I'm beginning to think Linux Really!: July 2013

Thursday, July 11, 2013

Tomcat start up script.

1.Ensure there is tomcat user and it has read, write permission to the $CATALINA_HOME/conf and $CATALINA_HOME/logs directories.

2. Also make sure that you have set $JAVA_HOME.

3. Ensure that the tomcat processes are ran by the tomcat user.

4. Save the following scripts as /etc/init.d/tomcat. They will automatically be read and run at boot time.

Check the log files if it does not start properly.

Make a soft link to it from /etc/rc5.d such as:

cd /etc/rc5.d
sudo ln -s /etc//init.d/tomcat S71tomcat

/etc/init.d/tomcat

#!/bin/bash
#
# tomcat
#
# chkconfig:
# description: Start up the Tomcat servlet engine.

# Source function library.
. /etc/init.d/functions

RETVAL=$?
CATALINA_HOME="/usr/local/tomcat/"

case "$1" in
start)
if [ -f $CATALINA_HOME/bin/startup.sh ];
then
echo $"Starting Tomcat"
/bin/su tomcat $CATALINA_HOME/bin/startup.sh
fi
;;
stop)
if [ -f $CATALINA_HOME/bin/shutdown.sh ];
then
echo $"Stopping Tomcat"
/bin/su tomcat $CATALINA_HOME/bin/shutdown.sh
fi
;;
*)
echo $"Usage: $0 {start|stop}"
exit 1
;;
esac

exit $RETVAL

Inspired from http://www.raibledesigns.com/

Monday, July 8, 2013

Apache - Tomcat installation in Linux

[root@machine1 ~]# echo $JAVA_HOME
/usr/local/jdk1.7.0_17

[root@machine1 ~]# wget http://apache.spinellicreations.com/tomcat/tomcat-7/v7.0.41/src/apache-tomcat-7.0.41-src.tar.gz
--2013-07-06 22:43:04-- http://apache.spinellicreations.com/tomcat/tomcat-7/v7.0.41/src/apache-tomcat-7.0.41-src.tar.gz
Resolving apache.spinellicreations.com... 72.88.94.11
Connecting to apache.spinellicreations.com|72.88.94.11|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4407748 (4.2M) [application/x-gzip]
Saving to: “apache-tomcat-7.0.41-src.tar.gz”

100%[====================================================================>] 4,407,748 698K/s in 12s

2013-07-06 22:43:24 (356 KB/s) - “apache-tomcat-7.0.41-src.tar.gz” saved [4407748/4407748]

[root@machine1 ~]# tar -zxvf apache-tomcat-7.0.41-src.tar.gz

[root@machine1 ~]# mv apache-tomcat-7.0.41-src /usr/local/

[root@machine1 ~]# cd /usr/local/

create symbolic link in the name tomcat

[root@machine1 local]# ln -s /usr/local/apache-tomcat-7.0.41-src ./tomcat

Run the following command and add it in .bash_profile.

[root@machine1 local]# export CATALINA_HOME=/usr/local/tomcat

[root@machine1 local]# cd

[root@machine1 ~]# vi .bash_profile
# User specific environment and startup programs

export JAVA_HOME=/usr/local/jdk1.7.0_17

PATH=/usr/local/jdk1.7.0_17/bin:$PATH:$HOME/bin

export JAVA_HOME
export CATALINA_HOME=/usr/local/tomcat
export PATH

save and exit

esnure that you also exported java path.

[root@machine1 ~]# $CATALINA_HOME/bin/startup.sh
-bash: /usr/local/tomcat/bin/startup.sh: Permission denied
cd /usr/local/tomcat/bin
chmod 700 *.sh

[root@machine1 bin]# /usr/local/tomcat/bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk1.7.0_17
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
touch: cannot touch `/usr/local/tomcat/logs/catalina.out': No such file or directory
/usr/local/tomcat/bin/catalina.sh: line 387: /usr/local/tomcat/logs/catalina.out: No such file or directory

[root@machine1 bin]# mkdir /usr/local/tomcat/logs

The problem is that the archive manager didn't create the empty logs folder, even though it was listed in the tar file. I guess it doesn't think empty directories are important. Anyway, just create a logs folder inside the tomcat folder:

mkdir /usr/local/tomcat/logs

Tomcat should startup now. Another option would be to simply use the command line tools to extract the archive.
[root@machine1 bin]# export CATALINA_BASE=/usr/local/tomcat/

