Thursday, January 1, 2015

Install Darkstat - a network traffic analyzer

Darkstat is a opensource network monitoring tool, It is a packet sniffer which runs as a background process and serves its statistics to a web browser , Captures network traffic, calculates statistics about usage, and serves reports over HTTP.

    Traffic graphs, reports per host, shows ports for each host.
    Embedded web-server with deflate compression.
    Asynchronous reverse DNS resolution using a child process.
    Small. Portable. Single-threaded. Efficient.
    Supports IPv6.

Installation :
#sudo yum install darkstat

Ubuntu :
#sudo apt-get install darkstat

# darkstat -i eth0

Install From Source :
Download :
Darkstat <

# ./configure
# make

Once built, this is all it takes to get darkstat running:

# darkstat -i eth0

Although it's possible to configure / complicate things further, once out of the box, darkstat will just work without much trouble on your part.

Test :


Wednesday, April 9, 2014

How to find files on Linux

It give the full path of file find every where-------

Find at current location
# find    / -name abc.txt   

Find file name case insensitively
# find / -iname abc.txt   

Find the file in / .
# find / -name *.txt       

Find the file where 'pass' in /etc
# find /etc -name *pass*   

Find the file in /data created by macho
# find / -user macho       

Find the file in /data which is not created by macho
# find / -not -user macho   

Find the file with uid of 500
# find / -user macho -uid 500   

Matches if mode is exactly 755
# find / -perm 755       

Matches if anyone can write
# find / -perm +222       

Matches if everyone can write
# find / -perm -222       

Matches if other can write
# find / -perm -002          

Files with a size of exactly 10M
# find / -size 10M       

Files with a size of above 10M
# find / -size +10M       

Files with a size of less than 10M
# find / -size -10M       

When file was last read (min)
# find / -amin 10       

When file data last changed
# find / -mmin -10       

When file data or metadata last changed
# find / -cmin 10       

By this commnad linux find only file with exetantion .txt and
copy again with .doc ( -exec not ask to do )
# find / -name "*.txt" -exec cp {} {}.doc \;
Linux find only those file with permisssion 002 and execute
it again 777 ( or full permission )
# find / -perm -002 -exec chmod 777 {} \;
    -exec     execute directly
    -ok    asking to do

# find / -name "*.doc" -ok rm {} \;

Vishal Vyas

Monday, January 20, 2014

A free tool to analyze AIX and Linux performance

One of the tools I use to monitor performance on IBM AIX 5.3 and Linux is NMON. Using nmon, you can monitor CPU, memory, network, disk, filesystems, NFS and Top Processes.

Install Nmon

CentOS users need to install nmon from rpmforge/repoforge repository. It is not present in Epel.

CentOs 4 :
i386     rpm -ivh

x86_64   rpm -ivh

CentOs5 :
i386     rpm -ivh

x86_64   rpm -ivh

CnetOs6 :
i686     rpm -ivh

x86_64   rpm -ivh

sudo yum install nmon
sudo apt-get install nmon

Usage :

$ nmon
And then choose what information you want to be displayed: C – for CPU; M – for Memory; T – for Processes

Keyboard shortcuts

The following keyboard shortcuts can be used turn on (and off) statistics about various components:

   c = CPU                 l = CPU Long-term   - = Faster screen updates
   m = Memory          j = Filesystems          + = Slower screen updates
   d = Disks               n = Network               V = Virtual Memory       
   r = Resource         N = NFS                     v = Verbose hints        
   k = kernel               t = Top-processes        .  = only busy disks/procs
   h = more options                                       q = Quit                  

Thursday, January 16, 2014

Audit Your Linux Security With Lynis

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Configuration errors
- Firewall auditing

Installation :

yum install lynis

Ubuntu :
apt-get install lynis

Install from source :
Create Directory
mkdir /usr/local/lynis

cd /usr/local/lynis
tar -xvf lynis-1.3.9.tar.gz

cd lynis-1.3.9.

Usage :
lynis -c

This will produce similar to the following output.
Once, you execute above command it will start scanning your system and ask you to Press Enter to continue, or CTRL+C to stop every process it scans and completes.


Vishal Vyas

For More :

Thursday, January 9, 2014

GoAccess a Real time Web Server Log Analyzer

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.

