Академический Документы
Профессиональный Документы
Культура Документы
5 Why Questions 9.Bridge Call Participant Code Chair Person Code Toll Free Number (a)Indian Toll free Number (b)Us toll free number 10.Emual Management 11.Meeting Invitation 12.Charge Management 13.CAb Meeting 14.Lead Period of Change 15.Badout Plan. 16.What is a (I) SAN (ii) NAS (iii) DAS 17.Draw a connection diagram of SAN 18.What is WWPN Number 19. what is HBA 20. What is a LUN ,LUN D of LUN rescan 18. Expalain Multipathing. 19. Give the command to check HBA card 20. Explain the following I. Power out display ii. Power out display dev=all iii Powerout display dev=empowera 21. Diff between copper cable and fiber cable 22. what is a data center 23. what is a RAC 24. what is the height of a server 25. what is RAC mountable server 26. what is the rose of operating system 27. what is MSL master server list 31 What is (CSL--->critical server list) 32.what is socks 33.How we get on site support 34.What is console access 35. What is KVM 36. Explain ILO 37. What is PCI Slot 38. which is the monitoeing tool you are used with your company 39. which all alerts you will be getting usually 40. How you manage escallations 41 How do you manage vendor 42. What is sysreport/SOS report
What is VM core file What is build process What is de commision process Expalin Patching.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase: a@A:~> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/a/.ssh/id_rsa): Created directory '/home/a/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/a/.ssh/id_rsa. Your public key has been saved in /home/a/.ssh/id_rsa.pub. The key fingerprint is: 3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine): a@A:~> ssh b@B mkdir -p .ssh b@B's password: Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time: a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' b@B's password: From now on you can log into B as b from A as a without password: a@A:~> ssh b@B hostname B A note from one of our readers: Depending on your version of SSH you might also have to do the following changes: Put the public key in .ssh/authorized_keys2 Change the permissions of .ssh to 700 Change the permissions of .ssh/authorized_keys2 to 640 linux commands link http://michaelminn.com/linux/command_line/
Linux DHCP Linux Server Q: Configure rhel6 as dhcp server for your LAN 192.168.1.0/24 using the IP Range 192.168.1.20-192.168.1.29 . Configure rhel6 (192.168.1.10) as default gateway and DNS server and reserve the IP 192.168.1.30 for node01 with MAC 00:0C:29:E9:F1:75. Configure node01 the network interface with MAC 00:0C:29:E9:F1:75 to obtain the IP via dhcp at boot, verify the booked ip 192.168.1.30 is assigned from rhel6 dhcp server. Obtain a IP from dhcp range for interface eth1. A:
Login as root on rhel6 (192.168.1.10) and install dhcp rpm. # yum install dhcp * Copy the dhcpd.conf.sample from /usr/share/doc on /etc/dhcpd/dhcpd.conf file. # cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcpd/dhcpd.conf Edit the sample config file with your LAN (192.168.1.0/24 in this case) network parameters configuration. # cat /etc/dhcpd.conf default-lease-time 600; max-lease-time 7200; # Use this to enble / disable dynamic dns updates globally. #ddns-update-style none; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology. subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.20 192.168.1.29; option domain-name-servers 192.168.1.10; option domain-name "192.168.1.10"; option routers 192.168.1.10; option broadcast-address 192.168.1.255; default-lease-time 600; max-lease-time 7200; } # Hosts which require special configuration options can be listed in # host statements. host node01 { hardware ethernet 00:0C:29:E9:F1:75; fixed-address 192.168.1.30; } * Login as root on node01 and configure eth0 to get the IP through dhcp. * Edit /etc/sysconfig/network-script/ifcfg-eth0 file DEVICE="eth0" HWADDR="00:0C:29:E9:F1:75" NM_CONTROLLED="no" ONBOOT="yes" BOOTPROTO="dhcp" * Execute 'tail -f /var/log/messages &' command and restart the network service. # tail -f /var/log/messages & # /etc/init.d/network restart * From traces can be seen that the reserved IP 192.168.1.30 has been assigned to eth0. Also the 192.168.1.10 DNS has been configured on /etc/resolv.conf * Obtain a IP from dhcp server to eth1 interface from 'dhclient' command. # dhclient eth1 ... The first IP available on the dhcp server IP Range, 192.168.1.20 in this case, is assigned to eth1.