[root@machine1 bin]# /usr/local/tomcat/bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat/
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat//temp
Using JRE_HOME: /usr/local/jdk1.7.0_17
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

Using CLASSPATH: /usr/local/apache-tomcat-6.0.36/bin/bootstrap.jar

[root@machine1 bin]# /etc/init.d/tomcat start
Starting Tomcat
Using CATALINA_BASE: /usr/local/tomcat/
Using CATALINA_HOME: /usr/local/tomcat/
Using CATALINA_TMPDIR: /usr/local/tomcat//temp
Using JRE_HOME: /usr/local/jdk1.7.0_17
Using CLASSPATH: /usr/local/tomcat//bin/bootstrap.jar

[root@machine1 bin]# /etc/init.d/tomcat stop
Stopping Tomcat
Using CATALINA_BASE: /usr/local/tomcat/
Using CATALINA_HOME: /usr/local/tomcat/
Using CATALINA_TMPDIR: /usr/local/tomcat//temp
Using JRE_HOME: /usr/local/jdk1.7.0_17
Using CLASSPATH: /usr/local/tomcat//bin/bootstrap.jar

[root@machine1 bin]# cat /etc/sysconfig/tomcat
JAVA_HOME="/usr/local/jdk1.7.0_17"
CATALINA_HOME="/usr/local/tomcat"
CATALINA_BASE="/usr/local/tomcat"
You have new mail in /var/spool/mail/root

add the script in /etc/init.d/tomcat

chmod 755 /etc/init.d/tomcat
chkconfig --add tomcat
chkconfig --list tomcat

Type localhost:8080 or your ip address:8080 in your browser to view

Java Installation in linux.

Check 32 or 64 bit using the below command and download the source accordingly.

[root@machine1 gdp]# getconf LONG_BIT
32
[root@machine1 gdp]# wget jdk-7u17-linux-i586.tar.gz

We can download the java software from oracle website

[root@machine1 gdp]# tar -zxvf jdk-7u17-linux-i586.tar.gz

Edit your .bash_profile and add the path so that it will automatically load when the machine starts.
.bash_profile

export JAVA_HOME=/usr/local/gdp/jdk1.7.0_17
export PATH=$PATH:$JAVA_HOME/bin
export PATH

[root@machine1 ~]# /usr/local/gdp/jdk1.7.0_17/bin/java -version
java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) Server VM (build 23.7-b01, mixed mode)

[root@machine1 ~]# source .bash_profile
You have new mail in /var/spool/mail/root

[root@machine1 ~]# java -version
java version "1.7.0_19"
OpenJDK Runtime Environment (rhel-2.3.9.1.el5_9-i386)
OpenJDK Server VM (build 23.7-b01, mixed mode)

Wednesday, July 3, 2013

Mysql hardening in Linux.

1. Disable or restrict remote access

Consider whether MySQL will be accessed from the network or only from its own server.

If remote access is used, ensure that only defined hosts can access the server. This is typically done through TCP wrappers, iptables, or any other firewall software or hardware available on the market.

To restrict MySQL from opening a network socket, the following parameter should be added in the [mysqld] section of my.cnf or my.ini:

skip-networking

The file is located in the "/etc/my.cnf" or "/etc/mysql/my.cnf" on Linux.

This line disables the initiation of networking during MySQL startup. Please note that a local connection can still be established to the MySQL server.

Another possible solution is to force MySQL to listen only to the localhost by adding the following line in the [mysqld] section of my.cnf

bind-address=127.0.0.1

You may not be willing to disable network access to your database server if users in your organization connect to the server from their machines or the web server installed on a different machine. In that case, the following restrictive grant syntax should be considered:

mysql> GRANT SELECT, INSERT ON mydb.* TO 'someuser'@'somehost';

2. Disable the use of LOCAL INFILE

The next change is to disable the use of the "LOAD DATA LOCAL INFILE" command, which will help to prevent unauthorized reading from local files. This is especially important when new SQL Injection vulnerabilities in PHP applications are found.

In addition, in certain cases, the "LOCAL INFILE" command can be used to gain access to other files on the operating system, for instance "/etc/passwd", using the following command:

mysql> LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE table1

Or even simpler:

mysql> SELECT load_file("/etc/passwd")

To disable the usage of the "LOCAL INFILE" command, the following parameter should be added in the [mysqld] section of the MySQL configuration file.

set-variable=local-infile=0

3. Change root username and password

The default administrator username on the MySQL server is "root". Hackers often attempt to gain access to its permissions. To make this task harder, rename "root" to something else and provide it with a long, complex alphanumeric password.

