Here it goes: Need to create a bash script which asks for a word from user, say either “one”, “two” or “three” and then check in single if statement (no else if section) that if its not “one” or “two” or “three” then print Not OK otherwise print OK.

Further, here is a snippet, check and figure out why its not working as expected:

#!/bin/bash
echo -n Enter a word:
read myword
 
if [[ $myword != "one" || $myword != "two" || $myword != "three" ]]; then
 echo Not OK
else
 echo OK
fi

Please put your suggestion/solution script in comments.

1. Using Cron
   If script needs to be executed every x minute or a frequency which is more than a minute, then it should run through cron only. You can also place it in cron when the script itself contains code to execute repeatedly. Make sure to redirect all its logs/errors to some log file for checking in case some issue occurs.
2. Using Daemon
   If script requires running on frequency less than a minute which is not supported by cron, then a wrapper script acting as daemon can be created to control the execution of our script. This wrapper shell script will run continuously and execute our script at desired internal after verifying that it should not be running already. Means no two instances should run at a time. What if our wrapper script get’s terminated somehow? Put it in inittab which will keep it running always. Let’s take an example.Suppose we need to execute /usr/local/myscripts/example.php every second. Here are the steps you should take to create its wrapper script and start execution:
1. Create a wrapper shell script with same name as actual script (but with .sh extension), let’s say /root/example.sh:
   $ cat example.sh
#!/bin/bash
while [ true ]; do
sleep 1 ## frequency at which script will be executed
if [ -z "`ps ax | grep example.php| grep -v grep`"]; then ## do not run more than one instance of script
`nohup /usr/bin/php /usr/local/myscripts/example.php`
fi
done

2. Put wrapper script entry in inittab to keep it running:
   $ vim /etc/inittab
# Run xdm in runlevel 5
..
dm:234:respawn:/root/example.sh
..

3. Finally, re-read inittab to start daemon which in result will start our script:
   
$ init q

   You can verify by checking processlist that daemon and our scripts are running.
3. Using hatool
   This is another way to run scripts. We will make use of two external tools: halockrun and hatimerun. halockrun will keep script running and keep a lock file to check avoid multiple instances while with hatimerun we can specify after how much time script can be terminated (because sometimes scripts become stale/defunct).
   Let’s take an example, here’s the example cron entry using these tools:
   * * * * hatimerun -t 300 halockrun -nc /tmp/example.lock /usr/bin/php /usr/local/myscripts/example.php
   In above example, hatimerun will terminate script after 300 ms and halockrun will again execute it keeping lock file to avoid multiple instances.

let’s check our mail server now, it may be mail.youdomain.com or localhost depending on what you are using right now, here’s the full process:

# telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
mail from: me@example.com
250 2.1.0 Ok
rcpt to: other@example.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Just a test. 
This is test mail using telnet.  
.
250 2.0.0 Ok: queued as 6846838401D6
quit
221 2.0.0 Bye
Connection closed by foreign host.
#_

here,

# telnet localhost smtp

We are trying connecting localhost on port 25 (smtp). It should get connected and ready to accept your next command

mail from: me@example.com

here you are specifying the sender mail id, it should be a valid mail account otherwise mail server can reject the sender address.

rcpt to: other@example.com

This is the recipient mail address.
then write ‘data’ and then in new line write ‘Subject: your subject’, press Enter and start writing contents of your mail. when you want to close, write a dot (.) and press Enter. message should be sent/queued in mail queue.
Check the recipient mail address, if mail server is working ok, you should get this mail there.

Other than this method where you can quickly use mail command also, like this:

# echo "This is a test mail to check mail server." | mail - s "This is test subject" other@example.com

This is a single line command but alas! we didn’t supply sender here which may trigger rejection from mail server.

You can also use mutt tool to facilitate this, if its there in your machine, like this:

# mutt -s "Test mail" other@example.com < message.txt

here message.txt contains mail message.

I’ve suggested them some points as per described below for ensuring secure access to servers. They have 5-6 Linux servers. This is obviously may not be the best way and I’m as always appreciate if you can give your suggestion in comments. My approach is that from 6 servers, we will be able to login only in 2 servers from remote through key based access and from these 2 server, we can access remaining. Here’s what we did:

1. Disable root access
Completely disable root login access from remote. Period. Open /etc/ssh/sshd_config and add/remove comment from this line:

# vi /etc/ssh/sshd_config

PermitRootLogin no

2. Login only through non-root user
Create non-root user and create public/private key pair for it:

$ adduser loginu

login to ‘loginu’ user created above, or if you are in root, just su:

# su loginu
$ ssh-keygen -t dsa

Enter details while generating keys, enter good passphares and always remember it. Now you can go ahead and disable password based access completely so user can only login by using keys but this may be too restrictive or problematic for them if they forget passphares etc. if you want to go ahead, make sure these statements are there in /etc/ssh/sshd_config file:

$ exit
# vi /etc/ssh/sshd_config

PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

copy the key you created earlier (there should be two files in ~loginu/.ssh/ directory: id_dsa, id_dsa.pub. so copy id_dsa) to your pc so from next time you can use this key to login into the server.

Just make sure you are able to login through ‘loginu’ user before applying these ssh settings. Jump to terminal in your pc and try to login with key:

$ ssh -i id_dsa loginu@your.server.ip

It will ask for passpahres and after supplying it you should be able to login into the server. Please make note that this is very confidential key and store it in good place/directory. Alternatively you can also generate keys in your own pc and store them at server to facilitate login. But if you want flexibility to have only one key (like carry it in your usb stick) and be able to login with it, I found this approach good to use server keys instead of pc keys.

3. (Optional) Restrict login by IPs
Now come back in server. You can further strengthen security by allowing only select IPs to log in:

# vi /etc/ssh/sshd_config

AllowUsers loginu@aa.aa.aa.aa loginu@bb.bb.bb.bb loginu@cc.cc.cc.cc

Here replace aa/bb/cc with actual IP addresses from where you want to allow access.

Going ahead, optionally, You can also change port for ssh from default 22 to other by using this guide but as I think we are only allowing access through keys and from select remote places only, this you may skip.

Reload sshd daemon to apply settings which you have set in /etc/ssh/sshd_config by:

# service sshd reload

Without closing current login session, try to login again from other terminal to check you are able to login into the server.

4. Secure other servers
As mentioned earlier, I preferred to treat first 2 server as ‘login’ server in which we can login from anywhere using user ‘loginu’ with key and then can login to other servers. So effectively other servers would not allow direct access from remote. Jump to server 3-6 and set following:

# vi /etc/ssh/sshd_config

AllowUsers loginu@aa.aa.aa.aa root@aa.aa.aa.aa loginu@bb.bb.bb. root@bb.bb.bb.bb

here aa.aa/bb.bb indicates IP address of server #1 and #2 (login servers). So in this (#3) server we can login from those server(s) only. After making changes, reload ssh daemon to apply settings in all of these servers:

# service sshd reload

5. Other services
I suggested to disable every service that we don’t need in servers. That’s the best approach to secure them . These servers has role of web servers and rsync process is there to sync files. In that case, created another non-root user:

# adduser rsyncuser

generate keys (you can generate passphares less keys) for this user as well. Create same user in all other servers and put first server’s (from where rsync initiate) keys in them. Dont allow this user to login from remote but only from server where rsync initiate. I’ve documented rsync process here, if you want to go ahead and configure it. Similarly, if you need services like FTP then allow this only from selected IP address (by configuring /etc/hosts.allow) or firewall etc.

6. Configure DenyHosts
To further prevent attacks and block any IP address from which several failed login attempt originated, you should configure DenyHosts script ( I have documented howto on DenyHosts here) or equivalent.

Other Most Read Articles:
* Top 5 Linux commands for Administrators.
* Install and configure Munin/Monitor for monitoring.
* Change time zone in your Linux machine quickly.
* Detect directory changes in Linux.
* Script to backup essential log files.

Task: Two most important log files in any Redhat based distro is /var/log/secure and /var/log/messages. These are basic log files and there are more log files when your server perform additional roles such as a database server, web server, mail server etc. You can look log files of other installed softwares also and add them in this script to backup them. I have a separate backup server where I want to transfer my log files after compressing them. You can transfer them in some location in case you dont have a separate backup host or environment.

#!/bin/bash
 
##
## hostlogBackup.sh: perform backup of essential log files. Developed by Jagbir Singh (contact AT jagbir DOT info)
## You are free to use or distribute it in whatever means but I'll be happy if you send me a copy of updated one. 
##
 
## create some varibales
 
yesterDate=`date -d "-1 day" +%d-%b-%g`  ## yesterday's date
toDay=`date +%u`;   ## day of week in numeric
bakServer="backup-user@server-ip" ## backup server address user@hostname, use directory name if backup in same host 
bakHost="$bakServer:/backup/host/firsthost" ## specify directory where log files will be copied
bakHostDaily="$bakHost/daily/" ## directory for daily backup files
 
cd /var/log ## change directory where important log file resides 
 
# compress messages log file
`cp messages messages-log`
`/bin/tar czf messages_$toDay.tgz messages-log`
 
# compress secure log file
`cp secure secure-log`
`/bin/tar czf secure_$toDay.tgz secure-log`
 
# compress mysqld log file. comment following 2 lines if you are not using mysql
`cp mysqld.log mysqld-log`
`/bin/tar czf mysqld_$toDay.tgz mysqld-log`
 
# compress apache log files. uncomment if your server runs apache service. 
#`cp httpd/access_log ./access-log`
#`cp httpd/error_log ./error-log`
#`/bin/tar czf httpd_$toDay.tgz access-log error-log`
 
 
#copy all compressed files to backup server, you must set secure authentication for password less scp, else you have to enter password
`/usr/bin/scp *_$toDay.tgz $bakHostDaily`
 
#remove all temp files
`rm -f *-log`
`rm -f *_$toDay.tgz`
 
# Apart from daily, Take a weekly backup on Monday for files which get rotated on weekly basis. 
if [ $toDay == "1" ]; then 
 
		# take backup of messages log file
        if [ -f messages.1 ]; then
                `/bin/tar  czf message_$yesterDate.tgz messages.1`
                `/usr/bin/scp message_$yesterDate.tgz $bakHost`
                `rm -f message_$yesterDate.tgz`
        fi
 
		# take backup of secure log file
        if [ -f secure.1 ]; then
                `/bin/tar  czf secure_$yesterDate.tgz secure.1`
                `/usr/bin/scp secure_$yesterDate.tgz $bakHost`
                `rm -f secure_$yesterDate.tgz`
 
        fi
fi

Again I’m stressing on point that this is a very basic script and doesn’t handle any unforeseen situations like file doesn’t exist or what happens if compression or copying to other server fails etc. You have to do it yourself.

The point of taking backup on weekly basis is that the file combines week log in a single file which is easy to retain. Daily backup files here get overwritten but I want to retain weekly files for longer duration.

Now you should run this script on daily basis through cron at around 4:30am. why 4:30? because the syslog service normally runs at 4:03am daily to rotate log files and you should copy the rotated file if needed.

$crontab -l 
# backup logs to backup server daily
30 4 * * * /bin/bash /root/logBackup/hostlogBackup.sh

That’s all we need to do. Let me know your views about it.