Useful Linux commands

Here i am going to explain few useful linux commands which may be really handy when you need to troubleshoot sometimes.

First of all linux has every configuration file as  text file, so its really easy to modify as you like,

Firstly we will have a look on Users, Groups , Permissions,

Here we go first with Users,

In linux its really easy to create users and edit the user, Its all text file, Just like adding words in a word file.

To create user :

Remember we need to use always SUDO its like "super user do the work"

sudo adduser

to delete a user

sudo userdel

and this user details are stored in a file call Passwd which is in /etc/passwd location

using a text editor we can open the file and have a look.

sodo vi /etc/passwd this is where you can see all the created users and the system default users,

so you may think then where is the password to this user, you can see when you add a user the system the system will ask you to enter all the password , firstname, lastname, so its quite easy to create a user and set a password,

But what if you want to change the password for a user which was created earlier?
so issue the following command and set the new password

sudo passwd then enter, now you can see the system will ask you to enter the new password.

So the creation of user and changing the password is very simple,

Now as in windows, linux too has groups for each users. we will have a look how we can create modify a group in linux.

To create a group
sudo groupadd   

to delete a group
sudo groupdel   

now we will see how we can add a user which we have created just above to a group
so to add the user to a group
sudo adduser    

to delete user from a group
sudo deluser   remember the different between userdel and deluser, to delete user its userdel and to delete user form a  group its deluser

again as like the users , group details also saved as text file in the /etc/group location, with the help of vim or vi editor you can modify the groups and add users in this text file also. To add multiple users to a group just need to put comma (,) and add the user names on the right site that is all users added to group in text mode.

Now we will have a look on Permission, as you all know linux is more secure and really concern on its security on the files and directories so an administrator can change the security permission with the command call chmod.

basically linux has boolian number system to mention the permission
4- read
2-write
1-execute

so if a file has permission 777 means, in this three 7 each one of this for a special reason ,

the first digit is to specify the permission of this file owner , 2nd one to specify the permission of this file owner  group 3rd one is to mention the permission of every one else in this world,

So 7 means 4+2+1 which says the owner has permission to read , write and execute this file or directory,

the execute is a special case in linux where we may have some files to run like exe files in windows. so with out the execute permission we cannot run that file. So make sure if you have any files to execute you must give the permission.

consider a website you are running, so in that case you may need to do read and write work to htdocs directory.

so the user is you should have full permission , then give 7 to user, then the group of your user give 7 so every one in your group can have full permission, but what if you give full permission to everyone else? then ppl can do what ever they want and delete your files but remember some php files do need to execute so we ll give permission to read and execute and take the write permission out from others

so we will set the permission to 775 to a website directory. I hope you will get an idea about the permission now.

Alright so we have seen user, group, and permission but there is a big doubt while doing this all, what if i want to search a file in linux , how do i search?

linux has easy way to search files with different options,

sudo find -iname   , what is this iname means , its omit the case sensitive file name, So if you are not sure the file name has a capital or small letter dont worry just put -iname it will search and give you all the files such as Home,home,homE all are same in this case.

also if you are not sure the full file name you can use the * to search files with known characters such as wp-config.* this will display all the files with wp-config.

alright so we have come to a point where we got few idea about linux.

Now we will look the basic Networking stuffs in linux, this is very very basic only,

as in windows linux to has commands to see the ip address details but we have small change here , Windows use ipconfig but linux uses it as ifconfig.

and in windows we can release and renew the DHCP ip but then on linux how do you do that?

simple sudo dhclient this command will renew your IP from your DHCP server. remember we have to restart always if we do changes to a service so linux service for networking has to be restarted to active this changes , how do you restart the service?

sodu /etc/init.d/networking restart. this will restart the networking service , further you can use start, stop instead of  restart.

as i explained for users and group linux save the networking files details under the folowing location
using the vi editor we can open and see the configurations.

sudo vi /etc/networking/interfaces this is where we have the IP configuration details for linux.

if you want the linux machine to get IP from DHCP just modify the file as like this

iface eth0 inet DHCP 

if you want to assign IP manually then

iface eth0 inet static  then add the address details of your IP addres
Address
netmask
Network
Broadcast
gateway
DNS

So as we talk the DNS what is the file has the DNS details and resolve informations as like host file in windows
open the file sudo vi /etc/resolve.conf and change what ever the details you need to add,

if we talk DNS then we need to talk about the hostname as well so to see the hostname

sudo  /etc/hostname will display the hostname and to change this
sudo /etc/hostname

hope the details are use full and i ll keep posting more in future, on UFW firewall TAR and BACKUP.