To rename the administrator’s username, use the rename command in the MySQL console:

mysql> RENAME USER root TO new_user;

The MySQL "RENAME USER" command first appeared in MySQL version 5.0.2. If you use an older version of MySQL, you can use other commands to rename a user:

mysql> use mysql;
mysql> update user set user="new_user" where user="root";
mysql> flush privileges;

To change a user’s password, use the following command-line command:

mysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpass');

It is also possible to change the password using the "mysqladmin" utility:

shell> mysqladmin -u username -p password newpass

4. Remove the "test" database

MySQL comes with a "test" database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks.

To remove this database, use the drop command as follows:

mysql> drop database test;

Or use the "mysqladmin" command:

shell> mysqladmin -u username -p drop test

5. Remove Anonymous and obsolete accounts

The MySQL database comes with some anonymous users with blank passwords. As a result, anyone can connect to the database To check whether this is the case, do the following:

mysql> select * from mysql.user where user="";

In a secure system, no lines should be echoed back. Another way to do the same:

mysql> SHOW GRANTS FOR ''@'localhost';
mysql> SHOW GRANTS FOR ''@'myhost';

If the grants exist, then anybody can access the database and at least use the default database "test". Check this with:

shell> mysql -u blablabla

To remove the account, execute the following command:

mysql> DROP USER "";

The MySQL "DROP USER" command is supported starting with MySQL version 5.0. If you use an older version of MySQL, you can remove the account as follows:

mysql> use mysql;
mysql> DELETE FROM user WHERE user="";
mysql> flush privileges;

6. Lower system privileges

A very common database security recommendation is to lower the permissions given to various parties. MySQL is no different. Typically, when developers work, they use the system's maximum permission and give less consideration to permission principles than we might expect. This practice can expose the database to significant risk.

* Any new MySQL 5.x installation already installed using the correct security measures.

To protect your database, make sure that the file directory in which the MySQL database is actually stored is owned by the user "mysql" and the group "mysql".

shell>ls -l /var/lib/mysql

In addition, ensure that only the user "mysql" and "root" have access to the directory /var/lib/mysql.

The mysql binaries, which reside under the /usr/bin/ directory, should be owned by "root" or the specific system "mysql" user. Other users should not have write access to these files.

shell>ls -l /usr/bin/my*

7. Lower database privileges

Operating system permissions were fixed in the preceding section. Now let’s talk about database permissions. In most cases, there is an administrator user (the renamed "root") and one or more actual users who coexist in the database. Usually, the "root" has nothing to do with the data in the database; instead, it is used to maintain the server and its tables, to give and revoke permissions, etc.

On the other hand, some user ids are used to access the data, such as the user id assigned to the web server to execute "select\update\insert\delete" queries and to execute stored procedures. In most cases, no other users are necessary; however, only you, as a system administrator can really know your application’s needs.

Only administrator accounts need to be granted the SUPER / PROCESS /FILE privileges and access to the mysql database. Usually, it is a good idea to lower the administrator’s permissions for accessing the data.

Review the privileges of the rest of the users and ensure that these are set appropriately. This can be done using the following steps.

mysql> use mysql;

[Identify users]

mysql> select * from users;

[List grants of all users]

mysql> show grants for ‘root’@’localhost’;

The above statement has to be executed for each user ! Note that only users who really need root privileges should be granted them.

Another interesting privilege is "SHOW DATABASES". By default, the command can be used by everyone having access to the MySQL prompt. They can use it to gather information (e.g., getting database names) before attacking the database by, for instance, stealing the data. To prevent this, it is recommended that you follow the procedures described below.

Add " --skip-show-database" to the startup script of MySQL or add it to the MySQL configuration file
Grant the SHOW DATABASES privilege only to the users you want to use this command
To disable the usage of the "SHOW DATABASES" command, the following parameter should be added in the [mysqld] section of the /etc/my.cnf:

[mysqld]
skip-show-database

8. Enable Logging

If your database server does not execute many queries, it is recommended that you enable transaction logging, by adding the following line to [mysqld] section of the /etc/my.cnf file:

[mysqld]
log =/var/log/mylogfile

This is not recommended for heavy production MySQL servers because it causes high overhead on the server.

In addition, verify that only the "root" and "mysql" ids have access to these logfiles (at least write access).

Error log

Ensure only "root" and "mysql" have access to the logfile "hostname.err". The file is stored in the mysql data directory. This file contains very sensitive information such as passwords, addresses, table names, stored procedure names and code parts. It can be used for information gathering, and in some cases, can provide the attacker with the information needed to exploit the database, the machine on which the database is installed, or the data inside it.

MySQL log

Ensure only "root" and "mysql" have access to the logfile "*logfileXY". The file is stored in the mysql data directory.

9. Change the root directory

A chroot on Linux operating systems is an operation that changes the apparent disk root directory for the current running process and its children. A program that is re-rooted to another directory cannot access or name files outside that directory, and the directory is called a "chroot jail" or (less commonly) a "chroot prison".

By using the chroot environment, the write access of the MYSQL processes (and child processes) can be limited, increasing the security of the server.

Ensure that a dedicated directory exists for the chrooted environment. This should be something like: /chroot/mysql In addition, to make the use of the database administrative tools convenient, the following parameter should be changed in the [client] section of MySQL configuration file:

[client]
socket = /chroot/mysql/tmp/mysql.sock

Thanks to that line of code, there will be no need to supply the mysql, mysqladmin, mysqldump etc. commands with the --socket=/chroot/mysql/tmp/mysql.sock parameter every time these tools are run.

10. Remove History

During the installation procedures, there is a lot of sensitive information that can assist an intruder to assault a database. This information is stored in the server’s history and can be very helpful if something goes wrong during the installation. By analyzing the history files, administrators can figure out what has gone wrong and probably fix things up. However, these files are not needed after installation is complete.

We should remove the content of the MySQL history file (~/.mysql_history), where all executed SQL commands are stored (especially passwords, which are stored as plain text):

cat /dev/null > ~/.mysql_history

or mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] n
... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

/usr/bin/ld: cannot find -lpython2.7

/usr/bin/ld: cannot find -lpython2.7
collect2: ld returned 1 exit status

[root@server1 lib]# ln -s /usr/local/python2.7.3/lib/python2.7/config/libpython2.7.a .

[root@server1 lib]# pwd
/usr/lib
rwxrwxrwx 1 root root 58 Jun 27 11:55 libpython2.7.a -> /usr/local/python2.7.3/lib/python2.7/config/libpython2.7.a

NTP error - ntpd dead but pid file exists

[root@server1~]# ntpq -np
ntpq: read: Connection refused

[root@server1 ~]# /etc/init.d/ntpd status
ntpd dead but pid file exists

[root@server1~]# cat /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=no

# Additional options for ntpdate
NTPDATE_OPTIONS=""

Edit the configuration file and change the contents like below
[root@server1 ~]# vi /etc/sysconfig/ntpd

[root@server1~]# cat /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
#OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=no

# Additional options for ntpdate
NTPDATE_OPTIONS=""

etc/init.d/ntpd restart
Shutting down ntpd: [FAILED]
Starting ntpd: [ OK ]
[root@server1 ~]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd:

[root@server1~]# ntpdate -u pool.ntp.org
13 Jun 09:16:22 ntpdate[24783]: adjust time server 69.167.160.102 offset -0.064985 sec

[root@server1 ~]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@server1 ~]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
72.14.183.239 216.218.254.202 2 u 3 64 1 0.001 -38.576 0.001
72.14.183.39 164.244.221.197 2 u 2 64 1 0.001 -37.146 0.001
65.49.70.244 127.67.113.92 2 u 1 64 1 0.001 2.791 0.001
127.127.1.0 .LOCL. 10 l - 64 1 0.000 0.000 0.001

Tuesday, July 2, 2013

NTP synchronization in linux

NTP time synchronization failed

[root@server1 ~]# /etc/init.d/ntpd status
ntpd (pid 32243) is running...

[root@server1 ~]# chkconfig --list ntpd
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server1 ~]# ntpdc
ntpdc> loopinfo
offset: 0.000000 s
frequency: -497.501 ppm
poll adjust: 30
watchdog timer: 13 s
ntpdc> exit

System peer seems to be local ntp didnot sync with the ntp server.

[root@server1 ~]# ntpdc -c sysinfo
system peer: LOCAL(0)
system peer mode: client
leap indicator: 00
stratum: 11
precision: -20
root distance: 0.00000 s
root dispersion: 0.01141 s
reference ID: [127.127.1.0]
reference time: d563fabb.55ff4a47 Thu, Jun 13 2013 9:00:59.335
system flags: auth monitor ntp kernel stats
jitter: 0.000000 s
stability: 0.000 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s

[root@server1 ~]# grep server /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
server 107.22.5.68
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcast 224.0.1.1 key 42 # multicast server
#manycastserver 239.255.254.254 # manycast server
server 127.127.1.0 # local clock

Edit the configuration file and change the contents like below

[root@server1 ~]# vi /etc/ntp.conf
You have new mail in /var/spool/mail/root

[root@server1 ~]# grep server /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
#server 107.22.5.68
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcast 224.0.1.1 key 42 # multicast server
#manycastserver 239.255.254.254 # manycast server
server 127.127.1.0 # local clock

[root@server1 ~]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]

[root@server1 ~]# ntpdate -u pool.ntp.org
13 Jun 09:05:34 ntpdate[20593]: adjust time server 128.113.28.67 offset -0.089041 sec

[root@server1 ~]# ntpdate -b pool.ntp.org
13 Jun 09:05:42 ntpdate[20600]: the NTP socket is in use, exiting

Synced only to the LOCAL

[root@server1 ~]# grep ntp /var/log/messages
Jun 13 09:06:03 server1 ntpd[20516]: synchronized to LOCAL(0), stratum 10
Jun 13 09:06:03 server1 ntpd[20516]: kernel time sync enabled 0001

[root@server1 ~]#

[root@server1 ~]# ntpdc
ntpdc> loopinfo
offset: 0.000000 s
frequency: -497.501 ppm
poll adjust: 6
watchdog timer: 37 s
ntpdc> loopinfo
offset: 0.000000 s
frequency: -497.501 ppm
poll adjust: 6
watchdog timer: 42 s
ntpdc> loopinfo
offset: 0.000000 s
frequency: -497.501 ppm
poll adjust: 6
watchdog timer: 45 s
ntpdc> loopinfo
offset: 0.000000 s
frequency: -497.501 ppm
poll adjust: 6
watchdog timer: 46 s
ntpdc> exit

Check the port 123 is opened . Since port 123 is a UDP , you can check it with nc command.

nc -zu destination ip 123

Here the * shows , it is now synced to the ntp server

[root@server1 ~]# ntpq

ntpq> pe

     remote           refid      st t when poll reach   delay   offset jitter

==============================================================================

lasvegas-nv-dat 72.8.140.240     3 u 11h 1024    0 140.810   -1.350   0.000

38.117.195.101 .STEP.          16 u 505d 1024    0    0.000    0.000   0.000

*bindcat.fhsu.ed 128.138.140.44   2 u 361 1024 377 107.537    0.016   0.296

LOCAL(0)        .LOCL.          10 l    1   64 377    0.000    0.000   0.001

ntpq> as

ind assID status conf reach auth condition last_event cnt

===========================================================

1 25892 8053   yes   yes none    reject lost reach 5

2 25893 8063   yes   yes none    reject lost reach 6

3 25894 96f4   yes   yes none sys.peer   reachable 15

4 25895 9044   yes   yes none    reject   reachable 4

ntpq> rv

assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg,

version="ntpd 4.2.2p1@1.1570-o Sat Dec 19 00:56:13 UTC 2009 (1)",

processor="x86_64", system="Linux/2.6.18-238.19.1.el5", leap=00,

stratum=3, precision=-20, rootdelay=131.707, rootdispersion=39.163,

peer=25894, refid=25.201.113.150,

reftime=d5814694.df62076d Fri, Jul 5 2013 14:20:20.872, poll=10,

clock=d581480a.30d80bc0 Fri, Jul 5 2013 14:26:34.190, state=4,

offset=0.016, frequency=-50.345, jitter=0.296, noise=0.309,

stability=0.001, tai=0

Check the status of it using the below command.

[root@ server1~]# ntpstat

synchronised to NTP server (25.201.113.150) at stratum 3

   time correct to within 39 ms

   polling server every 1024 s

Now it is synced to the ntp server.

How to check HBA card cable status

How to check HBA card cable status

In certain situation we need to check if the SAN cable is connected to the HBA card on the Linux servers. To view the status of SAN cable, use the following command on Linux.
[tester@server5 ~]$ sudo systool -c scsi_host -v | grep state
state = "running"
fw_state = "0x3 0x4 0x0 0x0 0x0"
state = "Link Up - F_Port"
fw_state = "0x3 0x4 0x0 0x0 0x0"
state = "Link Up - F_Port"
state = "running"
state = "running"
state = "running"
state = "running"

I'm beginning to think Linux Really!