows NT Resource Kit (i.e., C:\Reskit).


For more information on installing and removing a user-defined service, please see the Srvany.wri document provided with the Windows NT Resource Kit utilities (i.e., C:\Reskit\Srvany.wri). This document can also be found on the Windows NT Resource Kit CD in the Common\Config directory.


Source : Microsoft

DHCP Installation and Configuration in Linux


DHCP - Dynamic Host Configuration Protocol Daemon

What DHCP Server can do? 

1. Provides automatic configuration of IPv4 clients

  • IPv4 address
  • Subnet mask
  • Default gateway
  • DNS Server
  • NTP Servers
  • WINS Servers

 2. Leases the addreses and related information based on predefined values:

  •   1 day
  •   1 week
  •   1 month

 3. DHCP uses UDP protocol and layer-2 information to request/assign addresses

 4. DHCP Process - DORA

  • Discovery - client broadcasts on the local subnet for a DHCP server
  • Offer - returned by the DHCP server
  • Request - formal address request by client
  • Acknowledgement/Acceptance - Acknowledgement occurrs


Note: DHCPD daemon records leases in: /var/lib/dhcpd/dhcpd.leases

Installing DHCP Server:

 1. Install DHCP server
     #yum -y install dhcp

 2. Configure: /etc/dhcpd.conf - primary config file.

Look at sample dhcp configuration file below for the details:


ddns-update-style interim;                                   
ignore client-updates;


subnet 192.168.1.0 netmask 255.255.255.0 {


range  192.168.1.10 192.168.1.250;                # Range of IP addresses to be issued to DHCP clients
option subnet-mask              255.255.255.0;     # Default subnet mask to be used by DHCP clients
option broadcast-address    192.168.1.255;      # Default broadcastaddress to be used by DHCP clients
option routers                  192.168.1.1;             # Default gateway to be used by DHCP clients
option domain-name              "your-domain.com";
option domain-name-servers   50.145.43.254, 50.145.43.253;   # Default DNS to be used by DHCP clients
option netbios-name-servers     192.168.1.200; # Specify a WINS server for Windows clients. Its Optional.
default-lease-time 21600;                      # Amount of time in seconds that a client may keep the IP address
max-lease-time 43200;
option time-offset              -18000;                        # Eastern Standard Time
option ntp-servers              192.168.1.1;               # Default NTP server to be used by DHCP clients


        
# We want the nameserver "mailsrv2" to appear at a fixed address.
# Name server with this specified MAC address will recieve this IP.


        host mailsrv2 {
                next-server mailsrv2.your-domain.com;
                hardware ethernet 00:12:f3:d0:f5:93;
                fixed-address 50.145.43.254;
        }


        host laser-printer-hp1 {
                hardware ethernet 06:20:2e:4f:b3:88;
                fixed-address 192.168.1.150;
        }
}

Note: DHCP can be configured with more and more options. I have specified very limited only here. refer the man page for details.


 3. Set service up to start when system boots
     #chkconfig dhcpd on - 2345

 4. Start DHCP service:
     #service dhcpd start

 How to Setup DHCP reservations? 

  •  Requires the MAC address of the client (00:0D:69:A5:15:94)
  •  Requires the 'fixed-address' - IPv4 address to map to the MAC address
  •  Optional 'option-*' are supported between host { } block
  •  service dhcpd restart - restart to effect changes

TCP IP Config at windows through Command Prompt

With Netsh.exe, you can easily configure your computer's IP address and other TCP/IP related settings.

For example:

The following command configures the interface named Local Area Connection with the static IP address 192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:

netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1

Find out Last reboot / shutdown time in Linux - Quick HOWTO


How do you find out the last reboot or shutdown time and date of a Linux server?


Here is the method:
There are actually three ways of displaying the last system boot.


The command called LAST will provide the last reboot or shutdown time and date.


Using the LAST command to show last shutdown/reboot time and date:



# last reboot
 wtmp begins Fri Apr  15 12:39:32 2011

# last shutdown
 wtmp begins Fri Apr 15 12:39:32 2011

The LAST command also lists the sessions of users logged in at a specific date and time as well.



Using the WHO command and the “-b” option:


$ who -b
 system boot  2011-04-15 12:39


You can also use "uptime" command to know the server uptime.