Installing additional wordpress stack on a wordpress bitnami instance.

In this  post i am going to show the step by step installation of additional wordpress stack on a bitnami wordpress instance on AWS.

I hope this will help a lot to understand. Alright here we go.

First of all need to download the latest wordpress installation file in this post i am going to use the downloaded linux installation file.
file name: bitnami-wordpress-3.7.1-0-module-linux-x64-installer.run

I uploaded the file to /var/tmp via winSCP.

now lets see the installation steps.

Step 1:
go to /var/tmp

cd /var/tmp

sudo ./bitnami-wordpress-3.6.1-0-module-linux-x64-installer.run --wordpress_instance_name mywordpress

(mywordpress is the site name, later we need to do vhost to access this directly as a domain, until that i ll be accessing the new wordpress site as www.domain.com/mywordpress)

Step 2 :

step 3: 

Step 4:

Step 5: 

Step 6: 

Step 7:

All good , go to the URL and access the site. 

Enable or Disable Outlook Web App for a Mailbox

In this post i am willing to show you, how you can disable or enable the outlook web access through EAC, I hope this would help you to change/Edit your configuration easily.

1. In the EAC, navigate to Recipients > Mailboxes.
2. In the list of user mailboxes, click the mailbox that you want to enable or disable Outlook Web App for
3. On the mailbox properties page, click Mailbox Features.
4. Under Email Connectivity, do one of the following:
   
   • To disable Outlook Web App, under Outlook Web App: Enabled, click Disable.
     A warning appears asking if you're sure you want to disable Outlook Web App. Click Yes.
   • To enable Outlook Web App, under Outlook Web App: Disabled, click Enable.
5. Click Save to save your change.

How to backup a single mailbox in exchange server 2010

The easiest way to backup a singlemail box is to get the user to export his mailbox to a PST file but what if the user left the company, or you need to do it in the server?

This can be done using console command

What do you need to do is first give your account the permission to export the user mailbox.


[PS] C:\Windows\system32>New-ManagementRoleAssignment -Role "Mailbox Import Export" -User Administrator

close and reopen  then console before you try to export the mailbox.

now export the mail box to a folder 

New-MailboxExportRequest -Mailbox Saththiyan -FilePath \\exchange\c$\saththiyan.pst

Thats all go to c drive and check for the pst file. 

The Security database on the server does not have a computer account for this workstation trust relationship

If you receive the error: “The Security database on the server does not have a computer account for this workstation trust relationship” when you are tying to login to a domain account .This article will help fix this error when trying to logon to a domain account of a computer in a network.

To do this you will need:

· Access to the Domain Controller (DC)

· Domain administrators logon details

· The Workstations Local admin account login details

1. Login to the Domain controller and check to see if the Computer, which is having the issues, is available in Active Directory (AD).

a. Goto Start → Administrative tools → Active directory Users and Computers

b. Navigate to the List of computers that are connected to the domain.

2. If the computer isn’t available in this list you will just need to, on the computer, remove the computer from the current domain that it is on and then add it to the domain that it needs to be located on (see steps below). However if the computer is in the List you will need to:

a. Remove the computer from the current domain (on the local computer)

b. Delete the computer from AD (on the DC)

i. Right Click on the computer

ii. Click on Delete

For Windows Vista/7 & 8

1. Click the Start Menu and then right click Computer and go to Properties.

2. Click Change settings

3. Click Change

4. On the new window that should have popped up click the radio button next to Domain or Workgroup (depending if you are adding or removing the computer to the domain or a workgroup) (domain.local)or Workgroup name then click OK

5. You will be asked to provide the credentials of an account that has the rights to add the computer to the domain. Enter the username and password for the Administrator account.

6. After a brief pause you will be prompted with a welcome message. Click OK/Yes through these and the Computer should restart. If not tell the computer to restart.

