Script to gather server information

Create a file called systeminfo.sh

# touch systeminfo.sh

#!/bin/bash
## Purpose: Collecting system Information Gather server information within a second
## Author Name: Sankar
## Date: 26th Apr 2016
MAILIST=sankarrhcss@gmail.com
DOMAIN=domain
TEMP=/tmp/temp
FILE=/tmp/asset/info.txt
USERID=`id -g`
if [ $USERID == 0 ]; then
echo "Script is Running ..."
else
echo "Please run the script using root user"
exit
fi
mkdir /tmp/asset
touch /tmp/temp
touch /tmp/asset/info.txt
echo -e "\n" > $FILE
echo "Collecting System Information" >> $FILE
echo -e "\n" >> $FILE
echo "collecting information...."
echo "Date: `date`" >> $FILE
echo "HostName: `hostname`" >> $FILE
echo "Installed OS Version: `cat /etc/issue |head -1`" >> $FILE
echo "`/sbin/ifconfig -a |grep "inet addr" | awk 'BEGIN { FS = ":" } ; { print $2 }'`" > $TEMP
echo "IP Address : `egrep '^10' $TEMP |awk '{ print $1}'`" >> $FILE
## Identifying Hardware Platform ##
HF=`uname -i`
if [ $HF == i386 ]; then
echo "Hardware Platform: 32Bit" >> $FILE
else if [ $HF == x86_64 ]; then
echo "Hardware Platform: 64Bit" >> $FILE
else
echo "Hardware Not Matched" >> $FILE
fi
fi
## Colleting Hardware Details ##
echo " " >> $FILE
echo "## Hardware Information" >> $FILE
echo " " >> $FILE
echo "Serial Number     : `lshal |grep system.hardware.serial`" >> $FILE
echo "Serial Number     : `/usr/sbin/dmidecode -s system-serial-number`" >> $FILE
echo "Model Number      : `lshal |grep system.hardware.product`" >> $FILE
echo "Model Number      : `/usr/sbin/dmidecode |grep "SKU Number"`" >> $FILE
echo "Hardware Vendor   : `lshal |grep system.hardware.vendor`" >> $FILE
echo "Hardware Info     : `dmesg |grep DMI`" >> $FILE
## Redhat Version ##
echo " " >> $FILE
echo "## OS Version" >> $FILE
head -n1 /etc/issue >> $FILE
echo -en '\n' >> $FILE
uname -a >> $FILE
## CPU Info ##
echo " " >> $FILE
echo " " >> $FILE
echo "## CPU Information" >> $FILE
grep "model name" /proc/cpuinfo >> $FILE
## RAM/MEMORY Info ##
echo " " >> $FILE
echo " " >> $FILE
echo "## Memory Information" >> $FILE
grep MemTotal /proc/meminfo >> $FILE
y=`grep MemTotal /proc/meminfo |awk '{ print $2 }'`
mb="$(( $y / 1024 ))"
gb="$(( $mb / 1024 ))"
echo "RAM : $gb GB" >> $FILE
## Verify the machine is using NIS ##
echo -e '\n' >> $FILE
cat /etc/yp.conf |grep $DOMAIN > /tmp/yptemp.txt
count=`cat /tmp/yptemp.txt | wc -l`
if [ $count -gt 0 ];
then
echo "`hostname` is part of NIS Domain" >> $FILE
cat /etc/yp.conf |grep finnis >> $FILE
else
echo "`hostname` is not part of NIS" >> $FILE
fi
echo -e '\n' >> $FILE
cat /etc/yp.conf |grep domain >> $FILE
echo -e '\n' >> $FILE
echo "Hard Disk Info" >> $FILE
fdisk -l 2>&1 | grep Disk | grep -v "identifier" | grep -v "valid partition" | awk '{print $2,$3,$4}' >> $FILE
echo -e '\n' >> $FILE
echo "Running Services" >> $FILE
service --status-all |grep running. |awk '{ print $1,$5}' >> $FILE
/bin/mail -s "Linux Asset Inventory `hostname`" $MAILIST < $FILE

