How to Restart a Unresponsive Linux System with Reisub

It may sometime happen that our Linux system hangs completely and the only option available is to shut down the system via the power button.

The power button to reboot could cause a problem if your hard drive is still being written to, and usually causes more problems than it solves. The Linux kernel includes a secret method of restarting your PC

 * Hold down the Alt and SysRq (Print Screen) keys.
 * While holding those down, type the following in order: REISUB

Alt + PrintScreen + r + s + e + i + u + b

 * With above key combination your frozen Linux system will go for a reboot.

Here is what the individual keys do in that sequence
R:Switch the keyboard from raw mode to XLATE mode
E:Send the SIGTERM signal to all processes except init
 I:Send the SIGKILL signal to all processes except init
S:Sync all mounted filesystems
U:Remount all mounted filesystems in read-only mode
B:Immediately reboot the system, without unmounting partitions or syncing

How to Extract Audio from Video file using ffmpeg

FFmpeg is a complete solution to record, convert and stream audio and video. It is a command line tool to convert one video file format to another. It also supports grabbing and encoding in real time from a TV card. Several FrontEnds/GUIs available like WinFF, Super, Avanti, AutoFF, Xpegt, GVC.

You can easily extract audio from video files such as avi, mpg, even flv into mp3 uses ffmpeg. You can even record online stream into mp3, such as stream from radio cast.

The audio component can be extracted to an mp3 using floowing command (from the command line Terminal). (This will work for any type of video file, not just Flash.)

ffmpeg -i video.flv -ab 160k -ac 2 -ar 44100 -vn audio.mp3

-i indicates the input
-ab indicates the bit rate (in this example 160kb/sec)
-vn means no video ouput
-ac 2 means 2 channels
-ar 44100 indicates the sampling frequency.

How to reboot Linux server

# shutdown [-option] [ +Time [ Message ] ] ## man shutdown to find more the option

HPUX/AIX/SOLARIS/LINUX/TRU64 Pre-checking before reboot

Capture the system details

# bdf > /tmp/bdf.txt ## For HPUX

OR

# df –k > /tmp/df.txt ## For other OS

# netstat –in > /tmp/netstat.in.txt

# netstat –rn > /tmp/netstat.rn.txt

# lanscan > /tmp/lanscan.txt ## For HPUX

# ioscan –fn > /tmp/ioscan.txt ## For HPUX

# ps –ef | grep –i sap ## Double confirm no SAP running

# ps –ef | grep –I oracle ## Double confirm no Database running

AIX, SOLARIS, LINUX, TRU64 How to check disk space:

# df -k /var ## to check disk utilisation for /var filesystem

# find /var -xdev -type f -size +5000000c -exec ls -l {} \; | sort -nk 5 ## to find larger files in /var

HPUX How to check disk space: (using /var as example)

# bdf /var ## to check disk utilisation for /var filesystem

# find /var -xdev -type f -size +5000000c -exec ls -l {} \; | sort -nk 5 ## to find larger files in /var

TRU64 How to check CPU/Memory usage:

# vmstat OR iostat OR top ## to check CPU/Memory utilisation



· Find large processes which currently filled up the CPU/Memory usage.

LINUX How to check CPU/Memory usage:

# sar OR vmstat OR iostat OR top ## to check CPU/Memory utilisation



· Find large processes which currently filled up the CPU/Memory usage.

SOLARIS How to check CPU/Memory usage:

# sar OR vmstat OR iostat ## to check CPU/Memory utilisation



· Find large processes which currently filled up the CPU/Memory usage.

AIX How to check CPU/Memory usage:

# sar OR vmstat OR iostat OR topas ## to check CPU/Memory utilisation



· Find large processes which currently filled up the CPU/Memory usage.

HPUX How to check CPU/Memory usage

# glance OR top OR vmstat OR iostat OR sar

## to check CPU/Memory utilisation



· Find large processes which currently filled up the CPU/Memory usage.

How to check Ignite version in HP-UX

Command below can be used to find what is the version of Ignite installed in our server

shah@nxxx07:(shah)> more /opt/ignite/Version
C.7.1.93

C.7.1.93 is the version of installed Ignite :-)

How to get runlevel information in HP-UX

[hpa50-16]/ >who -r
. run-level 3 Apr 9 06:23 3 0 S

How to check software information in HP-UX

To check software information in HP-UX is simple. Just type swlist or /usr/sbin/swlist

[hpa50-16]/ >swlist
# Initializing...
# Contacting target "hpa50-16"...
#
# Target: hpa50-16:/
#

#
# Bundle(s):
#

B8342AA B.11.11.05 Netscape Communicator 4.75
BUNDLE11i B.11.11.0102.2 Required Patch Bundle for HP-UX 11i, February 2001
Base-VXVM B.03.20.1 Base VERITAS Volume Manager 3.2 for HP-UX
CDE-English B.11.11 English CDE Environment
FDDI-00 B.11.11.02 PCI FDDI;Supptd HW=A3739A/A3739B;SW=J3626AA
FibrChanl-00 B.11.11.09 PCI/HSC FibreChannel;Supptd HW=A6684A,A6685A,A5158A,A6795A
GOLDAPPS11i B.11.11.0112.6 Gold Applications Patches for HP-UX 11i, December 2001
GOLDBASE11i B.11.11.0112.6 Gold Base Patches for HP-UX 11i, December 2001
GigEther-00 B.11.11.14 PCI/HSC GigEther;Supptd HW=A4926A/A4929A/A4924A/A4925A;SW=J1642AA
GigEther-01 B.11.11.02 PCI/PCI-X GigEther;Supptd HW=A6794A
HPUX11i-OE-Ent B.11.11.0203 HP-UX Enterprise Operating Environment Component
HPUXBase64 B.11.11 HP-UX 64-bit Base OS
HPUXBaseAux B.11.11.0203 HP-UX Base OS Auxiliary
HWEnable11i B.11.11.0203.5 Hardware Enablement Patches for HP-UX 11i, March 2002
OnlineDiag B.11.11.06.09 HPUX 11.11 Support Tools Bundle, Mar 2002
RAID-00 B.11.11.01 PCI RAID; Supptd HW=A5856A
TermIO-00 B.11.11.05 PCI MUX; Supptd HW=A6748A/A6749A/J3592A/J35923A; SW=J3596A
b_SOPHOS 2.12 (SOPHOS) Sophos Anti-Virus
perl B.5.6.1.C Perl Programming Language

Tweak Windows 7 through Local Group Policy Editor

There are several desktop, start menu, taskbar, system tweaks you can apply using the Group Policy Editor in Windows 7.

To do so, type gpedit.msc in Start Search and hit Enter. This will open the Local Group Policy Editor.

In the left pane, expand User Configuration > Administrative Templates > Desktop.
In the right pane, you will see a lot of settings you can modify. Most will be Not Configured. Right click on any and select Edit. From the dialog box which is presented, you can Enable the setting.

Similarly, under each category like Start Menu and Taskbar, etc, you get plenty of setting which you can tweak to your requirement in Windows 7.

Should you again wish to disable any of the tweaked setting you have to simply set it at Not Configured or Disabled again.

Visit here for a full list of available settings in Windows 7 Group Policy editor!

You can open Group Policy in several ways, depending on the action that you want to perform and the object to which you want to apply it. The ways in which you can open Group Policy are described here at Microsoft.

Group Policy Preference Client Side Extensions for Windows Vista SP1.

Your Windows Updates would be showing a new update KB943729. It however, appears under the Optional Updates, and should be installed only if you need it. Vista SP1 has changed the tools that Administrators use to manage Group. SP1 uninstall's the Group Policy Management Console (GPMC) and GPEdit.msc will edit local Group Policy by default.

Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console, which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1. Group Policy Preferences enable information technology professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy.

Group Policy preferences are made up of more than 20 new Group Policy client-side extensions (CSEs) that expand the range of configurable settings in a Group Policy object (GPO). These new preferences are included in the Group Policy Management Editor window of the Group Policy Management Console (GPMC). The extensions are listed under each new preference item. Examples of the new Group Policy preference extensions include the following: • Folder options • Mapped drives • Printers • Scheduled tasks • Services • Start menu settings The packages that are listed in the "More Information" section include the CSEs for the new Group Policy preference functionality. These CSEs are required in Windows XP Service Pack 2 (SP2), Windows Server 2003 Service Pack 1 (SP1), and in Windows Vista to process the new preference items.

This installer does not provide any user interface for configuring Group Policy preferences. This new functionality can only be configured under the new preferences node in the User or Computer configurations of the Group Policy Management Editor window on the following computers: • Windows Vista SP1-based computers that have Remote Server Administration Tools (RSAT) installed • Windows Server 2008-based computers

More at KB943729. Download. 32bit Editions. 64bit Editions.

Fix: Power options not enforcing 60 second limit in Windows 7

This article details a known power options issue with Windows 7 where the kernel does not adhere to the minimum allowed time that is set by the user in the Group Policy Management Console for hibernation and sleep timeouts.

When a user creates a power policy setting by using the Group Policy Management Console (gpedit.msc), which establishes a sleep or hibernation timeout of less than 60 seconds, the kernel does not accept this change, and it sets the timeout to 60 seconds.

This is a known issue that exists, which allows the power policy settings to be changed by the user to values below the 60 second threshold even though these setting will not be used by the kernel. The kernel has a fixed minimum values of 60 seconds for sleep and hibernation timeouts.

To resolve this known issue, ensure that sleep and hibernation timeouts are set at the minimum 60 seconds.

7 steps to better Solaris Network Settings

I was auditing one of our customer again and this time round, i managed to come up with a 7 step guide to better secure the TCP stack for Solaris. Well, you guys can add on for more.

1. Configure for more random TCP sequence number generation. Check that in(/etc/default/inetinit), the TCP_STRONG_ISS is set to 2. For instance, TCP_STRONG_ISS=2

2. IP forwarding is to be turned off to prevent the machine acting as a router. To disable IP forwarding, a file "/etc/notrouter" need to be present. If the file is missing, issue the following command to create one : touch /etc/notrouter

To prevent dynamic routes updates via the network, move "in.routed" and "in.rdisc" away from "/usr/sbin" directory by perform the following commands :
mv /usr/sbin/in.routed /export/home/cfgh/base
mv /usr/sbin/in.rdisc /export/home/cfgh/base

3. Change default kernel IP settings for better security. Following the following steps to change the kernel IP defaults values :

Setup files and environment:
touch /etc/init.d/exconfig
ln -s /etc/init.d/exconfig /etc/rc2.d/S70exconfig
chmod 744 /etc/init.d/exconfig /etc/rc2.d/S70exconfig

Edit file "/etc/init.d/exconfig" and add the following lines:
#!/bin/sh
# /etc/init.d/exconfig
RELEASE=`/usr/bin/uname -r`
release7 ()
{
/usr/sbin/ex -set /dev/ip ip_forwarding 0
/usr/sbin/ex -set /dev/ip ip_strict_dst_multihoming 1
/usr/sbin/ex -set /dev/ip ip_send_redirects 0
/usr/sbin/ex -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ex -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ex -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ex -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ex -set /dev/tcp tcp_conn_req_max_q0 4096
/usr/sbin/ex -set /dev/tcp tcp_ip_abort_cinterval 60000
/usr/sbin/ex -set /dev/ip ip_respond_to_timestamp 0
/usr/sbin/ex -set /dev/ip ip_respond_to_timestamp_broadcast 0
/usr/sbin/ex -set /dev/ip ip_respond_to_address_mask_broadcast 0
/usr/sbin/ex -set /dev/arp arp_cleanup_interval 60000
id -a mqm > /dev/null 2>&1
if [ \$? -eq 0 ]
then
/usr/sbin/ex -set /dev/tcp tcp_keepalive_interval 600000
fi
}
release8 ()
{
/usr/sbin/ex -set /dev/ip ip6_forwarding 0
/usr/sbin/ex -set /dev/ip ip6_strict_dst_multihoming 1
/usr/sbin/ex -set /dev/ip ip6_send_redirects 0
/usr/sbin/ex -set /dev/ip ip6_ignore_redirect 1
/usr/sbin/ex -set /dev/ip ip6_forward_src_routed 0
/usr/sbin/ex -set /dev/ip ip_ire_arp_interval 60000
}
release6 ()
{
/usr/sbin/ex -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ex -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ex -set /dev/ip ip_strict_dst_multihoming 1
/usr/sbin/ex -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ex -set /dev/ip ip_forward_src_routed 0
}

if [ \$RELEASE = "5.7" ]
then
release7
elif [ \$RELEASE = "5.8" ] || [ \$RELEASE = "5.10" ] || [ \$RELEASE = "5.9" ]
then
release7
release8
elif [ \$RELEASE = "5.6" ]
then
release6
fi

4. Disable multicast from the server, edit the file "/etc/rc2.d/S72inetsvc" and comment out/remove the following lines :
#(
#if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then
# mcastif=`/sbin/dhcpinfo Yiaddr` || mcastif=$_INIT_UTS_NODENAME
#else
# mcastif=$_INIT_UTS_NODENAME
#fi
#
#echo "Setting default Ipv4 interface for multicase:" \
# "add net 224.0/4: gateway $mcastif
#
#/usr/sbin/route -n add -interface "224.0/4" "$mcastif" >/dev/null
#)&

For Solaris 10
Multicast would be disabled using /etc/rc2.d/S72inetsvc-os10

5. Denial of Service Prevention System Settings.
Services that must be disabled on all servers, unless required by business function from /etc/services. Services include: ftp-data ftp tftp pop2 pop3 pop-2 nntp chargen daytime discard echo finger talk who whois new-rwho klogin eklogin telnet systat netstat time

6. Prevent "core dump" generated by inetd as it may contain login information. This could be achieved by editing the file "/etc/rc2.d/S72inetsvc". Change the line :
/usr/sbin/inetd -s &
to /usr/bin/ulimit -c 0; /usr/sbin/inetd -s -t &
Note :
ulimit -c 0 : set the core file size to 0 byte
inetd -s -t : stand-alone server with tracing of all tcp connections

For Solaris 10
Create the script /etc/rc2.d/S72inetsvc-os10 as per below.
#cat /etc/rc2.d/S72inetsvc-os10
IPADDR=`netstat -nr | grep -w 224.0.0.0 | awk '{print $2}'`
/usr/sbin/route -n delete -interface "224.0/4" $IPADDR
/usr/sbin/svcadm enable inetd
/usr/sbin/inetadm -M tcp_trace=TRUE
#chmod 555 /etc/rc2.d/S72inetsvc-os10

7. .netrc files System Settings (.netrc files, .netrc files in root's home directory). Files are not permitted, remove the files if any, issue command find / -name .netrc -print