GoAccess parses the specified web log file and outputs the data to the X terminal.

  •     General Statistics, bandwidth, etc.
  •     Time taken to serve the request (useful to track pages that are slowing down your site.
  •     Top Visitors
  •     Requested files
  •     Requested static files, images, swf, js, etc.
  •     404 or Not Found
  •     Hosts, Reverse DNS, IP Location
  •     Operating Systems
  •     Browsers and Spiders
  •     Referring Sites
  •     Referrers URLs
  •     Keyphrases
  •     Geo Location - Continents/Countries New
  •     HTTP Status Codes
  •     Ability to output JSON and CSV New
  •     Different Color Schemes
  •     Support for IPv6
  •     Unlimited log file size
  •     Output statistics to HTML.

Installation :
GoAccess has minimal requirements, it's written in C, ncurses, GLib >= 2.0.0, and GeoIP (optional) for geolocation data

# yum install ncurses-devel glib2-devel GeoIP*
# cd /opt
# wget
# tar zxvf goaccess-0.5.tar.gz
# cd goaccess-0.5
# ./configure
#  make
# make install

How to use GoAccess :
once it has been installed (no configuration is needed), just run it against your web log file: (-a is optional)

To generate full statistics we can run GoAccess as:
 # goaccess -f /var/log/httpd/access_log -a

Select a log format and press F10

To generate an HTML report:
#goaccess -f  /var/log/httpd/access_log -a > report.html

To generate a CSV file:
# goaccess -f access.log -o csv > report.csv

Vishal Vyas

For more information and usage please visit

Thursday, November 21, 2013

Creating custom SSH welcome messages

Creating custom SSH welcome messages using motd (message of the day) to protect and secure SSH logins by displaying warming message to UN-authorized users or display welcome or informational messages to authorized users.

  • Login to your server as root via SSH. 
  • sudo vim /etc/motd 
  • Now type in the message you want everyone to see.
 ######### Welcome to the Vishal's server #########
 ###         This is the webServer                               ###

Save and Quit,

Logout of SSH then log back in, you will receive your new greeting!
Vishal Vyas

Monday, November 11, 2013

Linux Network Bandwidth check Script.

The following are two such scripts by joe miller. The first script counts the number of packets per second, received (RX) or sent (TX) on an interface, while the latter scripts measures the network bandwidth of incoming (RX) and outgoing (TX) traffic on an interface. For these scripts to work, you do not need to install anything.

Measure Packets per Second on an Interface
INTERVAL="1"  # update interval in seconds
if [ -z "$1" ]; then
        echo usage: $0 [network-interface]
        echo e.g. $0 eth0
        echo shows packets-per-second
while true
        R1=`cat /sys/class/net/$1/statistics/rx_packets`
        T1=`cat /sys/class/net/$1/statistics/tx_packets`
        sleep $INTERVAL
        R2=`cat /sys/class/net/$1/statistics/rx_packets`
        T2=`cat /sys/class/net/$1/statistics/tx_packets`
        TXPPS=`expr $T2 - $T1`
        RXPPS=`expr $R2 - $R1`
        echo "TX $1: $TXPPS pkts/s RX $1: $RXPPS pkts/s"

Measure Network Bandwidth on an Interface
INTERVAL="1"  # update interval in seconds
if [ -z "$1" ]; then
        echo usage: $0 [network-interface]
        echo e.g. $0 eth0
while true
        R1=`cat /sys/class/net/$1/statistics/rx_bytes`
        T1=`cat /sys/class/net/$1/statistics/tx_bytes`
        sleep $INTERVAL
        R2=`cat /sys/class/net/$1/statistics/rx_bytes`
        T2=`cat /sys/class/net/$1/statistics/tx_bytes`
        TBPS=`expr $T2 - $T1`
        RBPS=`expr $R2 - $R1`
        TKBPS=`expr $TBPS / 1024`
        RKBPS=`expr $RBPS / 1024`
        echo "TX $1: $TKBPS kb/s RX $1: $RKBPS kb/s"
The following screenshot shows the above two scripts in action.


Another Command to check network Status .

# /sbin/ip -s link 

Install Darkstat - a network traffic analyzer

Darkstat is a opensource network monitoring tool, It is a packet sniffer which runs as a background process and serves its statistics to a ...