Thursday, March 31, 2016

ssmtp ile konsoldan mail gonderimi

#!/bin/bash

from="root@egearge.com"
fromname="Ali Okan Yuksel"
to="aokan@egearge.com"
subject="deneme"
msg="bu bir deneme mailidir"

echo -e "to: ${to}\nsubject: deneme\n\n ${msg}" | ssmtp -f "${from}" -F "${fromname}" ${to}

wkhtmltopdf: html to pdf converter

"/usr/local/bin/wkhtmltopdf %s %s" % (html_template, pdfout)
"/usr/local/bin/wkhtmltopdf -q -L 0 -R 0 -B 0 -T 0 --disable-smart-shrinking --zoom 0.7821 --encoding UTF-8 %s %s" % (html_template, pdfout))


radius performance testing with radperf tool

RADPERF

Authentication, Authorization, and Accounting. Performance, scalability, load testing, and validation.
One of the most critical steps when building a RADIUS system is performance characterisation. This means testing the system to see if both authentication (i.e., read-only) and accounting (i.e., read-write) behavior is acceptable.

In many cases, the performance will be good enough for normal loads. However, high loads are commonly seen when a NAS reboots and many users flood the network at the same time. If the system cannot handle this load, then it will be unsuitable for a production environment.

RadPerf helps you make this determination. It can send both authentication and accounting packets at varying rates. Even better, you do not need to know anything about RADIUS in order to use RadPerf.

Starting with a list of users and passwords in a CSV file, RadPerf can generate both authentication and accounting packets. It can simulate spikes in traffic, long-lived user sessions, and end-to-end user behavior.

Once RadPerf has finished testing, it produces a set of reports that summarize offered load versus accepted load. Total accepted packets per second can quickly be determined. These reports gives you the data that you need to make an informed decision about placing a system into production.

http://networkradius.com/radius-performance-testing/

radperf-u14.04# ./radperf -A1,5 -c 1 -p 100 -s -f test.csv 192.168.5.174:1812 auth mysecretkey

-A1,5 parametresi ile 1 saniye sonra CREATE accounting request 5 SANIYE sonra ise  DELETE request gonderilmesini sagliyoruz.
-p paralel 100 gonderim yapildigini anlamina geliyor.


radperf - Performance testing tool for RADIUS systems.
          Copyright (C) 2012 Network RADIUS SARL.  All rights reserved.
Usage: radperf [options] server[:port] <command> [<secret>]
  <command>    One of auth, acct, status, coa, or disconnect.
  -a type     Use authentication method <type> (pap, chap, none)
  -A d,l      After Access-Accept, send accounting packets.
  -c count    Send each packet 'count' times.
  -d raddb    Set dictionary directory.
  -D file     Print packet statistics to file
  -f file     Read packets from file, not stdin.
  -F          Update Framed-IP-Address, too.
  -n num      Send a maximum of 'num' packets per second
  -p num      Send a maximum of 'num' packets in parallel.
  -q          Do not print anything out.
  -r retries  If timeout, retry sending the packet 'retries' times.
  -R realm    Realm name to append to the User-Name
  -s          Print out summary information of auth results.
  -S file     read secret from file, not command line.
  -t timeout  Wait 'timeout' seconds before retrying (may be a floating point number).
  -T template Use template file with every request
  -u number   Generate requests for 'number' users.
  -v          Show program version information.
  -x          Debugging mode.
  -4          Use IPv4 address of server
  -6          Use IPv6 address of server.

NTRadPing 1.5 RADIUS Test Utility


Posted:20 Aug 2004
File Size:71KB
License:Free
Download:/coolsolutions/tools/downloads/ntradping.zip
Publisher:Arndt Stajta


NTRadPing is a useful tool for testing installations of your RADIUS servers. Through NTRadPing you can simulate authentication and accounting requests and send them to the RADIUS server making NTRadPing act as a NAS client.
Before you send the request to the server, you need to configure the server IP address, the RADIUS secret key stored in the server clients file, and a username.
All the other parameters are optional.
On accounting requests, the "Acct-Session-Id" attribute is also added automatically if you do not explicitly enter it in the request attribute list.
If you issue an accounting request, then the RADIUS attribute "Acct-Status-Type" is added automatically by NTRadPing depending on the type of accounting request you have chosen (start, stop or update).
In the lower left list box you can add as many RADIUS attributes as you like to your request. The list of available attributes and the relevant values in the two drop down boxes depend on the dictionary file RADDICT.DAT.
By checking the "CHAP" checkbox, you may force NTRadPing to issue authentication requests with a CHAP password instead of a default (PAP) password.
In the right list box you will get results about the RADIUS request, along with a complete dump of all the returned RADIUS attributes.
The parameters entered in the main window are preserved even after closing the application (they are stored in the registry).

Wednesday, March 30, 2016

freeradius installation, configuration and replication notlar

amac tek bir makinaya gelen radius trafigini birden fazla sayida makinaya cogullamak.
kullandigim modul:

mod-enabled/replicate
#  Replicate packet(s) to a home server.
#
#  This module will open a new socket for each packet, and "clone"
#  the incoming packet to the destination realm (i.e. home server).


kurulum:
--

yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install


files:
--
-/etc/raddb/sites-enabled/default  bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim

config:
--

add to authorize, preacct

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
                &Replicate-To-Realm += server3
        }
        replicate


add to authorize, preacct /etc/raddb/sites-enabled/default:

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
        }
        replicate
--

add to: /etc/raddb/proxy.conf

client 0.0.0.0/0 {
    secret = mysecretkey
    require_message_authenticator=no
}
--

add to: /etc/raddb/proxy.conf

home_server remote_server_1 {
        ipaddr = 192.168.5.171
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_2 {
        ipaddr = 192.168.5.172
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_3 {
        ipaddr = 192.168.5.173
        port = 1812
        type = auth+acct
        secret = mysecretkey
}

home_server_pool remote_pool_1 {
        type = fail-over
        home_server = remote_server_1
}
home_server_pool remote_pool_2 {
        type = fail-over
        home_server = remote_server_2
}
home_server_pool remote_pool_3 {
        type = fail-over
        home_server = remote_server_3
}

realm server1 {
      auth_pool = remote_pool_1
      acct_pool = remote_pool_1
}
realm server2 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}
realm server3 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}


kullanici tanimlama:
--

add to: /etc/raddb/users

testuser        Cleartext-Password := "password"




test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done

Wednesday, March 9, 2016

syslog traffic generation with loggen tool


/opt/syslog-ng/bin/loggen --inet --dgram --size 150 --rate 220000 --interval 60 --active-connections 2 192.168.30.30 514


Tuesday, March 8, 2016

linux: how to detect which application, command or pid deleted files

Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce.
With state of the art container visibility on top.

installation:
http://www.sysdig.org/install/





command:
sysdig -p '%12evt.type %12user.name %6proc.pid %12proc.name %12proc.args- %proc.cmdline --- %evt.args' '(evt.type=unlinkat or evt.type=unlink) and evt.args contains /usr/local/app/db'


https://github.com/draios/sysdig/wiki/Sysdig%20Chisel%20API%20Reference%20Manual

http://www.sysdig.org/wiki/sysdig-quick-reference-guide/

Wednesday, March 2, 2016

RASPBERRY PI 3 ON SALE NOW AT $35

https://www.raspberrypi.org/blog/raspberry-pi-3-on-sale/

Raspberry Pi 3 is now on sale for $35 (the same price as the existing Raspberry Pi 2), featuring:
  • 1.2GHz 64-bit quad-core ARM Cortex-A53 CPU (~10x the performance of Raspberry Pi 1)
  • Integrated 802.11n wireless LAN and Bluetooth 4.1
  • Complete compatibility with Raspberry Pi 1 and 2

Tuesday, March 1, 2016

change sqlite file size after “delete from table” or "drop table tablename"

The VACUUM command cleans the main database by copying its contents to a temporary database file and reloading the original database file from the copy. This eliminates free pages, aligns table data to be contiguous, and otherwise cleans up the database file structure.
The VACUUM command may change the ROWID of entries in tables that do not have an explicit INTEGER PRIMARY KEY. The VACUUM command only works on the main database. It is not possible to VACUUM an attached database file.
The VACUUM command will fail if there is an active transaction. The VACUUM command is a no-op for in-memory databases. As the VACUUM command rebuilds the database file from scratch, VACUUM can also be used to modify many database-specific configuration parameters.

Manual VACUUM

Following is simple syntax to issue a VACUUM command for the whole database from command prompt:
$sqlite3 database_name "VACUUM;"
You can run VACUUM from SQLite prompt as well as follows:
sqlite> VACUUM;
You can also run VACUUM on a particular table as follows:
sqlite> VACUUM table_name;


[root@server data]# du -sh Samsun_data.db

2.3M    Samsun_data.db

[root@server data]# sqlite3 Samsun_data.db "delete from data where ts<'$(date --date="2 days ago" "+%s")'"

[root@server data]# sqlite3 Samsun_data.db "VACUUM;"

[root@server data]# du -sh Samsun_data.db

1.2M    Samsun_data.db



Auto-VACCUM

SQLite Auto-VACUUM does not do the same as VACUUM rather it only moves free pages to the end of the database thereby reducing the database size. By doing so it can significantly fragment the database while VACUUM ensures defragmentation. So Auto-VACUUM just keeps the database small.
You can enable/disable SQLite auto-vacuuming by the following pragmas running at SQLite prompt:
sqlite> PRAGMA auto_vacuum = NONE;  -- 0 means disable auto vacuum
sqlite> PRAGMA auto_vacuum = INCREMENTAL;  -- 1 means enable incremental vacuum
sqlite> PRAGMA auto_vacuum = FULL;  -- 2 means enable full auto vacuum
You can run following command from command prompt to check the auto-vacuum setting:
$sqlite3 database_name "PRAGMA auto_vacuum;"