7. Once booted again you can log in as the new user and set up an email account or anything else required by the user.

** If you ever need to remove a computer from the domain you can follow this procedure and select the WORKGROUP radio button instead of Domain in step 4. Bear in mind you will need to know the username and password of a local computer account in order to access the computer once it has been removed from the domain. **

How to Upgrade to Windows 8.1 From Windows 8

Make sure your PC has all recent Windows updates.
1a. Click settings on the Charms menu.

1b. Click Change PC settings.

1c. Select Windows Update

1d. Click the Check for updates now button to see if there are any new files. 

1e. Force any updates to install immediately by clicking on the “We’ll install . . . automatically” link then Intall.

2. Open the Windows Store app.

3. Click the Update to Windows 8.1 button. If you don’t see this button on the screen, check for updates again, close and reopen the Windows Store or reboot your machine.

4. Click the Download button to confirm

You may have to wait 30 minutes or more for the install to download, but you can keep using your computer during this time.

5. Click Restart Now when prompted

Your computer will then take several minutes installing Windows 8.1, complete with at least one reboot. You can walk away from your computer and do something else for 5 minutes or more because your input won’t be required for a while.

6.Click “I Accept” when presented with the License terms.

7. Click Use Express Settings at the bottom of the screen. You can also choose custom settings, but we find the Express settings work well for most users

8. Sign in to Windows as you normally would.

9. Allow Windows to send a security code to your phone if it prompts you. You can skip this step, but may not be able to sync your account across PCs without performing it later.

10. Enter the code you received on your phone at the prompt.

11. Click Next on the Skydrive screen.

You will then have to wait a few minutes while Windows finishes the install process. You’ll see some messages on the screen that say it is setting up and installing apps. 

Install certificate to iPhone ( Active Directory based Authentication)

Active Directory

Create a new computer entry under the Mobile Devices OU ( which is the one i am using for mobile hardware devices)

Enable Advanced Features under the View menu, then open the newly created computer object. Go to Attribute Editor and add the following attributes:

1. dNSHostName: devel1-ipad.domain.com.au
2. operatingSystem: iOS (descriptive only - doesn't affect EAP-TLS)
3. servicePrincipalName: HOST/devel1-ipad.domain.com.au (this is the name the device sends during the EAP-TLS negotiation, but with HOST in lowercase)

Certificate

Via the Certificate MMC snap-in (personal certificates), request a mobile device certificate. You need to have permission to enroll this certificate template.

1. Subject name: (Common name) devel1-ipad.domain.com.au
2. Alternative name: (DNS) devel1-ipad.domain.com.au
3. Friendly name: Development Team iPad 1 (match the description in the Active Directory computer object you created)

The certificate should successfully create and return signed by the Issuing CA.

Export the certificate (no private key) as DER encoded binary X.509 (.CER) by right-clicking on the certificate in the snap-in.

As an administrator (i.e. a user with Active Directory object modification rights), publish the exported certificate (file) to Active Directory:

> certutil -v -f -dspublish "devel1-ipad.cer" Machine

-------------------------------------------------------------------------------

Result

CN=devel1-ipad,OU=Mobile Devices,OU=Staff,OU=Hardware,DC=Domain,DC=com,DC=au?userCertificate

Certificate added to DS store.

CertUtil: -dsPublish command completed successfully.




Client-Side Configuration

iPhone Configuration Utility (both iOS and OS X)

Using the iPhone Configuration Utility, create a new (or duplicated) configuration profile.

Go to DC and open the iphone configuration utility software

In the Credentials tab:

• Import the company's Root certificate and the device certificate.
• Enter the device certificate's password (to match the one you used after selecting it).

In the Wi-Fi tab:

• Service Set Identifier: Network S
• Hidden Network: not ticked
• Security Type: WPA / WPA2 Enterprise
• Protocols: TLS (ticked), all others (unticked)
• Authentication / Username: host/hostname.domain.com.au (must match the Active Directory servicePrincipalName) N.B. "host" MUST be in lowercase, otherwise the AD service principal lookup will fail.
• Authentication / Identity Certificate: select the device certificate.
• Export the file to desktop as none security. 
• copy the .mobileconfig file to desktop machine whether the Apple device connected. 
• Open the Iphone configuration utility 
• file --> add to library 
• click on the device name on the left hand site.
• select the configuration profile.
• click install.
• then it ll pop up in the device and finish the installation on the device.

Push to the device by attaching via USB, going to the device's configuration profiles tab and clicking on Install for the relevant profile.

Configure FTP server in Linux

How to install FTP

The daemon is included in most versions of Linux. If you are using a Debian based distribution like Mint or Ubuntu, open a terminal window and type: sudo apt-get install vsftpd

If you are using a Red Hat based disto, open a terminal window and type: sudo yum install vsftp

How to configure FTP

To configure vsftp, open the vsftpd.conf file in the /etc directory. For instance, if you were using gedit as your text editor, you would type: sudo gedit /etc/vsftpd.conf

First, for a secure setup, you’ll want to disable anonymous access to your ftp server. Change this line: anonymous_enable=YES to anonymous_enable=NO

With anonymous access disabled, you’ll want to allow local users to log in, by uncommenting the following line: #local_enable=YES to local_enable=YES (simply remove the # sign).

Allow write access by uncommenting this line: #write_enable=YES to write_enable=YES

Save and close the file.

Setup an FTP user account:

sudo mkdir -p /home/ftp/ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false
sudo passwd ftpuser

Restart your ftp server:

Debian: sudo etc/init.d/vsftpd restart

Red Hat: sudo service vsftpd restart

Test:

netstat -a | grep ftp

Adding a Map Drive through GPO

Open the Group Policy Management Console by searching for it from the Start Menu

You’ll want to drill down into your domain until you reach the Machines object, where you can right-click and choose to Create a GPO.

We have to give our new policy a name, we will name ours Mapped Drives (General).

Now we can right click on the policy and choose edit.

The policy that controls mapped drives is located at

User Configuration\Preferences\Drive Maps

We need to select the policy and right click in the white space and select new mapped drive.

Change the action to create, and type a location for your shared folder.

Now set the label, this is the name that will appear on the drive in my computer. You will also need to choose a drive letter, it is a best practice to choose a static letter across the board, the last thing you need to do is change the radio button at the bottom to Show this drive.

Now when the users logon the drives will be effortlessly mapped.

How to add a Start Menu to Windows 8 Desktop

The Start menu from the desktop mode in Windows 8 is one of the most controversial talking points of the new windows 8 operating system. I’ve been using Windows 8 for the past few months on a non-touch laptop and have found there aren’t too many things I need to do in the desktop mode that can’t be achieved by pinning programs to the Task bar, or using Win + x shortcut 

The program I’ve been trying is Classic Shell. Click the link to download it. The version tested is 3.6.2. Following the wizard to install it. Once installed have a read of the readme file. You’ll now have a Classic Start menu

One thing to note, the Windows Key now opens the Classic Start menu, so if you want to get back to the Metro Start menu, hold shift and click the Classic Start menu button. Classic Shell also has the ability to boot the computer straight to the Desktop mode. Take a look at the Classic Shell Settings as these are both configurable settings along with many others.

Hope this will give you a real feel to use windows 8 and windows 7 desktop. Now take a big breath and work on your windows 7 , oh no Grrrr. Windows 8 system......

How to copy incoming or outgoing emails to another mailbox in Exchange 2010

Occasionally you may have a requirement to copy incoming or outgoing emails for specific users to another mailbox for monitoring or compliance purposes.

To be able to do this you can use an Exchange Transport Rule.

First open the Exchange Management Console, expand Organization Configuration, and select Hub Transport.

Right click the blank space in the main window and select New Transport Rule.

Select the conditions you want for the rule. Select from people as a condition, and then click the underlined value people to select from which people you want the rule to apply to. Click Add, and then add the email accounts you want to copy emails from. In our example we want to copy emails from the accounts mailbox. Click OK.

Click Next.

Now select the Action for the rule, in our scenario we are going to chooseBlind carbon copy (Bcc) the message to addresses, once selected, click the underlined addresses value. Click Add, select the user to Bcc the emails to, in our example we are going to Bcc the Administrator email account, clickOK, click Next.

If you want to add an exception to the rule you can do so next, in our example we want all emails to be copied so we won’t select an exception. Click Next.

Then on the Configuration Summary page click New to create the rule.

Done.....