The top command provides several useful hot keys: Hot Key t m A f o r k z Usage Displays summary information off and on. Displays memory information off and on. Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system. Enters an interactive configuration screen for top. Helpful for setting up top for a specific task. Enables you to interactively select the ordering within top. Issues renice command. Issues kill command. Turn on or off color/mono
#3: w - Find Out Who Is Logged on And What They Are Doing
w command displays information about the users currently on the machine, and their processes. # w username # w vivek Sample Outputs: 17:58:47 up 5 days, 20:28, 2 users, load average: 0.36, 0.26, 0.24 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.1.3.145 14:55 5.00s 0.04s 0.02s vim /etc/resolv.conf root pts/1 10.1.3.145 17:43 0.00s 0.03s 0.00s w
#4: uptime - Tell How Long The System Has Been Running
The uptime command can be used to see how long the server has been running. The current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes. # uptime Output: 18:02:41 up 41 days, 23:42, 1 user, load average: 0.00, 0.00, 0.00 1 can be considered as optimal load value. The load can change from system to system. For a single CPU system 1 - 3 and SMP systems 6-10 load value might be acceptable.
54981 pts/0 00:00:00 vim 55465 ? 00:00:00 php-cgi 55546 ? 00:00:00 bind9-snmp-stat 55704 pts/1 00:00:00 ps ps is just like top but provides more information.
You can also display real time usage using sar: # sar 4 5 Sample Outputs: Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/2009 06:45:12 PM CPU %user %nice %system %iowait %steal 06:45:16 PM all 2.00 0.00 0.22 0.00 0.00 97.78 06:45:20 PM all 2.07 0.00 0.38 0.03 0.00 97.52 06:45:24 PM all 0.94 0.00 0.28 0.00 0.00 98.78 06:45:28 PM all 1.56 0.00 0.22 0.00 0.00 98.22 06:45:32 PM all 3.53 0.00 0.25 0.03 0.00 96.19 Average: all 2.02 0.00 0.27 0.01 0.00 97.70 => Related: : How to collect Linux system utilization data into a file
%idle
000000314aa00000 1328 r-x-- 0000000000000000 008:00002 libc-2.5.so 000000314ab4c000 2048 ----- 000000000014c000 008:00002 libc-2.5.so ..... ...... .. 00002af8d48fd000 4 rw--- 0000000000006000 008:00002 xsl.so 00002af8d490c000 40 r-x-- 0000000000000000 008:00002 libnss_files-2.5.so 00002af8d4916000 2044 ----- 000000000000a000 008:00002 libnss_files-2.5.so 00002af8d4b15000 4 r---- 0000000000009000 008:00002 libnss_files-2.5.so 00002af8d4b16000 4 rw--- 000000000000a000 008:00002 libnss_files-2.5.so 00002af8d4b17000 768000 rw-s- 0000000000000000 000:00009 zero (deleted) 00007fffc95fe000 84 rw--- 00007ffffffea000 000:00000 [ stack ] ffffffffff600000 8192 ----- 0000000000000000 000:00000 [ anon ] mapped: 933712K writeable/private: 4304K shared: 768000K The last line is very important: mapped: 933712K total amount of memory mapped to files writeable/private: 4304K the amount of private address space shared: 768000K the amount of address space this process is sharing with others => Related: : Linux find the memory used by a program / process using pmap command
Fig.05 KDE System Guard {Image credit: Wikipedia} See the KSysguard handbook for detailed usage.
Hardware Installed memory Processors and speeds System Status Currently available disk space Processes Memory and swap space Network usage File Systems Lists all mounted filesystems along with basic information about each.
# add the following entries at the end. [share] path = /home/share writable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777 share modes = yes # restart the services [root@ora ~]# [root@ora ~]# [root@ora ~]# [root@ora ~]# service smb restart service nmb restart chkconfig smb on chkconfig nmb on
Client Settings. Right click on my computer > Properties > Computer Name click on change computer name: client01 workgroup: WORKGROUP
Press Ok Restart the computer After restart open My Computer > Tools > Map Network Drive Choose these name or ip address of the server and the directory Which is shared.
# 2 Samba share but with authentication. [root@ora ~] # [root@ora ~] # [root@ora ~] # [root@ora ~] # [root@ora ~] # groupadd company mkdir /home/company chgrp company /home/company chmod 770 /home/company vi /etc/samba/smb.conf
# add the following at the last line. [company] path = /home/company writable = yes create mode = 0770 directory mode = 0770 share modes = yes guest ok = no valid users = @company [root@ora ~] # service smb restart [root@ora ~] # service nmb restart [root@ora ~] # useradd G company rhel6 [root@ora ~] # smbpasswd a rhel6 New SMB password: Retype new SMB password: Added user cent Samba server configuration steps vim /etc/yum.repos.d/rhel.repo 951 service vsftpd restart 952 yum install samba* 953 mkdir /home/share 954 ls 955 cd /home/share/ 956 ls 957 cd 958 chmod 777 /home/share 959 vi /etc/samba/smb.conf 960 vim /etc/samba/smb.conf 961 service smb restart 962 service nmb restart 963 service nmb start 964 service nmb restart 965 chkconfig smb on 966 chkconfig nmb on 967 cd /home/share/ 968 mkdir gh 969 cd gh/ 970 touch jhdsk 971 touch jhd;lasg 972 vim lk 973 cd 974 smbclient -L //192.168.1.10 975 smbclient -L //192.168.1.10/Downloads 976 smbclient -L \\192.168.1.10\Downloads 977 smbclient -L \\192.168.1.3\Downloads 978 smbclient -L //192.168.1.3
979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995
smbclient -L //192.168.1.3/Downloads -U kathiresh-S smbclient -L //192.168.1.3/Downloads -U kathiresh-S-PC smbclient -L //192.168.1.4/Downloads smbclient -L //192.168.1.3/Downloads -U kathiresh-S smbclient -L //192.168.1.4/Downloads -U kathiresh-S ssh 192.168.1.4 cd yum install samba-client rpm -q samba-client ping 192.168.1.4 smbclient -L //192.168.1.4/Downloads -U kathiresh-S /etc/init.d/vsftpd status testparm vim /etc/samba/ vim /etc/samba/smb.conf showmount -e showmount -e 192.168.1.4
If you are developing an application for Linux desktop and would like to automatically find out more information about system, use the following commands in shell scripts to gather information about system. Recently I was involved in project where I need to collect information about running GUI, browser and other information such as disk space, running kernel etc.
