Emacs Ediff Lose Focus

This seems to happen in emacs-21 and emacs-22, when I type next in the control panel, the cursor focus changes from control panel to one of the emacs diff buffers. I am not sure if this is relate to window manager (xfce) or emacs configuration. I have to change to it 'always on top' to fix the problem.

How to Undelete a Removed File on a NTFS File System

This is the instruction to recover a deleted file on a NTFS partition mounted on Linux. For windows, there are commerical software you can use to do the undelete. But if you have a Linux partition installed on your computer, you can recover/undelete the file in the NTFS partition under Linux for free.

To recover a deleted file on a NTFS partition use ntfsundelete (yum install ntfsprogs). For example, to recover abc.xls. First check the file deleted within a day (assume you deleted the file today, then recover the file with inode specified(in this case 106).

# ntfsundelete /dev/sda5 -t 1d
Inode    Flags  %age  Date           Size  Filename
---------------------------------------------------------------
106      FN..   100%  2008-10-14     14848  
4477     FN..   100%  2008-10-14     14848  

Files with potentially recoverable content: 2

# ntfsundelete /dev/sda5 -u -i 106 -o abc.xls
Inode    Flags  %age  Date            Size  Filename
---------------------------------------------------------------
106      FN..     0%  2008-10-14     14848  

Undeleted '(null)' successfully.

Also see instruction for undeleting a file on an ext3 file system.

How to Undelete a Removed File on an ext3 File System

If you accidentally delete a file on ext3, you can recover it using ext3grep. Below is an example where I am trying to restore the file test/tt.

# ext3grep  --dump-names /dev/sda10
Running ext3grep version 0.8.0
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set. This either means that your partition is still mounted, and/or the file system is in an unclean state.
Number of groups: 258
Minimum / maximum journal block: 1546 / 35888
Loading journal descriptors... sorting... done
....

test
test/.tt.swp
test/tt

# ext3grep  --restore-file 'test/tt' /dev/sda10
Running ext3grep version 0.8.0
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set. This either means that your partition is still mounted, and/or the file system is in an unclean state.
Number of groups: 258
Loading group metadata... done
Minimum / maximum journal block: 1546 / 35888
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1223927674 = Mon Oct 13 13:54:34 2008
Number of descriptors in journal: 25686; min / max sequence numbers: 198274 / 210642
Writing output to directory RESTORED_FILES/
Loading sda10.ext3grep.stage2... done
Restoring test/tt
# cat RESTORED_FILES/test/tt 
abc

Also see instruction on how to undelete a file on NTFS partition.

Also, you can try foremost and scalpel packages.

How to Undelete a File on Reiserfs and XFS

There are more work to recover a file on Reiserfs and XFS than either NTFS or ext3.

For reiserfs, see http://antrix.net/journal/techtalk/reiserfs_data_recovery_howto.comments

For xfs, see http://linuxwebdev.blogspot.com/2005/06/xfs-undelete-howto-how-to-undelete.html

Apache2 and Lighttpd

Which one should I use? Use lighttpd for static content like .html and apache for dynamic content like php.

Static Contents:
In my testing, lighttpd (1.4.19) can support at least 1.5 times as many connectoins as apache2 (2.2.9) could.

Dynamic Contents:
With php, they are about the same.

Configurations:
I found apache2 easier to configure than lighttpd. Compression support is better with apache2 than lighttpd.

EMail

Sendmail/postfix
Mail server like Microsoft Exchange Server. It supports SMTP to accept from and deliver to other servers. Postfix is easier to set up.

If your ISP blocks the SMTP port (25), you can not send/receive. But you can use postfix relayhost to send through a remote SMTP server (from your ISP). Instructions can be found here.

IMAP/POP
Protocols allow user to download email from a remote server. These are daemon as well.

Text Based Mail User Agent (MUA)
The two most popular ones are pine (alpine) or mutt (new elm). pine/alpine does not come with Centos. Alpine comes with at least Fedora 9.

Simple Security Set up

Disable ftp and telnet, use ssh instead. This is default on Redhat family. Use iptable and selinux. In addition:

1. Disable ssh login for root, add the following line to /etc/ssh/sshd_config:

   PermitRootLogin no

2. Use protocol 2 in ssh

   protocol 2

3. Reduce the number of retries

   MaxAuthTries 1

4. Slow down sshd brute force attack with iptables (twice/min)

   -A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 2 -j ACCEPT
   -A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -j DROP

5. Install pam_abl to auto blacklisting hosts.
6. Create nologin account for emails.
7. Use AllowUsers in sshd_config

   AllowUsers userid1 userid2

8. If tried ssh more than 6 times in a second, it is rejected for one hour:

   -N SSH
   -N SSH_ABL
   -A SSH -m recent --name SSH_ABL --update --seconds 3600 -j REJECT
   -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 6 -j SSH_ABL
   -A SSH_ABL -m recent --name SSH_ABL --set -j LOG --log-level warn --log-prefix "ABL: +SSH: "
   -A SSH_ABL -j REJECT
   # two second pause enforced between accesses
   -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "RATE: "
   -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
   -A SSH -m recent --name SSH_ABL --remove -j LOG --log-level warn --log-prefix "ABL: -SSH: "
   -A SSH -m recent --name SSH --set -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j SSH

9. tcpwrapper hosts.allow and hosts.deny.

Swappiness

Desktop with 3G RAM: vm.swappiness = 10
Laptop with 1G RAM: vm.swappiness = 0
Server with 1G RAM: vm.swappiness = 50

Domain Ownership Lookup with whois command

$ whois somedomain.com

Monitoring Network Stats with vnstat

$ vnstat
Database updated: Tue Oct  7 14:30:01 2008

 eth0

    received:      13.54 MB (81.2%)
 transmitted:       3.67 MB (18.8%)
       total:      17.20 MB

                 rx     |     tx     |  total
 -----------------------+------------+-----------
     today     13.54 MB |    3.67 MB |   17.20 MB
 -----------------------+------------+-----------
 estimated        21 MB |       4 MB |      25 MB

To enable the monitoring, uncomment the following line from /etc/cron.d/vnstat

 */5 * * * *  vnstat /usr/sbin/vnstat.cron

crontab

User create crontab files to be executed by crond:
crontab -l: list current crontab entries.
crontab -e: edit crontab entries
crontab -r: remove the crontab file

crontab files are located in /var/spool/cron

cron will also run scripts in
cron.monthly/ cron.daily/ cron.hourly/ cron.weekly/

fuser: check who is using a tcp/udp port

# fuser 702/tcp
702/tcp:              4336
# ps -ef |grep 4336
rpcuser   4336     1  0 Sep26 ?        00:00:00 rpc.statd
root      7692  7458  0 15:46 pts/0    00:00:00 grep 4336

nmap

To check machine 192.168.0.22, run nmap remotely from another machine.

# nmap -sT -sU -p 1-1023 192.168.0.22
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-10-05 15:44 MDT
Interesting ports on (192.168.0.22):
Not shown: 2040 filtered ports
PORT    STATE         SERVICE
22/tcp  open          ssh
25/tcp  closed        smtp
80/tcp  closed        http
443/tcp closed        https
631/tcp closed        ipp
631/udp open|filtered unknown

RPM

Querying

1. rpm -qa: query all installed packages
2. rpm -q firefox: query firefox installed
3. rpm -ql firefox: query list of files in firefox package
4. rpm -qpl name.rpm query list files in name.rpm
5. rpm -qid firefox: query package information including documentation files
6. rpm -qf /usr/bin/ab: which package that owns ab
7. rpm -qdf /usr/bin/ab: list document comes with package that owns ab
8. rpm -V package: verify a package
9. rpm -Va: verify all installed package
10. rpm -Vf /usr/bin/ab: verify the package that owns ab.
11. rpm -qa --qf "%-10{SIZE} %-30{NAME}\n" | sort -n | less: sort all installed packages by size.
12. rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n"    :list architecture
13. rpm -qpR package:    list package dependencies
14. rpm --test -e package: list what requires this package
15. rpm -qp --scripts package:   list package pre and post scripts
16. rpm -q --changelog package: package change log
17. rpm -qa --queryformat '%{SIZE}\n' | awk '{sum += $1} END {printf("Total size in packages = %4.1f GB\n", sum/1024**3)}':  total size of all rpms installed
18. rpm -q --provides  package:  what the package provides
19. rpm -q --qf '[%{obsoletes}\n]' package: show obsolete tags

Installing

1. rpm -ivh package.rpm: installing, verbose and show progress with ###
2. rpm -Uvh package.rpm: updating a package
3. rpm -Fvh *.rpm: updating the packages only if an earlier version is present

Uninstalling

1. rpm -e package
2. rpm -e --nodeps package

Check Dependency

$ rpm --test -ivh package.rpm

Rebuild RPM db (when it is corrupted or yum stuck)

# rm /var/lib/rpm/__db*
# rpm --rebuilddb

Auto Reboot after Kernel Panic

Add panic=5 to the kernel boot parameter in grub. Kernel will reboot 5 secs after kernel panic. For example,

kernel /vmlinuz-2.6.26.5-45.fc9.x86_64 ro root=LABEL=/1 rhgb quiet panic=5

Alternatively, add kernel.panic=5 in /etc/sysctl.conf. This will be loaded after next reboot or you can manually load it sysctl -p. To check,

# sysctl -a |grep kernel.panic
kernel.panic_on_unrecovered_nmi = 0
kernel.panic_on_oops = 1
kernel.panic = 5

.

Monitor and Restart Processes

monit can be used to monitor and restart server processes such as apache. See the link below for more info:

Monitor and restart Apache or lighttpd webserver when daemon is killed

RHEL and CentOS monit rpm can be downloaded here. Install on CentOs:

# rpm -Uvh monit-4.10.1-7.el5.i386.rpm
# vi /etc/monit.conf
# chkconfig --level 345 monit on
# /etc/init.d/monit start