Top 5 Enterprise opensource monitoring tools

1. Nagios

Nagios project is started in 1999. Nagios Enterprise monitoring tool will monitor your entire IT infrastructure to ensure systems, applications, services and business process are functioning properly. Which has two types of Software’s one is Nagios Core which is fully free (opensource) we have to configure everything by our own. Another one is Nagios XI which has beautiful GUI interface it is very easy to configure monitoring.
Nagios monitors your entire IT infrastructure to ensure systems, applications, services, and business processes are functioning properly. In the event of a failure, Nagios can alert technical staff of the problem, allowing them to begin remediation processes before outages affect business processes, end-users, or customers. With Nagios you’ll never be left having to explain why an unseen infrastructure outage hurt your organization’s bottom line.

Few Advantages using Nagios Core

1. Monitor your entire IT infrastructure
2. Spot problems before they occur
3. Know immediately when problems arise
4. Share Available data with stakeholders
5. Detect security breaches
6. Plan and budget for IT upgrades
7. Schedule Planed down times

Download Nagios Core

Nagios Core Installation and configuration Guide

2. Icinga

Monitoring Servers and networking devices with icinga2 is very easy. You can download and add plugins as many as like. No need to make set-up or maintenance of the monitoring system itself any more complex. That’s why Icinga 2 features a new configuration format that is intuitive to write, efficient to execute and even adjusts to the changing conditions of your environment at run-time.
Clear-cut, object-based configuration
Icinga 2 introduces a new object-based, rule-driven configuration format, which offers user-friendly features such as apply rules for dynamic object generation.
Taking inspiration from Puppet formats, Icinga 2 offers clear, “one best way” configuration rules. This allows Icinga 2 to depart from Nagios(TM)’s multiple configuration formats (e.g. defining host/service dependencies and parent/child relationships for hosts) – the cause of much user confusion.
The Icinga 2 configuration format is currently set as text files, in preparation for later transition to configuration via API, or GUI and CLI. A configuration migration script that translates existing Icinga 1 / Nagios configurations into the new Icinga 2 format also makes migration easier.
Apply & assign attributes
Keep configuration work to a minimum by defining templates to ”apply” to configuration objects. Apply services and notifications to hosts, or downtimes and dependencies to services.
Clever commands & runtime macros
Commands in Icinga 2 are smarter than their Nagios™-style cousins. To begin with, Icinga 2 offers three distinct command types: Check, notification and event commands. They can be given default values, custom attributes, runtime macros and conditional behaviours. Each additional option can be given precedence over the other, so that your configuration intelligently adapts at runtime to changing monitoring conditions.
Logical Dependencies
Say goodbye to confusing parent/child relationships. Dependencies in Icinga 2 are straightforward; they can be defined as host-host, service-service or mixed (host-service and service-host) and all work in the same manner.
Dynamic Notifications
Similar to Icinga 1, event handlers and notifications are supported. Thanks to the new dynamic configuration format, users can adjust notification settings at runtime (e.g. in order to implement on-call rotation).
For example, new notification objects replace notification-specific attributes for services, while user and user groups replace contact and contact groups. This new format allows notifications to be defined more precisely and intuitively. On top of this, escalations in Icinga 2 are configured as notifications with a defined beginning and end, as are recurring downtimes.

Download Icinga

3. OpenNMS

OpenNMS is the world’s first Enterprise opensource monitoring tool. Which is capable of monitoring Servers and Networking devices using SNMP protocol. OpenNMS has more and more features such as

1. Automated and Directed discovery and provisioning
2. Event and Notification Management
3. Service Assurance
4. Performance Measurement

Open Source: OpenNMS is 100% Free and Open Source software, with no license fees, software subscriptions or special “enterprise” versions.