mozilla --version
OR free -m OR free -g
Q :how to see list of users ANS: cat /etc/passwd | grep /home/ | cut -d: -f1
The read, write and execute permissions apply slightly differently to directories than they do to files. The read permission on a directory controls the ability to list the contents of that directory. In this example well create a directory and place a blank file in it. Well then modify the permissions on the directory so the owner cannot see the contents. $ mkdir secret_dir $ touch secret_dir/my_secret.txt $ ls secret_dir/ my_secret.txt $ chmod u-r secret_dir/ $ ls secret_dir/ ls: secret_dir/: Permission denied $ cd secret_dir/ $ ls ls: .: Permission denied $ cd ../ We see that we get a Permission denied error when trying to the contents of the directory when the read permission has revoked. Despite not being able to see what is in the can still change our working directory to that The write permission on a directory behaves expected. If a user has write on a directory they files from that directory even if they are This is important to note as giving view been directory we directory.
somewhat as can create or remove not the owner of the files. a user, group or other users write on
Now well give read permissions back to the owner and revoke execute permission: $ chmod u+r secret_dir/ $ chmod u-x secret_dir/ $ ls secret_dir/ my_secret.txt $ cd secret_dir/ -bash: cd: secret_dir/: Permission denied
We can now view the contents of the directory again but look at what happened when we tried to cd into it! Not having the execute permission on a directory will prevent you from changing into that directory even though you can view the contents. It is understandable how this can cause some confusion.
Description Used for shared directories to prevent users from renaming or deleting each others files. The only users who can rename or delete files in directories with the sticky bit set are the file owner, the directory owner, or the super-user (root). The sticky bit is represented by the letter t in the last position of the other permissions display. Set user ID, used on executable files to allow the executable to be run as the file owner of the executable rather than as the user logged into the system.
SUID
to change the moved to that directory the directory owner rather than the user who created it. SGID
Set group ID, used on executable files to allow the file to be run as if logged into the group (like SUID but uses file group permissions). SGID can also be used on a directory so that every file created in that directory will have the directory group owner rather than the group owner of the user creating the file.
The following example displays the SUID permission mode that is set on the passwd command, indicated by the letter s in the last position of the user permission display. Users would like to be able to change their own passwords instead of having to ask the System Administrator to do it for them. Since changing a password involves updating the /etc/passwd file which is owned by root and protected from modification by any other user, the passwd command must be executed as the root user. The which command will be used to find the full path name for passwd command, then the attributes of the passwd command listed, showing the SUID permission(s). $ which passwd /usr/bin/passwd $ ls -l /usr/bin/passwd -r-sxx 1 root root 17700 Jun 25 2004 /usr/bin/passwd Here we see not only that the SUID permissions are set up on passwd command but also that the command is owned by the user. These two factors tell us that the passwd command the permissions of root regardless of who executes the root will run with it. the will be
These special modes can be very helpful on multi-user systems. To set or unset the sticky bit use the the t option with the chmod command. When setting the sticky bit we do not have to specify if it is for user, group or other. In the following example we will make a directory called public which anyone can write to but well use the sticky bit to make sure only the file owners can remove their own files. $ mkdir public $ chmod 777 public $ chmod +t public
$ ls -l total 4 drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public We see that the last character of the permissions string has indicating the sticky bit has been set. We could also prefix to the chmod command using the number to achieve results. The following chmod command will accomplish thing as the two chmod commands in the last example: $ chmod 1777 public $ ls -l total 4 drwxrwxrwt 2 tclark authors 4096 Sep 14 10:45 public Now lets say we instead want to make a directory which other can copy files but which we want the files to instantly owned by our username and group. This is where the SUID SGID options come in. $ mkdir drop_box $ chmod 777 drop_box $ chmod u+s,g+s drop_box $ ls -l total 4 drwsrwsrwx 2 tclark authors 4096 Sep 14 10:55 drop_box Now anyone can move files to this directory but upon creation in drop_box they will become owned by tclark and the group authors. This example also illustrates how you can change multiple levels of permissions with a single command by separating them with a comma. Just like with the other permissions this could have been simplified into one command using the SUID and SGID numeric values (4 and 2 respectively.) Since we are changing both in this case we use 6 as the first value for the chmod command. $ chmod 6777 drop_box/ $ ls -l total 4 drwsrwsrwx 2 oracle users 4096 Sep 14 10:55 drop_box users become and at the number 1 the same the same
Linux Troubleshooting
Linux is legendary for its stability - once set up correctly, a Linux box, left to its own devices, will run trouble-free for a very long time. Most problems arise soon after installation or major configuration changes, and are the result of misconfiguration, typographical errors or the occasional hardware failure. However, from time to time accidents do happen, even in the best-regulated environments . . .
The best way to minimise the impact of those unforeseeable events is to prepate for them, by assembling the recovery tools in advance Tom's Root Boot Disk An essential part of every Linux professional's bag of tricks, this tiny (by today's standards) package unpacks to create a 1.722 MB floppy disk that is a complete Linux distribution with a selection of recovery tools - until you see how it's done you'll find it hard to believe a single floppy can contain so much! An alternative version comes in El Torito (bootable CD-ROM) format . You can download tomsrtbt from http://www.toms.net/rb/ Knoppix This is a popular Linux distribution, based on Debian, which boots and runs entirely from CDROM. While it is popular for demonstrations, or for letting interested users get a taste of Linux without having to install a distribution on the hard drive, it is also incredibly useful as a system repair tool. You can download Knoppix from http://www.knopper.net/knoppix/index-en.html (read the notes on software patents, then click on the KNOPPIX link - it's still there). mkbootdisk Most Linux distributions have a command to build a bootable floppy disk which can be used to repair a system. Red Hat Linux, for example, has the mkbootdisk command. In order to use this, you only need to know the desired kernel version to write to floppy, and you can find the current kernel version with the uname -r command: mkbootdisk 2.4.20-8 or mkbootdisk `uname -r` In general, mkbootdisk and similar utilities will read various configuration files, such as /etc/fstab and /boot/grub/grub.conf, in order to work out the root filesystem, any required kernel commandline arguments and the drivers which will need to be loaded from the generated ramdisk image. One useful but not widely-known option for mkbootdisk is the --iso option, which makes a bootable CD-ROM image. This can then be updated with additional utilities, etc. if required. Other Boot Disks Most Linux distributions allow you to boot from the first installation CD in a system repair or 'rescue' mode. For Red Hat, for example, using the first CD-ROM to boot with the command 'linux rescue' will boot the system and then attempt a number of basic repairs automatically. The repair script will attempt to identify all the Linux partitions on your hard drives and mount them in the correct location. At the end of this process, you should wind up with the system completely assembled and mounted under /mnt/sysimage. Red Hat Linux Professional boxed sets of recent vintage also include a rather neat credit-cardsized rescue CD, and similar CD's are sometimes available from Linux-related company stands at trade shows.
Problems:
Can't Boot? Watch the system closely as it boots, and take note of any error messages that appear. If the system complains that it is unable to mount the root filesystem, for example, this can be for any of several reasons: The BIOS cannot find the boot loader. This sometimes happens after you've installed Linux to dual-boot with Windows, but - out of concern to not misconfigure the system have asked the install program to place the boot loader in the Linux root (or /boot) filesystem. The problem is that the BIOS can't see it there, unless you make that the active partition. The simplest fix is to reinstall Linux and this time, let it place the LILO or
GRUB boot loader into the Master Boot Record - don't worry, the Linux boot loaders are automatically set up to let you choose Linux or Windows at boot time. It is possible to perform a more complex fix, for example by copying the Linux boot loader sector into a file, and setting up the Windows NT/2K/XP boot loader to chain to it - but that is too complex to describe here (see http://www.lesbell.com.au/Home.nsf/web/Using+the+NT+Boot+Loader+to+Boot+Linux? OpenDocument where you'll find a longer article describing how to use the NT boot loader to boot Linux). The kernel doesn't have a device driver to access the hard drive (e.g. a SCSI drive). Fix this by using the mkinitrd script to build a new initrd file that contains the correct drivers, or recompile the kernel to include the driver code. This usually happens because you've built a new kernel and slightly messed up the configuration. The kernel doesn't have a filesystem driver to access the root partition. For example, if the root filesystem is formatted with ext3, then you will need the ext3 and jbd modules in the initrd or compiled into the kernel. Fix as for the previous problem. Again, this usually happens after building a new kernel. The partition table has been modified, for example, by the installation of another operating system. In this case, edit the kernel command line (in /ec/lilo.conf or /boot/grub/menu.lst) and the contents of /etc/fstab to contain the correct entries. Filesystems are corrupted, due to a power failure or system crash. Generally, after a system crash or power outage (what? No UPS?), the system will come up and repair itself. If you are using a journalling filesystem like ext3fs, jfs, xfs or resiserfs, it will usually perform a roll-forward recovery from its journal file and carry on. Even with the older ext2fs, the system usually runs an fsck (file system check) on the various file systems and repairs them automatically. However, just occasionally manual intervention is required - ; you might have to answer 'Y' to a string of questions (answering 'N' will get you nowhere unless you intend to perform really low-level repairs yourself in a last-ditch attempt to avoid data loss). In the worst case, you might have to reboot from rescue media and manuall run the e2fsck (or similar) command against each filesystem in turn. For example: e2fsck -p /dev/hda7 If the program complains that the superblock - the master block that links to everything else - is corrupted, it is useful to remember that the superblock is so critical that it is duplicated every 8192 blocks through the filesystem and you can tell e2fsck to use one of the backups: e2fsck -b 8193 /dev/hda7 One or more filesystems cannot be found and mounted: Check the contents of /etc/fstab - in making quick alterations here, typographical errors are common. You can use the e2label command to view the label of each filesystem: some distributions set these to the mount point so you can figure out what is what.
In each case, you will need to boot from some kind of rescue media, then work at the command line to repair the damage. If you boot from tomsrtbt or Knoppix, you will have editors and other utilities available. If you boot from the Red Hat installation CD in rescue mode, you will need to change the root directory so that the various system directories and filesystems are in the correct locations: chroot /mnt/sysimage See the box "The chroot Command" for details of why and how this works. Forgot root password
If you have - really have - forgotten the root password for your system, it is still possible, in many cases, to log in and fix this. On some distributions, you can boot in single-user maintenance mode (runlevel 1) by appending a '1' or 'single' on the end of the normal kernel boot command line. With the LILO boot loader, for example, you can type linux 1 to boot this way. With GRUB, it's a little more complex: you have to choose the boot menu item you want to use, then press 'e' to edit it, move to the kernel command line and press 'e' to edit it, append the '1' at the end of the line, press Enter to terminate editing and then press 'b' to boot it. However, some distributions will still request the root password in runlevel 1. For those, you should append the option 'init=/bin/bash' to the kernel command line, e.g. linux init=/bin/bash Now, instead of running the init process to kick off all the startup scripts, the kernel will simply run a bash shell. Since the startup scripts have not run, you may have to mount other filesystems manually, and you will certainly have to remount the root filesystem read-write with the command: mount -o remount,rw / Now, you can set about removing the root password. To do this, simply edit the /etc/shadow file and remove the encrypted password field from the file - it's usually the second field of the first line. You can now reboot, log in as root and use the passwd command to reset the password.
Security Warning!
Now that everyone knows this tip, you should take care to set a LILO or GRUB password to stop an attacker from editing the boot command line and breaking into your system this way. Of course, an attacker could also remove the root password by booting from floppy or CD, so you should set the system to boot from hard drive first, and then password-protect the BIOS settings, too! Can't Eject CD-ROM? You can normally eject a CD using the eject command (and you can close the drive again later with eject -t). But what if you get a message: eject: unable to eject, last error: Invalid argument The problem here is that something is accessing the CD-ROM drive - but what? You can use the fuser command to find out: fuser /dev/cdrom will show processes that have an open file or are otherwise accessing the CD-ROM drive. The command fuser -uik /dev/cdrom will show you the process ID and user that "owns" the drive, and will interactively allow you to kill the process. No sound Sound configuration is fairly tricky unless you know exactly what type of sound hardware you have - the chipset, not the brand of card. The simplest solution is to use the distribution's own sound configuration command - for Red Hat, this is redhat-config-soundcard or sndconfig (for the older versions). X resolution too low or too high
Try using the left Ctrl and Alt keys with the + and - keys on the numeric pad to cycle through the various resolutions available on your system. You can also manually edit the XF86Config file (look in /etc/X11/ or nearby for this, depending on your distribution), then find the relevant Modes line, and comment out inappropriate modes For example, if my monitor couldn't cope with 1400 x 1050 resolution, I would remove that entry from the Modes line in my XF86Config file: Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "Monitor0" DefaultDepth 24 SubSection "Display" Depth 24 Modes "1400x1050" "1280x1024" "1280x960" "1024x768" "800x600" "640x480" EndSubSection EndSection
Sometimes, increasing the DefaultDepth entry will reduce the maximum resolution to something that your monitor can cope with. Find the Right Driver Module You can make the system attempt to load every device driver module of any given type in turn by using the command modprobe -t type \* where type is the name of a directory under /lib/modules/kernelver/kernel. For example: modprobe -t net \* will attempt to load most network drivers, one after another.
Trouble-shooting techniques
Use pairs of similarly-configured systems Quick things to check: Is a filesystem full? This can show up in lots of different ways: being unable to save files, print jobs not spooling correctly (especially on Samba print/file servers), and so on. Use the df command to see available space: [root@freya home]# df -H Filesystem Size Used Avail Use% Mounted on /dev/Volume00/LogVol00 520MB 254MB 240MB 52% / /dev/hda3 128MB 2 1MB 101MB 17% /boot /dev/Volume00/LogVol03 2.2GB 134MB 1.9GB 7% /home /dev/Volume00/LogVol05 520MB 8.5MB 485MB 2% /opt none 264MB 0 264MB 0% /dev/shm /dev/Volume00/LogVol02 1.1GB 36MB 969MB 4% /tmp /dev/Volume00/LogVol01 4.3GB 3.0GB 1.1GB 75% /usr /dev/Volume00/LogVol06 1.1GB 101MB 903MB 11% /usr/local /dev/Volume00/LogVol04 3.2GB 2.3GB 756MB 75% /var /dev/hda1 16GB 13GB 2.8GB 83% /mnt/winc
Remember that a filesystem can fill up either because almost all of its data blocks are used up (some are reserved for the root user, just to get out of trouble) or because all its i-nodes (there is one of these per file) are used up. If you need to make space by deleting some large files, use the command 'ls -lS' to get a directory listing that is sorted by file size. To scan an entire filesystem (e.g. /home or /var) for the largest files, use the command: du | sort -n The largest files will be at the end of the listing. Adding New Drives Sometimes the growth of a filesystem - particularly /home - means that it is necessary to find it a new home; in other words, add another physical disk and relocate the filesystem to its new home where there is room to grow. Here is the procedure for adding another drive, with a single partition which will become the new /home filesystem (I'm assuming fdisk has already been used to partition it): As root: # mkdir /mnt/newhome # mkfs -t ext2 /dev/hdb1 # mount /dev/hdb1 /mnt/newhome # (cd /home && tar cf - .) | (cd /mnt/newhome && tar xpf -) then # cd / # mv /home /home.old # mkdir /home # umount /mnt/newhome # mount /dev/hdb1 /home Once the new /home directory tree has been checked out, you can then safely # cd /home.old # rm -rf * # cd .. # rmdir /home.old # rmdir /mnt/newhome to clean up. Network Problems Use the ifconfig command to check whether an interface has been configured and is up. For example: Long delays while starting daemons at boot time If the system seems to stop for 30 seconds or more while starting - particularly when starting network deamons like sendmail or NFS - then the problem is likely to be either DNS misconfiguration, a DNS outage, or no network connection at all. Check that /etc/resolv.conf contains the correct DNS addresses, check that /etc/hosts contains the correct IP address and names for this machine, and then check that the network interface is up.
and you can watch it continuously by running the command: tail -f /var/log/messages in a window while you work. For security and login-related problems, check the file /var/log/secure. There are other log files and directories that relate to different subsystems in /var/log, and you should never overlook them. If trying to resolve boot-time problems, use the command: dmesg | less to review the kernel ring buffer. The next rule is to compare similarly-configured systems, if you have them. Often, you can see obvious differences in the configuration files between a working system and the broken system. Next: if you are stumped, talk the problem over with a colleague or friend. They don't have to know the perfect solution - often, their suggestions can trigger a new line of thinking or remind you of something you have overlooked. If you don't have someone you can talk to, then use online resources. Get to know how to perform searches at http://www.google.com/linux , and how to search the comp.os.linux and similar newsgroups at http://groups.google.com. On many occasions, I've turned up answers online after exhausting my own ideas.
to navigate around the entire system directory tree, but is instead constrained within a 'chroot jail'. A major use of the chroot command is to change the root directory of the system after booting from a repair floppy or CD. For example, if you boot a Red Hat installation CD with the command 'linux rescue', the root file system is actually a RAM disk, and the root filesystem on your hard drive is mounted as /mnt/sysimage. Commands you give will load programs from /bin and /sbin on the RAM disk, which is obviously limited. To get access to those directories on the hard drive, you will need to change your root directory with the command chroot /mnt/sysimage
There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT). Assuming eth0=WAN and eth1=LAN This step by step small howto will help you to setup Linux router only in 2 minutes. Configuration Step 1) Enable packet forwarding 2) Setup Network Address Translation using IPTABLES MASQUERADE targets Step#1: Turn on IP forwarding in kernel Open linux kernel configuration file (you must be a root user or use su command to become a root user): # vi /etc/sysctl.conf Add/modify following line: net.ipv4.ip_forward = 1 Step#2: Restart network # service network restart Step#3: Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) : # iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE # iptables --append FORWARD --in-interface eth1 -j ACCEPT Step#4: Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended) Step#5: Put code described in Step#3 to script and call it from /etc/rc.local file.
b) Create a virtual IP address on this Fast Ethernet Card i) Copy and paste the configuration file of the eth0 with a new name eth0:0 c) Assign a private IP Address like you have assigned the other computers in your local area network i) Eth0:0 ii) IP Address (192.168.1.10) iii) Net mask (255.255.255.0) iv) Default Gateway (leave this blank) 2) Creating forwarding rules with iptables: # Delete and flush. Default table is filter. Others like nat must be explicitly stated. 3) iptables flush Flush all the rules in filter and nat tables 4) iptables table nat flush 5) iptables delete-chain # Delete all chains that are not in default filter and nat table 6) iptables table nat delete-chain # Set up IP FORWARDing and Masquerading 7) iptables table nat append POSTROUTING out-interface eth0 -j MASQUERADE 8 ) iptables append FORWARD in-interface eth0 -j ACCEPT 9) echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel 10) Create a route for internal packets: 11) route add -net 192.168.1.0 netmask 255.255.255.0 gw 61.5.156.146 dev eth0 # Change 61.5.156.146 with your Gateway IP Address
Configuring PCs on the office network: All PCs on the private office network should set their gateway to be the local private network IP address of the Linux gateway computer. 192.168.1.10 change with your own gateway The DNS should be set to that of the ISP on the internet. Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post. Configure the firewall to control the security. First flush everything and then allow limited ports and IP Addresses 12) iptables -F 13) iptables -A INPUT -i lo -p all -j ACCEPT Allow self access by loopback interface 14) iptables -A OUTPUT -o lo -p all -j ACCEPT 15) iptables -A INPUT -i eth0 -m state state ESTABLISHED,RELATED -j ACCEPT Accept established connections 16) iptables -A INPUT -p tcp tcp-option ! 2 -j REJECT reject-with tcp-reset 17) iptables -A INPUT -p tcp -i eth0 dport 21 -j ACCEPT Open ftp port 1 iptables -A INPUT -p udp -i eth0 dport 21 -j ACCEPT 19) iptables -A INPUT -p tcp -i eth0 dport 22 -j ACCEPT Open secure shell port 20) iptables -A INPUT -p udp -i eth0 dport 22 -j ACCEPT 21) iptables -A INPUT -p tcp -i eth0 dport 80 -j ACCEPT Open HTTP port 22) iptables -A INPUT -p udp -i eth0 dport 80 -j ACCEPT 23) iptables -A INPUT -p tcp syn -s 192.168.10.0/24 destination-port 139 -j ACCEPT Accept local network Samba connection 24) iptables -A INPUT -p tcp syn -s trancas destination-port 139 -j ACCEPT 25) iptables -P INPUT DROP Drop all other connection attempts. Only connections defined above are allowed. 26) alter the Linux kernel config file: /etc/sysctl.conf
Linux comes with a host based firewall called Netfilter. According to the official project site: netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
destination 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 destination 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 destination destination destination
You can use line numbers to delete or insert new rules into the firewall.
-F : Deleting (flushing) all the rules. -X : Delete chain. -t table_name : Select table (called nat or mangle) and delete/flush rules. -P : Set the default policy (such as DROP, REJECT, or ACCEPT).
# cat /root/my.active.firewall.rules
#8.1: IPv4 Address Ranges For Private Networks (make sure you block them on public interface)
10.0.0.0/8 -j (A) 172.16.0.0/12 (B) 192.168.0.0/16 (C) 224.0.0.0/4 (MULTICAST D) 240.0.0.0/5 (E)
127.0.0.0/8 (LOOPBACK)
Type the following to log and block IP spoofing on public interface called eth1 # iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix "IP_SPOOF A: " # iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP By default everything is logged to /var/log/messages file. # tail -f /var/log/messages # grep --color 'IP SPOOF' /var/log/messages
#13: Log and Drop Packets with Limited Number of Log Entries
The -m limit module can limit the number of log entries created per time. This is used to prevent flooding your log file. To log and drop spoofing per 5 minutes, in bursts of at most 7 entries . # iptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix "IP_SPOOF A: " # iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
## only accept connection to tcp port 80 (Apache) if ip is between 192.168.1.100 and 192.168.1.200 ## iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 192.168.1.100192.168.1.200 -j ACCEPT ## nat example ## iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.20-192.168.1.25
## open tcp port 143 (imap) for all ## iptables -A INPUT -m state --state NEW -p tcp --dport 143 -j ACCEPT ## open access to Samba file server for lan users only ## iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT ## open access to proxy server for lan users only ## iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT ## open access to mysql server for lan users only ## iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
Otherwise open port 80 using the iptables for all users: # iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT # service iptables save Use the telnet command to see if firewall allows to connect to port 80: $ telnet www.cyberciti.biz 80 Sample outputs: Trying 75.126.153.206... Connected to www.cyberciti.biz. Escape character is '^]'. ^] telnet> quit Connection closed. You can use nmap to probe your own server using the following syntax: $ nmap -sS -p 80 www.cyberciti.biz Sample outputs: Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-13 13:19 IST Interesting ports on www.cyberciti.biz (75.126.153.206): PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 1.00 seconds I also recommend you install and use sniffer such as tcpdupm and ngrep to test your firewall settings.
Conclusion:
This post only list basic rules for new Linux users. You can create and build more complex rules. This requires good understanding of TCP/IP, Linux kernel tuning via sysctl.conf, and good knowledge of your own setup. Stay tuned for next topics: Configuring XDMCP and GDM on Red Hat Linux by Jeff Hunter, Sr. Database Administrator
Contents
Introduction Configure Linux to use GUI Logins Granting Remote Access to the Login Manager Remote X Server Access from a Linux Client Troubleshooting About the Author
Introduction
Most users installing Linux today choose to install and configure the X Windows System. This allows those users to access their Linux environment using a graphic (GUI) console connected
to the workstation or server. An X Windows environment provides users to run X programs like xterm, OpenOffice, Mozilla Firefox and a host of other useful graphical software packages. There are times, however, when users need to log in to a Linux machine using the graphical X Windows System from a remote computer, like a Windows PC for example. The remote Windows PC would first need to have an X Windows Server installed like Xming, Exceed Hummingbird, or my personal favorite X-Win 32. When installing Red Hat Enterprise Linux, the system defaults to a secure configuration which does not allow remote graphical logins or remote desktop access. This article explains the configuration changes required to allow remote access to a Red Hat Enterprise Linux system (RHEL) using the X Display Manager Control Protocol (XDMCP) or GDM (GUI login).
..... <SNIP> ..... # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault: ..... <SNIP> .....
The next step is to grant MS Windows users remote GUI access to the Red Hat Linux system. More specifically, we need to grant access to the RHEL Login Manager. Use the GDM Login Manager for RHEL 5 or higher while using the XDM Login Manager for RHEL 3 and RHEL 4.
Figure 1: Modify Remote Style to 'Same as Local' After configuring remote access to the GDM login manager, select the Security tab. Under the Security tab, I checked the options: Allow local system administrator login Allow remote system administrator login
Figure 2: Security - Allow Local / Remote System Administrator Logins Exit from the gdmsetup utility and restart the GDM service: [root@racnode1 ~]# /usr/sbin/gdm-restart You can test the GDM login screen locally using the following: [root@racnode1 ~]# X -query localhost :1
Troubleshooting
Probably the most common error when configuring graphic remote login access is the Linux firewall rules. Make certain the Linux firewall rules allow the XDMCP protocol to pass: List the firewall rules. [root@racnode1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT)
target
destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination If needed, flush all firewall rules. [root@racnode1 ~]# iptables -F
FinConfiguring XDMCP and GDM on Red Hat Linux by Jeff Hunter, Sr. Database Administrator
Contents
Introduction Configure Linux to use GUI Logins Granting Remote Access to the Login Manager Remote X Server Access from a Linux Client Troubleshooting About the Author
Introduction
Most users installing Linux today choose to install and configure the X Windows System. This allows those users to access their Linux environment using a graphic (GUI) console connected to the workstation or server. An X Windows environment provides users to run X programs like xterm, OpenOffice, Mozilla Firefox and a host of other useful graphical software packages. There are times, however, when users need to log in to a Linux machine using the graphical X Windows System from a remote computer, like a Windows PC for example. The remote Windows PC would first need to have an X Windows Server installed like Xming, Exceed Hummingbird, or my personal favorite X-Win 32. When installing Red Hat Enterprise Linux, the system defaults to a secure configuration which does not allow remote graphical logins or remote desktop access. This article explains the configuration changes required to allow remote access to a Red Hat Enterprise Linux system (RHEL) using the X Display Manager Control Protocol (XDMCP) or GDM (GUI login).
# # /etc/inittab #
..... <SNIP> ..... # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault: ..... <SNIP> .....
[root@racnode1 ~]# init 3 [root@racnode1 ~]# init 5 The final step is to configure the GDM login manager using the gdmsetup utility: [root@racnode1 ~]# gdmsetup After starting the gdmsetup utility, click the Remote tab. Under the Remote tab, change the Style pull-down menu selection from 'Remote login disabled' to 'Same as Local':
Figure 1: Modify Remote Style to 'Same as Local' After configuring remote access to the GDM login manager, select the Security tab. Under the Security tab, I checked the options: Allow local system administrator login Allow remote system administrator login
Figure 2: Security - Allow Local / Remote System Administrator Logins Exit from the gdmsetup utility and restart the GDM service: [root@racnode1 ~]# /usr/sbin/gdm-restart You can test the GDM login screen locally using the following: [root@racnode1 ~]# X -query localhost :1
Troubleshooting
Probably the most common error when configuring graphic remote login access is the Linux firewall rules. