Saturday, April 30, 2011

BACKUP



                                 BackUp

Command “tar” : It converts multiple files in a single file. [ file's extension is .tar ]

Options : We can check the options of this command by typing
# man tar
the main options are as follows :

a) -c : To create a back up.
b) -x : To restore back up.
c)-A : To concatenate. i.e. to add one tar file in another tar file.
d)-d : To compare the backup and the original directory whose backup is taken.
e)- -delete : To delete a file from tar file.
f)-r : To append a file at the end of tar file.
g)-t : To see contents of tar file.
h)-u : To update. Only new files in added to the tar file.

To check how commands work just create a “/backup” directory.
To take Back Up : run the below command,
# tar -cf /backup/backup1.tar /p1

Here, the back up of “/p1” directory is taken in file backup1.tar and stored at    “/backup” folder.

Now to see contents of “backup1.tar” file give command,
# tar -tf /backup/backup1.tar

Create new files in /p1 : To update backup, give command
# tar -uf /backup/backup1.tar /p1

Here only new files from /p1 are added to backup1.tar file.
To check new contents of tar file give same command,
# tar -tf /backup/backup1.tar

Now Take backup of another directory :
# tar -cf   /backup/backup2.tar    /abc

Now we add backup2.tar to backup1.tar :
# tar -Af /backup/backup1.tar /backup/backup2.tar

To see the contents :
# tar -tf /backup/backup1.tar

To Restore Backup : Give command,
# tar -xvf /backup/backup1.tar

If you don't want certain directories backup say “temp” then you can give command like,
# tar -cf /backup/newbackup.tar /p1 --exclude temp
where “temp” Is within “p1”.

If you don't want backup of certain files in a directory then just mention the names of these files in a new file and give path of that new file.
i.e. if we don't want files a1, a2, a3 then add these names in a new file say “abc”
# vim abc
a1 a2 a3
# tar -cf /backup/newbackup.tar /p1 -X abc

To convert backup in “.zip” format :
# tar -cvzf /backup/backup3.tar.gz /p1

To extract this backup :
# tar -xvzf /backup/backup3.tar.gz






Tuesday, April 12, 2011

Automated Tasks


                                             Automated Tasks

1] CRON :- It is a daemon to execute scheduled commands.
If we are having a script /home/sample.sh and we want to run it after every 2 minutes then,
There is a file in '/etc/crontab' Edit it and write there as,

*/2 * * * * sh /home/sample.sh

save and exit

Here

*/2 * * * * * command to be executed
-     - - -  - -
|     | | |  | |
|     | | |  |+- Year (optional)
|     | | | +----- day of week (0 - 6) (Sunday=0)
|     | | +---------- month (1 - 12)
|     | +--------------- day of month (1 - 31)
|    +-------------------- hour (0 - 23)
+------------------------- min (0 – 59)

Thus the script /home/sample.sh runs after every 2 minutes


If you want to run cron job by specific users then make a new file '/etc/cron.allow' and insert user names in it, those users which are allowed to set cron.
If user runs a cron jon then in “/var/spool/cron” directory there is a new file created by that users name. We can edit that file by “crontab” command.

i.e. $ crontab -e

to see scheduled cron, $ crontab -l
To restart service,
# service crond restart

To delete a job,

$ crontab -R (job no.)


                                       “at” Command

               This command Schedules other command (or job) to be ran at a particular time, such as a print job late at night.

“atq” : lists the user's pending jobs, unless the user is the superuser; in that case, everybody's jobs are listed. The format of the output lines (one for each job) is: Job number, date, hour, job class.

“atrm” : deletes jobs, identified by their job number.

You can check the other parameters for the command “at” by entering:
$ man at

Example :
 
$ at -m 02:50 < newatjob :  Run the commands listed in the 'newatjob' file at 2:50AM, in addition all output that is generated from job mail to the user running the task. When this command has been successfully enter you should receive a prompt similar to the below example.

                                    “batch” COMMAND
                   This command executes the other commands when system load levels permit; in other words, when the load average drops below 1.5, or the value specified in the invocation of atrun. It is similar to “at” in other respects.

Thursday, March 31, 2011

RPM and QUOTA MANAGEMENT


                       RPM [ Red Hat Package Manager ]
To check options for command “rpm”
$ man rpm

To Remove a Package :-

$ rpm -e (package name)

To Install RPM :-

$ rpm -ivh (package name)

To check whether Package is Already Installed or not :-

$ rpm -qa |grep (Package name)


                        Quota Management

1] Quota is applied on Partition basis
2] Quota is applied on user basis
3] Quota is applied on group basis

a) Edit /etc/fstab file
b) In the 'mount' command of a specified partition after defaults, type usrquota or grpquota or both.
e.g. /dev/hdc3 /data ext3 defaults,usrquota,grpquota 0 0

c) Run the 'quotacheck -a' command :- this will create 'aquota.user & aquota.grp' files on the partitions, where the quota is applied.
d) To specify user quota run 'edquota' command

Create Partition on Disk :-

$ fdisk -l
$ fdisk /dev/sda2
        press 'm' for help
        press 'n' To create new Partition
        Enter last cylinder size :
        press 'w' write table to disk and exit
        press 'q' quit

After that restart your machine [ If you dont want to restart machine give command  “$ partprobe /dev/sda2”]

Then Format that partitions

$ mke2fs -j /dev/sda2

Then edit “/etc/fstab” file
/dev/sda2 /abc auto defaults,usrquota,grpquota 0 0

Save and Exit

Then mount that partition, for that

$ mkdir /test
$ mount /dev/sda2 /test


Then come to root and give command,

$ quotacheck -a

Then goto “/test” directory. There is a new file created 'aquota.usr'

Then give,
$ edquota -u (user name)
i.e.
$ edquota -u user2


give this command in '/test' directory.

Here, the terms are,

Soft limits :- Warning period 2-3 days to delete data.
Hard Limit :- Above this limit user is not allowed to store data.
inodes :- Restriction on making files & directories. It has also soft & hard limit.
Blocks :- The limit upto which user can create data [e.g. 100Mb, 500Mb etc.]
i.e. Edit /etc/fstab
File System    Blocks    Soft     Hard    inodes    Soft     Hard
/dev/sda2          0           10        20          0             0         0

save & exit

For other user, $ edquota -u user2

To ON quota :-
$ quotaon /dev/sda2

Then login using user2 & try to make files or directories in /test directory. He can not make more files or directories.

After giving command '$ quotaon /dev/sda2' 'aquota.group' file is created in /test directory.

Some more Commands :-

$ man repquota

To OFF quota :      $ quotaoff /dev/sda2
To Check quota :   $ quotacheck -auvg

Thursday, December 9, 2010

Firewall in LINUX

                      FIREWALL IN LINUX

              Firewall is a security gate to our network, It decides to whom to give access to our data and to whom should it restricts. Linux firewall uses Ip address for packet filtering.
There are 2 types in Linux Firewall :
1) Ip tables: Recently used firewall
2) Ip chains: It was used earlier.

There are 3 types of packets :.

a) Input Packet
b) Output Packet
c)Forward through Packet

 
On the basis of packets there are 3 types of rules,
a) Input Rule
b) Output Rule
c)Forward Rule

 
Iptables contains Tables and in every table there is a grouping of Ipchains. Every rule is having specific number. New rule goes to new line. We can add, delete, modify the Rules.

Ip tables command is as follows -
# iptables -t table option pattern -j target
the -t table option tells which table to use.

3 basic tables are available -
1) Filter
2) Nat
3) Mangle

 
Nat table supports network address translation.
Filter table allows to block or allow special types of network traffic.

Setting up Ip Masquerading :
it allows you to hide the ip address of the computer on your LAN.

Give command :
# iptables -L

It will show -

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


If you want to stop ping to your machine from other computer add rule as :
# iptables -A INPUT -S other_machines_IP -p icmp --icmp-type echo-request -j REJECT

here -A = is to append chain
-S = source address
-p = protocol
-j = action to be taken

Now give command, # iptables -L
you can see your settings in a tabular form.

For dropping First Rule :
 
# iptables -R INPUT 1 -s other_machines_IP -p icmp --icmp-type echo-request -j DROP

# iptables -L
you will get the changes made.

To delete Rules :
 
# iptables -D (chain_name) (Rule_number)
i.e. # iptables -D INPUT 1

To delete all Rules :
 
# iptables -F (chain_name)

If you want to get Ping from only 172.16.0.240 machine and no other then write rule as :
# iptables -A INPUT -s ! 172.16.0.240 -p icmp --icmp-type echo-request -j REJECT

To allow FTP on 172.16.0.241 the Rule is :
# iptables -A INPUT -s 172.16.0.241 -p tcp --dport 20 -j ACCEPT
 
or you can allow port 21 also for FTP. Port 20 and 21 are used for FTP

To block 172.16.0.240 for FTP access the Rule should be :

# iptables -A INPUT -s 172.16.0.240 -p tcp --dport 20 -j DROP
You can check the changes :
# iptables -L
 
For FTP if you block single port then you can login using FTP but cannot access files. If you dont want to get login also then block both the ports.

If you restart your machine then that rules are no more there if you want to save them then give command :

# service iptables save

Rules gets saved in “/etc/sysconfig/iptables” file
You can add or delete rules directly in this file also.

To allow proxy from 172.16.0.240 write rule as,
# iptables -A INPUT -s 172.16.0.240 -p tcp --dport 3128 -j ACCEPT

and to block it on 172.16.0.241 ,
# iptables -A INPUT -s 172.16.0.241 -p tcp --dport 3128 -j DROP
# iptables -L



To Replace Rules :
 
# iptables -R (chain_name) (Rule_number) (New_Rule)
e.g. To replace rule no. 6 and allow squid from 172.16.0.241 we can write as,

# iptables -R INPUT 6 -s 172.16.0.241 -p tcp --dport 3128 -j ACCEPT

# iptables -L
 
To stop Iptables service :

# service iptables stop
To start service :

# service iptables start

To make new Table :
we can not create new tables. By default there are 3 tables: Filter, Nat & Mangle

To create new chain :
iptables -N (new_chain_name)
# iptables -N FTP1

1) Allow ftp to 172.16.0.241
# iptables -A FTP1 -s 172.16.0.241 -p tcp -dport 20 -j ACCEPT
 
2) To deny FTP to 172.16.0.240
# iptables -A FTP1 -s 172.16.0.240 -p tcp -dport 20 -j DROP
# iptables -A FTP1 -s 172.16.0.240 -p tcp -dport 21 -j DROP
# iptables -L

Thursday, December 2, 2010

Apache Web Server

                               Apache Web Server

This server was earlier released by name as 'httpd'. When it was made free various people added patches to it Hence it was named as ' A Patchy Server' , later it became apache web server. But the name of service remained same i.e. 'httpd'.

First check that the package is installed on your system for that:

# rpm -qa |grep httpd*

if package is there on your system then check for file '/etc/httpd/httpd.conf '
Edit that file :
# vim /etc/httpd/httpd.conf

This file is divided into 3 sections :
                             Section I

1) ServerTokens OS
it shows information of OS only when server utility is made ON.
2) ServerRoot “/etc/httpd”
This directory contains server's configuration file and log file.
3) ScoreBoardFile run/httpd.scoreboard
when httpd service made ON various processes gets started, these processes are stored in memory. We can make enable this option and take these processes on hard disk.
4) PidFile run/httpd.pid
The information of services (processes) which are started by httpd daemon is stored in this file using the process id.
5) Timeout 300
if the request from client doesnot come within 300 seconds then the connection gets timed out.
6) KeepAlive off
if this option is off thenclient can send only one request at a time. If it is ON then it can send multiple requests.
7) MaxKeepAlieveRequests 100
it decides how many requests can be send using one connection.
8) KeepAlieveTimeOut 15
if on one connection there are 100 requests then each request will be alive for 15 seconds without sending information. That means one connection can remain alive for 15 * 100 = 1500 seconds
9) StartServers = 8
at a time only 8 services can be started.
10) MinSpareServers 5
5 servers are available for spare
11) MaxSpareServers 20
12) MaxClients 150
one server service can handle upto 150 clients
13) MaxRequestsPerChield 1000
every server service can handle 1000 requests.
14) StartServers 2
15) MaxClients 150
16) MinSpareThreads 25
17) MaxSpareThreads 75
18) ThreadsPerChild 25
19) MaxRequestsPerChield 0
20) Listen 0.0.0.0:80

if you are having 3 servers and this option is 0.0.0.0 then services will work on all 3 servers. If you give specific ip address here then services will work on that particular server.
21) LoadModule …...
this is a list of various web services that are required.
22) Include conf.d/*.conf
consider all the parameters in /etc/httpd/conf directory.
23) Extended status ON
If you want to use Additional third party softwares then make this option ON.

                               Section II
24) User apache
25) Group apache

Server uses services using these names ( options 24, 25)
26) ServerAdmin root@localhost
you can show administrators mail id on site. If some one is having queries he will
contact you.
27) ServerName new.host.name:80
here give name of server. This service work on TCP port 80.
28) UseCanonicalName off
it will not show a different name of itself if this is off.
29) DocumentRoot “/var/www/html”
in this directory it will show web page doc's.
30) Options FollowSymLinks
anyone can not access directories directly, if you want it go through links
31) AllowOverride None
no one can change option 30
32) (Directory "/var/www/html") 
this directory is secure
33) Options Indexes FollowSymLinks
       (IfModule  mod_Proxy C) 

if you uncomment all statements below this , then the server acts as a Proxy server. But it is not secure.


                 Section III : Virtual Hosts
this section is used to prepare website.
1) NameVirtualHost *:80
Using this option we can open multiple web pages on single ip address. It can access the site as per URL name.
2) (VirtualHost *)
replace * by hostname.
i.e. Virtual Host www.Redhat.com

if you want to test it …. then exit by making changes and give command
# service httpd start
and open mozill and give URL as
http://(ip address of your machine)
you will see the apache version information and redhat page.

Now Edit /etc/httpd/conf/httpd.conf file

NameVirtualHost = 80 (remove comment)
and make it as NameVirtualHost ipaddress_of_your_machine:80
at the end of the file write... i.e. below (VirtualHost)
(VIrtualHost www.rediffmail.com)
ServerAdmin root@your_Hostname.com
DocumentRoot /webdocs
ServerName your_hostname
ErrorLog /logs/rediffmail-error_log
CustomLog /logs/rediffmail-custom_log common
(/VirtualHost)


then change
DirectoryIndex index.html (your web page)

save and Exit

edit /etc/hosts file

at the end type
(your ip address) (your host name)

save and Exit
# service network restart
# service httpd restart


then login as root
open mozill
give URL www.rediffmail.com

you will get document stored in /webdocs folder.

You can do it for multiple sites also for that only few changes in 'httpd.conf and hosts' file are needed.

NIS [ Network Information Service ]

                      NIS [ Network Information Service]

The earlier name of NIS was 'Yellow Pages'. But later it gets registered as a TradeMark hence now NIS is used in practice.
In NIS one server is used as a Master server and one is made as a secondary server for precaution when master gets problems.

First check whether the package for NIS is installed on your machine, for that :

# rpm -qa |grep yp*



it needs 3 packages 1) ypserv*
                            2) yptools*
                            3) ypbind*

 
Uses :
 
If we want 10 users to be created on 100 Linux machines each then just create 10 users on NIS server and its /etc/passwd file is shared with those 100 machines. So the work becomes easier.

Step 1 : set the Ip address for machine using : #netconfig or #setup

Stetp 2 :
set the Domain Name using : # domainname (domain name)

Make sure that all the machines in the NIS domain must have the same domain name.

The domain name you set was not persistent, it lost when you restart your machine hence to make it persistent enter it into the script which runs every-time when machine starts.
i.e. '/etc/syconfig/network' file
edit it i.e. # vim /etc/sysconfig/network and make changes as

NETWORKING = YES
HOSTNAME = (your host name)
domainname (your domain name)


e.g. domainname classroom.edu
save the file and exit vi mode

restart your machine

STEP NO. 1 & 2 are common to both server and NIS clients.

Set this On NIS CLIENT machine:
 
STEP 3 : edit '/etc/yp.conf ' file and make changes as...

domain (your domain name) broadcast

( e.g domain classroom.edu broadcast)

domain (your domain name) server (your Host name)
(You will get your Ip address and Hostname from '/etc/hosts' file)

ypserver                        (your Host Name)

save and exit

STEP 4 : edit '/etc/nsswitch.conf' file

( this file contains the list of files which the operating system checks for NIS)

make changes as...

a) passwd : nis files
b) shadow : nis files
c)group : nis files
d) hosts : nis files dns


save & exit

STEP 5 : Edit '/etc/hosts' file
add to last line...
(ip address of client machine) (Client Host Name)
(Ip address of server machine) (server Host Name)


save & exit

Thus CLIENT configuration completed here...

Set this On NIS SERVER Machine...

STEP 6 : edit '/etc/hosts' file...
write at last line...

(Ip address of server machine) (server Host Name)

save and exit

The total configuration of NIS is stored at '/var/yp' directory.

Edit '/var/yp/makefile'
the contents of that file are...

1) #B = -b
if you remove this comment using NIS server different clients can access the date through DNS server. Use this option if your are having multiple DNS servers.
2) NOPUSH = true
if you are having single server keep this option 'true'. Because if this is 'true' the Primary server does not send its database to the secondary server. This server pushes its database to the servers whose name & ip addresses are there in the '/var/yp/ypservers' file
3) MINUID = 500
MINGID = 500

this option tells from which number the UID and GID are to be started.
4) NFSNOBODYUID = 65534
NFSNOBODYGID = 65534
5) MERGE_PASSWD = true

it decides whether the 'shadow' file and 'passwd' file is merged into single file or not.
6) MERGE_GROUP = true
it decides whether the 'group' file and 'gshadow' file is merged into single file or not.
7) AWK = /usr/bin/gawk
8) MAKE = /usr/bin/gmake
9) UMASK = umask 066

DONT CHANGE OPTIONS 7, 8, 9. These are used to make database.
10) YPSRCIDR = /etc
11)
12)
13)
14)
15)

DONT CHANGE OPTIONS 11 to 15 these variables are created for to know where to get the database files.
After this we only need following options...
GROUP
PASSWD
SHADOW
GSHADOW
ADJUNCT
ALIASES
HOSTS
AUTO_MASTER
AUTO_HOME
AUTO_LOCAL


Keep these options in front of '-all'
So Comment the other options which are not needed or remove them.

Save & exit.
Now Give this command from PRIMARY SERVER only...

# /usr/lib/yp/ypinit -m
( if u dont have secondary NIS server, then press 'ctrl + D' )

if you are having secondary NIS server then give its name here. Its entry will be added directly to '/var/yp/ypservers'. The current list of NIS servers looks like this:

(Host name)
is this correct [y/n : y] Press 'y'

# yum install authconfig-gtk
# service ypserve restart
# service portmap restart
# getsebool -a | grep “yp”
# setsebool allow_ypbind=1


set your domain name again

Now From CLIENT Machine :

# authconfig-tui

or # system-config-authentication

Service NIS will get started...

on client you can ligin as guest...

But to get homedirectory... make settings as....

FORM CLIENT as well as SERVER Machine :
# vim /etc/auto.master
make changes under # /net as
/home/guests /etc/auto.misc --timeout = 60

save and exit

edit '/etc/auto.misc' file

# vim /etc/auto.misc

make changes at last line as...
* -rw,soft,intr 192.168.0.254 :/home/guests/&
save and exit

# service autofs restart

then login into client using
login name : guest2001
passwd : (no password)


It will get home directory.

DNS [ Domain Name Server / System ]

           DNS [ Domain Name Server / System ] For RHEL 4

If we want to register multiple domains and wish to give same Ip address for those sites then DNS is used. If client user enters url names then DNS is used to understand that name and searches the particular Ip address of that site. It acts as a mediator between user and rest internet.

To check the rpm of DNS is installed or not give command :

rpm -qa | grep bind*

Here name of DNS service is “named” and package name is “bind
BIND : Berkely Internet Named Domain

edit “/etc/named.conf ” file. If this file is not there then move /etc/named.custom file to the same location with “named.conf” or copy it,

i.e. # cp /etc/named.custom /etc/named.conf

# vim /etc/named.conf

1) controls : from where this file gets modified.
2) Zone : the format of zone file is very important.

Zone “.” IN {
type hint;
file “named.ca” // the name of file containing zone records.
};
zone “localhost” IN {
type master;
file “localhost.zone”;
allow-update {none};
};

First two zones are called as Forward lookup zones. In that client give the name and dns server returns the Ip address for that name. After that the type come named “reverse lookup zone”. In that client give Ip address and the DNS server returns the DNS name of that Ip address.
i.e. 1) if in forward lookup zone the url is like “arpa.addr.in” then in reverse lookup zone it becomes “in.addr.arpa”
2) I fin forward lookup zone the Ip address is “192.168.100.10” then in reverse lookup zone it becomes “100.168.192.in.addr.arpa”. And the “.10” gets stored in records of RLZ.
3) Zone “0.0.127.in=addr.arpa” IN {
type master;
file “named.conf”;
allow-update { none; };
};
make changes as next line

zone “pranay.com” IN {
type master;
file “pranay.com.zone”;
allow-update { none; };
};

if this option is “none” and if the primary master gets off then no any client can update its record. If you are having secondary server then instead of “none” type your secondary server's Ip address.

Pranay.com.zone” file   (your zone file)

There are three files in “/var/named” directory, of that “named.local” file is of reverse zone. Copy “localhost.zone” file and paste it at same location with name “pranay.com.zone”.

Now edit “pranay.com.zone” file :

a) $TTL 86400 : if any client caches this file then he can cache it for 86400 seconds only. After that he needs to download it from server again.

b) $ORIGIN localhost.

Server's name
i.e. type $ORIGIN    (server's domain name) 

c)
@
IN SOA@root (
42 ; serial (d.adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum


IN NS @               (Here IN is 'Internet' NS is 'Name server' & @ is your                                     machine)

  IN A                      (now delete this IN A and)

Make changes as

PRANAY(i.e. your domain name) IN A ipaddress
www IN A ipaddress
 another client IN  A   ipaddress


save & exit

Edit “/etc/hosts” file

only keep there below line,

127.0.0.1 localhost.localdomain localhost

 &    delete all next lines
save & exit
Then start service named i.e.
 

# service named start
# netconfig

set your ip address & set name server ip address i.e. dns server address
ok

# service network restart

To check it type,
# ping www.pranay.com
It will ping the site.

To check whether server is ok & service is ok give command,

# nslookup pranay.pranay.com
# dig pranay.pranay.com



Edit “/var/named/pranay.com.zone” file

make changes as

IN SOA . root

And

  IN NS     (server's ip adress)



And
$ORIGIN pranay.com                 (i.e. name of your zone)

save & exit

Then Give Command :

# dig pranay.pranay.com

Then,

# ping pranay.pranay.com

Now
Check the entries in “/etc/hosts” file
# vim /etc/httpd/conf/httpd.conf

Make changes as

NameVirtualHost (ip address of server):80

Then changs as
(VirtualHost www.pranay1.com)

(VirtualHost www.pranay.com) 



then change as

ServerName (ip address of server):80

save & Exit

# service httpd restart


TO PING LINUX DNS SERVER FROM WINDOWS XP MACHINE :

Goto XP's My Network places properties → local area connection properties → TCP-IP properties → Give DNS server IP address → ok

goto run
cmd
 ping   (server's Ip address)  
ping pranay.pranay.com
ping PRANAY.pranay.com
nslookup pranay.pranay.com

it will show IP address.

                                        IMPORTANT
1) If you want to create a new zone then copy file “/etc/named/localhost.zone” to the same location with your zone name. i.e. web.com.zone
2) Edit file “/etc/httpd/conf/httpd.conf” and make changes as given above
3) Edit “web.com.zone” file and make changes as given above
4) edit “/etc/named.conf” and make changes as given above
5) restart services named and httpd

Creating Secondary Master

1) Edit “/etc/named.conf

zone “abc.com” IN {
type slave ;
file “abc.com.zone” ;
  master {(ip address) ;} ;
} ;


If you want to allow your zone to somebody else then,

zone “web.com.zone” IN {
type master ;
file “web.com.zone” ;
allow-update {(ip address of that machine) ;} ;
} ;


save & exit

Now Edit “/etc/rndc.key” file
This file contains security key. This security key is unique for each computer. We need to generate & specify this key for each computer.

Edit “/etc/rndc.conf” file

make change at the end of this file as :

 
server (ip address)   {
key “redhat” ;
} ;

include “/etc/rndc.key” ;

save & exit

OR

edit “/etc/named.conf ” file

add # to lines with key word “control” and also to nest 2 lines
add # to last line with ley word “include”

save & exit