Download OpenNMS

4. zabbix

Using zabbix enterprise level monitoring tool, we can monitorr real time thousands of servers, networking devices, virtual machines simultaneously.  Along with storing the data, visualization features are available (overviews, maps, graphs, screens, etc), as well as very flexible ways of analyzing the data for the purpose of alerting.  Zabbix offers great performance for dat gathering and can be scaled to very large environments.

Features

1. Monitor Everything
2. Enterprise Ready
3. Proactive Monitoring
4. Capacity Planning
5. True Open Source
6. Business Solutions

Download Zabbix

5. cacti

Cacti mainly used for Network device monitoring. We can create templates. Download performance data as CSV and we can do whatever we want. User Management and graphs. Cacti makes use of RRDTool  to generate graphs and collect data from Networking devices.  The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.

Features

1. Graphs
2. Datasources
3. Data Gathering
4. Template creation
5. Graph Display
6. User Management
7. Graph templates enable common graphs to be grouped together by templating. Every field for a normal graph can be templated or specified on a per-graph basis.
8. Data source templates enable common data source types to be grouped together by templating. Every field for a normal data source can be templated or specified on a per-data source basis.
9. Host templates are a group of graph and data source templates that allow you to define common host types. Upon the creation of a host, it will automatically take on the properties of its template.
10. The tree view allows users to create “graph hierarchies” and place graphs on the tree. This is an easy way to manage/organize a large number of graphs.
11. The list view lists the title of each graph in one large list which links the user to the actual graph.
12. The preview view displays all of the graphs in one large list format. This is similar to the default view for the 14all cgi script for RRDTool/MRTG.

Download Cacti

That’s About Top 5 Enterprise opensource monitoring tools

Types of Routing

Types of Routing

To be able to route a packet, a router must know at least the following:

• Destination address to where the packet is destined. Layer 3 protocols such an IP take care of this.
• Neighboring routers from which remote networks can be learned of and packets can be moved to on way to its destination.
• Routes to remote networks and a way to determine the best route to each of them.
• Way to learn, verify and manage routing information. Incomplete, incorrect or unstable routing information is worse than not having any routing information. If a router does not have routing information, it will drop the packets and let the source know. If a router has incorrect routing information, loops can form and bring down networks.

As you would have realized by now, the essence of routing is how the router learns about the remote networks. Routing information is stored in the routing table also called the Routing Information Base (RIB). The RIB consists of routes to destination networks. Each route is a combination of the destination network address, subnet mask and the next hop towards the destination. There are three ways for a router to learn routes:

1. Static Routing – This is the method by which an administrator manually adds routes to the routing table of a router. This is a method for small networks but it is not scalable for larger networks.
2. Default Routing – This is the method where all routers are configured to send all packets towards a single router.  This is a very useful method for small networks or for networks with a single entry and exit point. It is usually used in addition to Static and/or Dynamic routing.
3. Dynamic Routing – This is the method where protocols and algorithms are used to automatically propagate routing information. This is the most common method and most complex method of routing. Each routing protocol can have chapters or even whole books written about then. Most of them have one or more RFCs dedicated to them. In fact, the whole of the next chapter is dedicated to dynamic routing.

The following sections look at each of these routing types while implementing the first two types in our example network.

Static Routing

When you manually add routes to the routing table, it is called static routing. There are advantages and disadvantages in using static routing. The advantages are:

1. There is no overhead in terms of CPU usage of the router as well as bandwidth between routers. When dynamic routing is used, packets are exchanged between routers and that uses bandwidth. That can be costly when they traverse across WAN links. The routers also need to process these packets and that consumes some CPU cycles as well.
2. It adds a certain degree of security since the administrator controls which routes the routers can know and learn.

The disadvantages of static routing are:

1. The administrator needs to know the internetwork so well that he/she knows where each destination network lies and which is the next hop towards it.
2. Every change needs to be manually done on each router in the internetwork.
3. In large networks this can be unmanageable.

To add a static route, use the following command in the global configuration mode:

ip route destination_network mask {next_hop_address | exit_interface}

As you can see, the command is pretty simple. You need to specify the destination network address, its mask and the address of the next hop towards the destination. You can also specify the exit interface instead of the next hop address. Using the exit interface will cause the router to reply or ARP query and response from the next hop router and is not generally recommended.

Figure 4-2 Static Routing

 

Let us configure our example network shown in Figure 4-2 (Figure 4-1 is repeated as Figure 4-2 so that you it is easier to understand), using static routing. To configure static routing, you need to look at the path traffic will taken from source to destination and back from destination to source. Each router in the path should know the source and destination network. So assuming our source is in network 192.168.1.0/24 (Host1) and our destination is in 192.168.5.0/24 network (Host3), let us look at the source to destination path, which is Router1->Router2->Router3.

1. Router1 does not know about the destination network. So we need to add a route. The next hop for Router1 towards the destination is Router2’s fa0/0 interface. The route can be added using the following command:
   

   Router1(config)#ip route 192.168.5.0 255.255.255.0 10.1.1.2
2. Router2 also does not know about the destination network. So we need to add a route telling it that the next hop towards 192.168.5.0/24 is Router3’s fa0/0 interface. The following command can be used to add the route:
   

   Router2(config)#ip route 192.168.5.0 255.255.255.0 10.1.2.2
3. Router3 knows the destination network since it is directly connected to it. So a route need not be added.

Following the path back from the destination to source, which is Router3->Router2->Router1:

1. Router3 does not know the 192.168.1.0/24 network, so a route should be added using the following command:
   

   Router3(config)#ip route 192.168.1.0 255.255.255.0 10.1.2.1
2. Router2 also does not know the 192.168.1.0/24 network, so a route should be added using the following command:
   

   Router2(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.1
3. Router1, being directly connected to 192.168.1.0/24, knows about the network already.

To view the routing table and verifying static routing, you can use the show ip route command. The output from all three routers in our example is given below:

Router1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
S    192.168.5.0/24 [1/0] via 10.1.1.2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
Router2#sh ip route
-output truncated–
S    192.168.5.0/24 [1/0] via 10.1.2.2
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.2.0 is directly connected, FastEthernet0/1
C       10.1.1.0 is directly connected, FastEthernet0/0
S    192.168.1.0/24 [1/0] via 10.1.1.1
Router3#sh ip route
-output truncated–
Gateway of last resort is not set
C    192.168.5.0/24 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C       10.1.2.0 is directly connected, FastEthernet0/0
S    192.168.1.0/24 [1/0] via 10.1.2.1

Though the output of the show ip route command will be discussed in detail later in the chapter and in the next chapter, here are a few things you need to know now:

1. The letter at the start of each line shows how the router was learned. The meaning of each letter is given at the beginning of the output as can be seen form the output from Router1. C stands for directly connected routes. These are the networks to which the router is directly connected. S stands for static routes. As you can see, the routes that you added are shown in lines that start with S.
2. You should verify the network and subnet mask in the output to see if you typed the correct information.
3. The IP address after “via” shows the next hop address for this destination.

The outputs show that all the routes that you added above have taken effect and traffic can flow between the 192.168.1.0/24 and 192.168.5.0/24 networks in both directions now. You may have noticed that Router1 still does not know about the network between Router2 and Router3 (10.1.2.0/24) and Router3 does not know about the network between Router1 and Router2 (10.1.1.0/24). Though it is not necessary for them to know about these networks, from a troubleshooting perspective it better to add routes for these networks also as shown below:

Router1(config)#ip route 10.1.2.0 255.255.255.0 10.1.1.2
Router3(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1

After these routes are added, the example network has complete reachability using static routing.

Default Routing

Default routing can be considered a special type of static routing. The difference between a normal static route and a default route is that a default route is used to send packets destined to any unknown destination to a single next hop address. To understand how this works, consider Router1 from our example (Figure 4-2), without any static routes in it. When it receives a packet destined to 192.168.5.0/24 it will drop it since it does not know where the destination network is. If a default route is added in Router1 with next hop address of Router2, all packets destined to any unknown destination, such as 192.168.5.0/24 will be sent to Router2.
Default routes are useful when dealing with a network with a single exit point. It is also useful when a bulk of destination networks have to be routed to a single next-hop device. When adding a default route, you should ensure that the next-hop device can route the packet further, or else the next hop device will drop the packet.
Another point to remember is that when a more specific route to a destination exists in the routing table, the router will use that route and not the default route. The only time the router will use the default route is when a specific route does not exist.
The command to add a default route is same as that of adding a static route, but with the network address and mask set to 0.0.0.0 as shown below:

ip route 0.0.0.0 0.0.0.0 next-hop

In our example network, the only exit point for the 192.168.1.0/24 and 192.168.5.0/24 networks is towards Router2. Hence, we can remove the static routes from Router1 and Router3 and add default routes as shown below:

Router1(config)#no ip route 10.1.2.0 255.255.255.0 10.1.1.2
Router1(config)#no ip route 192.168.5.0 255.255.255.0 10.1.1.2
Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
Router3(config)#no ip route 10.1.1.0 255.255.255.0 10.1.2.1
Router3(config)#no ip route 192.168.1.0 255.255.255.0 10.1.2.1
Router3(config)#ip route 0.0.0.0 0.0.0.0 10.1.2.1

Remember that since Router2 has multiple exists, you cannot use default routing there. It still needs the static routes.
Take a look at the routing table on Router1 and Router3 after the above changes:

Router1#sh ip route
–output truncated–
Gateway of last resort is 10.1.1.2 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 10.1.1.2
Router3#sh ip route
–output truncated–
Gateway of last resort is 10.1.2.1 to network 0.0.0.0
C    192.168.5.0/24 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C       10.1.2.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 10.1.2.1

In the above output notice that the static route to 0.0.0.0/0 is now seen in the routing table. Apart from that, the gateway of last resort is now the next-hop as specified in the default route.
A second way of adding a default route would be to specify the exit interface instead of the next-hop address. For example, on Router1, you can use the following command instead of the one used above:
Router1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
This tells the route to forward all packets, destined to unknown destinations, out fa0/0. While this will accomplish the same thing, the big difference is that a static route with an exit interface specified will take preference over a static route with next-hop specified. This is because the administrative distance of a route with exit interface is lower than the other one. Administrative distance is covered later in the chapter.
A third way of defining a default route is using the ip default-network command. Using this command you can tell the router to use the next-hop address of a known network as the gateway of last resort. For example, on Router1, you can use the following two commands to set the gateway of last resort:

Router1(config)#ip route 10.1.2.0 255.255.255.0 10.1.1.2
Router1(config)#ip default-network 10.1.2.0 

The second command will cause the router to lookup the route to 10.1.2.0 and use 10.1.1.2 (next-hop address for 10.1.2.0) as the gateway of last resort.
The routing table will look as shown below, after the above two commands are entered:

Router1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 10.1.1.2 to network 10.1.2.0
S    10.1.2.0/24 [1/0] via 10.1.1.2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0

The difference between using the ip route command and the ip default-network command for adding a default route is that the route added using ip route command is local and does not get propagated through a routing protocol, if one is enabled. The route added through the ip default-network command will get propagated by a routing protocol.
Another thing to remember is that prior to IOS version 12.4, the ip classless command was not enabled by default. You will remember from Chapter 2, that if the ip classless command is not used, the router will do classful routing and expect a default mask on each interface. A side effect of this command not being present is that if the destination network is not in the routing table, the router will drop the packet. If you are using default routing, it is possible that you do not have any specific routes in the table. So you must enable classless routing using the ip classless command for default routing to work.

Dynamic Routing

Dynamic routing is when protocols, called routing protocols, are used to build the routing tables across the network. Using a routing protocol is easier than static routing and default routing, but it is more expensive in terms of CPU and bandwidth usage. Every routing protocol defines its own rules for communication between routers and selecting the best route.
Routing protocols are broadly classified as Interior Gateway Protocols (IGP) or Exterior Gateway Protocols (EGP). IGPs are used to exchange routing information within internetworks that fall under a single administrative domain (also called Autonomous Systems). EGPs on the other hand are used to exchange routing information between different autonomous systems. Common examples of IGPs are Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). These are covered in detail in the next chapter. On the other hand, Border Gateway Protocol (BGP) is an example of EGP. It is the protocol used for routing information exchange on Internet. It is beyond the scope of CCNA, hence we will not cover it in this book.
While the next chapter covers the IGPs in detail, the rest of this chapter is dedicated to basics of routing protocols that are necessary for you to understand before looking into specific protocols.

Cisco CCNA 200-120
Economy Kit

$369.99

Cisco CCNA 200-120
Standard Kit

$564.99

Cisco CCNA 200-120
Premium Kit

789.99

Understanding IP Routing

Understanding IP Routing
Home/Study Guides/CCNA Routing & Switching 200-120/Chapter 4 Introduction to IP Routing/4-1 Understanding IP Routing

In the simplest terms, IP Routing is the process of moving packets from its source to its destination across internetworks. To be able to route packets, a router must know at a minimum the following:

    Destination address
    Neighbor routers from which it can learn about remote networks
    Possible routes to all remote networks
    The best route to each remote network
    Be able to maintain and verify routing information

Unfortunately the process is not as simple as it sounds because it involves multiple protocols at multiple layers. To understand the complete process of how a packet moves from the source to the destination, consider the network shown in Figure 4-1.

 Figure 4-1 Understanding IP Routing

 understanding ip routing

In the network shown above, when Host1 sends a TCP segment to Host3, the following happens:

    The TCP segment is handed off to IP, which adds a header consisting of the source address, 192.168.1.10 and destination address 192.168.5.20 and hands off that packet to the next layer.
    Using the subnet mask of the host, it is determined that the destination address lies in a remote network and hence the packet must be sent to the default gateway, 192.168.1.1. So Host1 sends out an ARP request to find the MAC address of Router1. When a response is received, it frames the packet with the source MAC address of Host1 and destination MAC address of Router1.
    When Router1 receives the frame, it strips of the header and trailer and looks at the destination address in the IP header. Since the packet is not destined to Router1, it must be routed out.
    It tries to match the destination address to a list of known networks, called the routing table. It finds that the destination network is reachable via Router2, so it frames the packet with the source MAC address of its exit interface (interface with the IP address of 10.1.1.1) and the destination address of Router2’s interface.
    When Router2 receives the frame, it repeats the strip and lookup process and frames the packet again before sending it to Router3. This time the MAC address of Router2’s exit interface is the source address while the MAC address of Router3 is the destination address.
    Finally Router3 looks at the destination MAC address and realizes that the destination network is directly connected. It finds the MAC address of the destination host and frames the packet using its own MAC address as the source while the MAC address of Host3 as the destination address. At last the frame is sent out and reaches the destination host.
    At the destination, the frame is stripped and the destination IP address is verified. Then the IP header is stripped and the TCP segment reaches Layer 4 of the destination.
    Now when Host3 needs to reply back to Host1, TCP will hand off the reply segment to IP.
    IP will add a header consisting of a source address of 192.168.5.20 and a destination address of 192.168.1.10 and will send it to layer 2 for framing.
    By the subnet mask of Host3, it is determined that the destination lies in a remote network. Hence the frame will need the MAC address of the default gateway as destination. If Host3 does not have the MAC address of Router3, it will send an ARP query to get it. Once Host3 has the MAC address, it will frame the segment and send it out to Router3.
    Router3 strip the frame header and look at the destination IP address in the IP header. From its routing table, it will know that the packet needs to go to Router2. It will frame the packet with a source MAC address of its fa0/0 interface and the destination MAC address will be the address of Router2’s fa0/1 interface and then send it out to the wire.
    Router2 receives the frame and repeats process to send the packet to Router 1.
    Router1 receives the frame from Router2 and removes the frame. By the destination IP address it knows that the packet belongs to a directly connected interface.
    Since it received a frame from Host1 earlier, it has the MAC address of the host mapped to its IP address in the ARP table. The router uses that to create a frame with its fa0/0 interface’s MAC address as source and Host1’s MAC address as destination and sends the frame out the interface.
    When Host1 receives the frame, it verifies the destination address, strips the frame and IP header and sends the TCP segment to layer 4.

Exam Alert: Remember that the source and destination IP address do not change throughout the process while the source and destination MAC address changes at each segment. You will see multiple questions about this on the CCNA exam!  The MAC address is only locally significant and changes each hop.

The above steps show how a TCP segments moves from its source to its destination across an internetwork. The steps above assume that each router in the path knows where the destination network lies. But as you have seen in the previous chapter, a new router has no configuration and the router is not going to discover remote networks by itself. You will need to tell the router about the remote networks manually or configure it to learn the routes dynamically by talking to other routers.
Note: The network shown in Figure 4-1 will be used throughout the chapter. I strongly suggest you setup the above network and configure the basic connectivity. It will also allow you to practice everything learned in the previous chapter, once again.

Swap memory clear

Virtual Memory is called as Swap space in Linux and  is used when the physical memory (RAM) is full. When the system needs more memory and the RAM is full, inactive pages in the memory will be moved to the swap space. Swap is not a replacement to physical memory,  it is just a small portion on hard drive; it must be created during the installation. It is better to have swap space equal to 2X RAM.

Sometimes, system will use full amount of swap memory even when the system has enough physical memory available, this happens because inactive pages that are moved to swap during the high memory usage have not gone back to the physical memory in normal condition. That time we have to manually clear (Move the inactive page to Physical RAM) by using the following command.

First issue the following command to initiate the move, this will take time depends on size of the swap memory.

PS: You must have enough physical memory available on the system before initiating the following commands, that means

Swap Memory = Free Memory of Physical RAM.

If you want to clear the 2GB of swap memory, you need to have more than 2GB free memory on the physical memory RAM.

swapoff -a

Once the above command completed successfully, issue the following command to re enable the swap.

swapon -a

Postfix Spam EMail Queue Fix

The following commands will allow you to review these queues:

1- Display the mail queues, deferred and pending

mailq

or

postqueue -p

To save the output to a text file you can run:

mailq > mailqueue.txt

or

postqueue -p > mailqueue.txt

Either of these commands will show you all queued messages.

NB: this command shows the sender and recipients and ID, not the message itself. The ID is particularly useful if you want to inspect the message itself.

2- View message (contents, header and body) in Postfix queue

To view a message with the ID XXXXXXX

(you can see the ID from the queue)

postcat -vq XXXXXXXXXX

Or to save it in a file

postcat -vq XXXXXXXXXX > emailXXXXXXXXXX.txt

A useful feature for web servers is to enable mail.add_x_header = on in the Postfix configuration. This will add a header to all outgoing email messages showing the script and user that generated each message.  Once enabled this will then add the following extra header to message:

X-PHP-Originating-Script: 1001:spamEmailer.php

In this example 1001 is the UID and the spamEmailer.php was the script sending the message. This can allow you to quickly track down the source of spam messages being sent by your server.

With these commands you should be able to review your mail queue and make sure that intended messages are being sent and have not been rejected.

How to delete queued mail from the mail queue

Now that we have learned the necessary steps to reviewing your mail queue, the final 3 tips will demonstrate how to delete queued mail.

3- Tell Postfix to process the Queue now

postqueue -f

OR

postfix flush

This will cause Postfix to immediately attempt to send all queued messages.

4- Delete queued mail

Delete all queued mail

postsuper -d ALL

Delete only the differed mail queue messages (i.e. only the ones the system intends to retry later)

postsuper -d ALL deferred

5- Delete mail from the queue selectively

This is not something that is natively included with the standard Postfix tools however can be done with a bit of Perl scripting.

NB: This perl script seems to be free, and is all over the internet however I could not find out where it originates or who wrote it but my thanks go to them!

#########################################

#!/usr/bin/perl

$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";

@data = qx</usr/sbin/postqueue -p>;

for (@data) {

  if (/^(\w+)(\*|\!)?\s/) {

     $queue_id = $1;

  }

  if($queue_id) {

    if (/$REGEXP/i) {

      $Q{$queue_id} = 1;

      $queue_id = "";

    }

  }

}

#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;

open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;

foreach (keys %Q) {

  print POSTSUPER "$_\n";

};

close(POSTSUPER);

#########################################

Usage Examples:

Delete all queued messages to or from the domain called spamers.com, enter:

./postfix-delete.pl spamers.com

Delete all queued messages that contain the word "spam" in the e-mail address:

./postfix-delete.pl spam

Setup a self-signed SSL site with Apache2

Login and registration pages are often among them. This guide will show you how to quickly set-up a SSL site with a self-signed certificate and automatic HTTP-to-HTTPS redirect. This is ideal for setting up staging environments.
I’ll assume you have a standard Centos system with the apache2 package installed and ready.

Here's what we're going to do, in order:

1. Make sure Apache has SSL enabled.
2. Generate a certificate signing request (CSR).
3. Generate a self-signed certificate.
4. Copy the certificate and keys we've generated.
5. Tell Apache about the certificate.
6. Modify the VirtualHosts to use the certificate.
7. Restart Apache and test.

Let's start with making sure that SSL is enabled by using the a2enmod utility to enable the SSL module:
sudo a2enmod ssl

Generate the CSR

Now it's time to generate the CSR, and fill out the questions you'd normally have verified by a Certificate Signing Authority:
sudo openssl req -new > new.ssl.csr
Once you do this, you'll be prompted for a passphrase — you're going to want to remember the passphrase.
Now, you're going to walk through a set of questions:

Generating a 1024 bit RSA private key
................++++++
........................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:Enter Code Here
State or Province Name (full name) [Some-State]:Enter State Here
Locality Name (eg, city) []:Enter City Here
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Enter Company Name
Organizational Unit Name (eg, section) []:Org Unit (if you have one)
Common Name (eg, YOUR name) []:First and Last Name
Email Address []:Work Email

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Leave Blank
An optional company name []:Optional

Parts in bold emphasis require input. You want to leave the challenge password blank, otherwise you'll need to enter this every time you restart Apache.

Generate the Certificate

Now it's time to create the certificate. You're going to use OpenSSL again to create the certificate and then copy the certificate to /etc/ssl where Apache can find them.

sudo openssl rsa -in privkey.pem -out new.cert.key
sudo openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
sudo cp new.cert.cert /etc/ssl/certs/server.crt
sudo cp new.cert.key /etc/ssl/private/server.key

The -days option sets the length of time before the certificate expires. I went ahead and (roughly) calculated the time until the release of Ubuntu I'm using will be out of support. You can revoke a certificate or replace one before the cert expires, of course.
Now, you have the key (server.key) and PEM certificate (server.crt is a PEM certificate). You need to make sure that the key is not world-readable, but that the certificate is.

Configure Apache

Now that we've got the certificate in place, you need to edit the Apache configuration to add SSL to your site. Your configuration may differ, depending on how you have your sites set up and whether you're only serving one site or whether you're serving several domains from your server.
Here's how I edited my configuration, which was located in /etc/apache2/sites-available/mydomain.net:

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin email address here
    ServerName mydomain.net
    ServerAlias www.mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/
    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin 
 jzb@zonker.net
    ServerName mydomain.net
    ServerAlias www.mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/

    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined

    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>

If you're already using the domain, you don't need to do anything but restart Apache. If you're setting Apache up for the first time, or this is a new domain, then you want to run this: