TCP/UDP Protocols/Prots & important port numbers in Linux OS

TCP/UDP Protocols/Ports are ranging from 0-65535 so total we have 65536 ports & because of the limitation in TCP/IP stack where the port number field is just 16-bit (unsigned integer) size. So we have only 2^16(2 to the power of 16) ports which are equal to 65536 ports

Port "Software Port" is piece of software which is used as docking point in your machine, where remote application can interact/communicate. "Hardware Port" is a physical peripheral connecting point to a machine from a physical device. "Socket" is combination of software Port and IP address.

Port numbers are assigned in various ways, based on following three ranges:

System Ports/Well known Ports (0-1023)
User Ports (1024-49151)
and the Dynamic and/or Private Ports (49152-65535)

some important default port numbers:
********************************************
TCP===6  (TCP has it's own port number in TCP/IP stack)

UDP===17 (UDP has it's own port number in TCP/IP stack)
http/Apache===80
https===443
rsync===873
Netbios(nmbd)===137
samba(smbd)===139
ftp data transfer====20 (For transferring FTP data)
ftp data control(command)=====21  (For starting FTP connection)
telnet===23
ssh==22
sftp==22
dns==53
bootp(dhcp server)===67
dhcp client===68
tftp===69
smtp===25
snmp===161
mysql===3306
pop3===110
imap====143
imaps====993
ntp===123
samba===901
nfs====2049
kerberos====88
tftp====69
ldap===389
uucp====540
nntp===563
mysql===3306
svn====3690
X11===6000-6063 (X11 use 6000 to 6063 ports for connecting X11 from remote server)
squid===3129

You can see all the port information from /etc/services file in Linux

Below is the process about How to check that what services running on specific port with particular PID and How to kill that (Note: you must have root access to run lsof & fuser super user command )

I hope this would give more & exact idea about ports,process(PID/PPID) & protocols(TCP/UDP) as per Operating System (OS) perspective.

As a normal user you can run netstat command & find out your query output as per below screenshots (consider this just as an example for you guys)


lsof - list open files (lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them.)

*****************
lsof examples:
*****************
To view the port associated with a daemon:

# lsof -i -n -P | grep sendmail
sendmail  31649    root    4u  IPv4 521738       TCP *:25 (LISTEN)

# lsof -i -n -P -U | grep -i sshd
sshd       2421      root    3u  IPv4              12545      0t0    TCP *:22 (LISTEN)
sshd       2421      root    4u  IPv6              12547      0t0    TCP *:22 (LISTEN)
sshd      10935      root    3u  IPv4              39787      0t0    TCP 127.0.0.1:22->127.0.0.1:58478 (ESTABLISHED)
sshd      10935      root    4u  unix 0xffff88008aab79c0      0t0  39843 socket
sshd      10935      root    5u  unix 0xffff88008a967080      0t0  39850 socket
sshd      31805      root    3u  IPv4             188908      0t0    TCP 172.29.76.151:22->172.29.79.185:1645 (ESTABLISHED)
sshd      31805      root    4u  unix 0xffff880107cbfcc0      0t0 189152 socket
sshd      31805      root    5u  unix 0xffff880099aa8cc0      0t0 189158 socket

From the above one can see that "sendmail" is listening on its standard port of "25" and "sshd" is listening on its standard port of "22"

Options:
========
    * -i Lists IP sockets.
    * -n Do not resolve hostnames (no DNS).
    * -P Do not resolve port names (list port number instead of its name).
    * -U This option selects the listing of UNIX domain socket files.
=========================


fuser - identify processes using files or sockets (fuser displays the PIDs of processes using the specified files or file systems.)

******************
fuser examples:
******************
# fuser -v -n tcp 80
                     USER        PID ACCESS COMMAND
80/tcp:              root       2797 F.... httpd
                     apache    17090 F.... httpd
                     apache    17091 F.... httpd
                     apache    17092 F.... httpd
                     apache    17093 F.... httpd
                     apache    17094 F.... httpd
                     apache    17095 F.... httpd
                     apache    17096 F.... httpd
                     apache    17097 F.... httpd
                     apache    17098 F.... httpd
# fuser -v -n tcp 8080
                     USER        PID ACCESS COMMAND
8080/tcp:            tomcat     2743 F.... java

#fuser -anu tcp 80
80/tcp:               2797(root) 17090(apache) 17091(apache) 17092(apache) 17093(apache) 17094(apache) 17095(apache) 17096(apache) 17097(apache) 17098(apache)

# fuser -anu tcp 8080
8080/tcp:             2743(tomcat)

Options:
========

* -k kills all process accessing a file. For example fuser -k /path/to/your/filename kills all processes accessing this directory without confirmation. Use -i for confirmation

* -i interactive mode. Prompt before killing process

* -v verbose.

* -u append username

* -a display all files



ss "socket statistics" command:
********************************
ss command is used to show socket statistics

ss -l ===> to display all open network ports
ss- s ===>to List currently established, closed, orphaned and waiting TCP sockets
ss -pl ===> to see process named using open socket
ss -pl | grep 3306 ===> to figureout who is responsible for opening socket/port # 3306
ss -t -a ==> To display all TCP sockets/ports
ss -u -a ==> To display all UDP sockets/ports

Please refer URL https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html to get more details regarding ss utility in Linux



ps - Displays The Processes
****************************

ps command will report a snapshot of the current processes. To select all processes use the -A or -e(entire) option:
Print All Process On The Server
# ps -A
# ps axu
#ps -ef

See Every Process Running As User John
# ps -U john -u john u

Few more commands as an example: (normal user can run below bold commands)

lsof -i:443
netstat -nlp
netstat -anlp
lsof -i | grep apache
lsof -i | grep root
lsof -i | grep 8080
lsof -i | grep -i listen
netstat -lp
netstat -anlp
lsof -i | grep -i listen
lsof -i | grep root
fuser -n tcp 8080
netstat -anpl | grep -i 8080
netstat -anp | grep -i 8080
lsof -i tcp:80
lsof -i:80
lsof -i udp:80
lsof -i udp
lsof -i tcp

about Network File System (NFS) "HARD" or "SOFT" mount in Linux OR why HARD mount is recommended for NFS in Linux

Network File System (NFS)
********************************

Hard Mount (Recommended)
=====================
If you have mounted the NFS filesystem using hard mount, it will repeatedly retry to contact the server. Once the server is back online the program will continue to execute undisturbed from the state where it was during server crash. We can use the mount option “intr” which allows NFS requests to be interrupted if the server goes down or cannot be reached. Hence the recommended settings are hard and intr options.

mount -o rw,hard,intr server1.example.com/home /nfs_share1

entry in fstab:
netapp01z:/vol/example_share  /opt/example  nfs  _netdev,vers=3,rsize=32768,wsize=32768,hard,intr,retry=20,bg 0 0

Soft Mount (Not Recommended)
========================
Suppose you have mounted a NFS filesystem using “soft mount” . When a program or application requests a file from the NFS filesystem, NFS client daemons will try to retrieve the data from the NFS server. But, if it doesn’t get any response from the NFS server (due to any crash or failure of NFS server), the NFS client will report an error to the process on the client machine requesting the file access. The advantage of this mechanism is “fast responsiveness” as it doesn’t wait for the NFS server to respond. But, the main disadvantage of this method is data corruption or loss of data. So, this is not a recommended option to use.

mount -o rw,soft server1.example.com/home /nfs_share1

hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft).

If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified.

If soft is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported.

Note:
====
Using soft mounts is not recommended as they can generate I/O errors in very congested networks or when using a very busy server.
intr — Allows NFS requests to be interrupted if the server goes down or cannot be reached.

Editors in Linux

================
Editors in Linux
================

GUI Editors
=========
emacs
nedit
gedit


CUI/TUI Editors
============
Vi (default Unix/Linux editor)
nano
ed/ex ==> line-oriented text editors


There are three modes:
==================
command Mode
Insert Mode
Execution Mode

command mode:
********************
yy ==> to copy the line
p ==> to paste the line
"n"yy ==> to copy "n" number of lines
dd ==> to delete the line
"n" dd ==> to delete "n" number of lines
x ==> to delete the character
dw ==> to delete the word
u ==> undo
ctrl + r ==> redo
shift + r ==> replace
shift + j ==> joining the lines
/<word> ==> search for a word


Insert Mode:
***************
i ==> for insert mode


Execution Mode:
*******************
:e! ==> reedit
:w ==> write the file (save)
:q ==> quit without saving the file
:wq ==> write the file (save) & quit the file
:wq! ==> forcefully write the file (save) & quit the file
:w! ==> forcefully write the file
:q! ==> quit forcefully  
:set nu ==> to show line numbers
:set nonu ==> to show all lines without line numbers
:85 ==> go to line number 85 (:n)


for find & replace
******************
:1,$s/redhat(old string)/rhce(new string)/g (global expression)
:1,10s/redhat/rhce
:1,15d ==> deleting from line 1 to 15
:1,%d ==> deleting the entire buffer
:1,$d ==> deleting the entire buffer
:n ==> next file
:rew ==> previous (rewinding) file
:w /appl/mynewfile ==> save the file with different location with different name


you can get more details about vi editor from below utility in Linux:
***************************************************************************
#man vi
or
#vimtutor

How to resolve Yum rpmdb: PANIC issue in Linux

How to resolve Yum rpmdb: PANIC issue in Linux

[root@Server1 etc]# yum clean all

rpmdb: PANIC: fatal region error detected; run recovery
error: db3 error(-30974) from dbenv->open: DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db3 - (-30974)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:


Solution
=======
To resolve this issue you can remove the yum databases and then rebuild them

Login as root
#cd /var/lib/rpm
#rm __db*
#rpm --rebuilddb

SSH access to root user in Linux

SSH access to root user in Linux
========================
Edit the /etc/ssh/sshd_config file
Change PermitRootLogin, PasswordAuthentication, ChallengeResponseAuthentication to yes and AuthorizedKeysFile     /root/.ssh/authorized_keys.
then restart ssh daemon
/etc/init.d/sshd restart
chkconfig sshd on

[root@instance-1centos67 yogeshanuvadia]# egrep -i "PermitRootLogin|PasswordAuthentication|ChallengeResponseAuthentication" /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
AuthorizedKeysFile     /root/.ssh/authorized_keys