Installing SSL Certificate for Apache - Quick HOWTO

Here is the steps for installing the SSL Certificate and CA Bundle (gd_bundle.crt) Implementing a PKCS12 Keystore for Apache:

  
1. Copy your SSL certificate file and the certificate bundle file to your Apache server. Generate the certificate file and key file using openssl  pcks12 command

openssl pkcs12 -in <domainname>.pfx -out <domainname>.c

From the generated output( <domainname>.c ), using vi copy only private key and save it as a different file ( <domainname>.key ) and the same way copy the root certificate and save it as a different file ( your-company-name.crt ) 


2. Now using the gd_bundle.crt , <domainname>.key, <domainname>.crt – Generate a keystore file. Use the following command:


openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <domainname>.crt -inkey <domainname>.key -out keystore.tomcat -name tomcat -passout pass:changeit


3. Edit your Apache configuration to reference these files.  Locate the following directives. If one or more of them are currently commented out, uncomment them by removing the '#' character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file:


SSLCertificateFile /path/to/your/certificate/file

SSLCertificateKeyFile /path/to/your/key/file

SSLCertificateChainFile /path/to/intermediate/bundle/file


4. Save your configuration file and restart Apache.

Installing SSL Certificate for Tomcat



From certificate authorities like you will get the files below:
  • <domainname>.com.crt 
  • gd_bundle.crt
  • gd_intermediate.crt 
  • gd_cross_intermediate.crt
  • <domainname>.pfx 



You may install the certificates in one of two ways:

  1. Install, signed certificate and root certificate bundle (gd_bundle.crt) 
  2. Install signed certificate and two intermediate certificates (gd_intermediate.crt and gd_cross_intermediate.crt)


Installing the SSL Certificate and CA Bundle (gd_bundle.crt) and Implementing a PKCS12 Keystore in Tomcat: 

 Generate the PKCS12 output from the .pfx file

openssl pkcs12 -in <domainname>.pfx -out <domainname>.c

2.      From the generated output( <domainname>.c ), using vi copy only private key and save it as a different file ( <domainname>.key ) and the same way copy the root certificate and save it as a different file ( your-company-name.crt )

3.      Now using the gd_bundle.crt , <domainname>.key, <domainname>.crt – Generate a keystore file. Use the following command:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <domainname>.crt -inkey <domainname>.key -out keystore.tomcat -name tomcat -passout pass:changeit


Updating the server.xml Configuration File
When you have completed installing your certificate, you must configure your Tomcat server.xml configuration file to point to the correct pkcs12 keystore file:
Configure the tomcat SSL connector to use the keystore by adding the below lines,

keystoreFile="/opt/tomcat/conf/cert/certificates/keystore.tomcat"
keystorePass="changeit"
keystoreType="PKCS12"

Restart Tomcat.

Configuring SSL for Web Server (Apache)


Using SSL(Secure Socket Layer) with web server provides the Secure and Encrypted communications between web server and client. Here we are going to use OpenSSL for this.

Requirements:

  1. httpd
  2. openssl
  3. mod_ssl
  4. crypto-utils (genkey) 

crypto-utils is used to generate certificates/private keys/CSRs and also used to create a self-signed certificate.                

Steps:

  1. Install the requirements
     
     a. Install mod_ssl - module for Apache, which provides SSL support
        
         #yum -y install mod_ssl

         /etc/httpd/conf.d/ssl.conf - includes key SSL directives

     b. Install crypto-utils - provies /usr/bin/genkey
         
         #yum -y install crypto-utils

  2. Generate SSL usage keys using genkey
      
         #genkey site.example.com

     The above command creates text-gui interface. Follow the steps in the interface.

  3. Update /etc/httpd/conf.d/ssl.conf to reference the new keys (public/private)

  4. Restart the HTTPD server

      #service httpd restart
      #httpd -S

  5. Test HTTPS connectivity

      https://<Server-Name>

Note: For mutliple SSL sites, copy the: /etc/httpd/conf.d/ssl.conf file to distinct files, that match your distinct IP-based Virtual Hosts

What is SSL? - Quick Overview


What is SSL?

  • SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
  • SSL is an industry standard and is used by millions of websites for the protection of their online transactions.
  • Founded by Netscape initially. Current version of SSL is 3.0

How it Works?

To create an SSL connection a web server requires an SSL Certificate. SSL Connection uses public key/private key to encrypt and decrypt the data transferred between the server and browser. The following are the step by step communications happens during a SSL connection:
  • A browser requests a secure page (https://)
  • The web server responds and sends its public key with its SSL Certificate.
  • The browser checks the following:

              Is the certificate was issued by a trusted party (trusted root CA)
              Is the certificate is still valid?
              Is the certificate is related to the site contacted?

  •  The Browser maintains the list of Certification Authority whom it trusts, if it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
  • The browser then encrypts the URL required as well as other http data using random symmetric encryption key and encrypts that random symmetric encryption key using the public key. Then sends it to the server with the encrypted.
  •  The web server decrypts the symmetric encryption key using its private key and uses that symmetric key to decrypt the URL and http data.
  • The web server sends back the requested html document and http data encrypted with the same symmetric key.
  • The browser decrypts the http data and html document using the symmetric key and displays the information.

How to obtain a SSL Certificate to use with Web Server?

You can obtain the certificate for your domain from the Trusted Certificate Providers like VeriSign, Comodo, GoDaddy. You may get charged for the certificate issuance. Alternatively, you can create and use a self-signed certificate with your web server.

What are the details a certificate holds?

Typically an SSL Certificate will contain,
  •            Your domain name
  •            Your company name
  •            Your address
  •           Your city
  •           Your state and your country
  •          The expiration date of the Certificate
  •          Details of the Certification Authority responsible for the issuance of the Certificate.

 How do you know whether the browser is using SSL?
  • The browsers provide users with a key indicator to let users know they are currently protected by an SSL encrypted session.
  • A lock icon in the lower right-hand corner or in the left-most side of the address bar indicating that, the server is using SSL connection.
  • Clicking on the lock icon displays your SSL Certificate and the details about it.
  • All SSL Certificates are issued to either companies or legally accountable individuals.

Understanding VMSTAT Output - Explained

vmstat is a nice tool, to analyze the Linux / UNIX server performance.



 procs            memory                        swap        io       system    cpu
 r  b   swpd   free   buff  cache         si   so    bi    bo     in    cs       us sy id wa
 2  5 375912  19548  17556 477472    0    1     0     0      1     1        1  0  0  1
 0  4 375912  18700  17556 478264    0    0  1044   0     774  1329   8  1   0  91
 0  5 375912  17664  17556 479168    0    0  1160   0     764  1110   8  1   0  91
 1  8 375912  15836  17568 479796    0    0  1144   840  751  1622  16 7   0  78
 0  7 375912  19340  17576 480224    0    0  1224   148  587  1958  17 18  0  65
 2  0 375912  18288  17588 481036    0    0   812    0     845  1732  18 3  21  59
 0  2 375912  15868  17588 481528    0    0  1012   0     588   941   4   1  5   90 



Proc: 
-------
r: How many processes are waiting for CPU time.
b: Wait Queue - Process which are waiting for I/O (disk, network, user 
    input,etc..) 


Memory: 
-----------
swpd: shows how many blocks are swapped out to disk (paged). Total Virtual  
          memory usage. 
            
Note: you can see the swap area configured in server using "cat proc/swaps"


free: Idle Memory 
buff: Memory used as buffers, like before/after I/O operations
cache: Memory used as cache by the Operating System


Swap: 
---------
si: How many blocks per second the operating system is swapping in. i.e 
    Memory swapped in from the disk (Read from swap area to Memory)
so: How many blocks per second the operating system is swaped Out. i.e 
     Memory swapped to the disk (Written to swap area and cleared from 
     Memory)


In Ideal condition, We like to see si and so at 0 most of the time, and we definitely don’t like to see more than 10 blocks per second.


IO: 
------
bi: Blocks received from block device - Read (like a hard disk) 
bo: Blocks sent to a block device - Write


System: 
-------------
in: The number of interrupts per second, including the clock. 
cs: The number of context switches per second. 


CPU: 
--------
us: percentage of cpu used for running non-kernel code. (user time, including 
     nice time) 
sy: percentage of cpu used for running kernel code. (system time - network, IO 
     interrupts, etc) 
id: cpu idle time in percentage.
wa: percentage of time spent by cpu for waiting to IO.




If you used to monitor this data, you can understand how is your server doing during peak usage times. 


Note: the memory, swap, and I/O statistics are in blocks, not in bytes. In Linux, blocks are usually 1,024 bytes (1 KB).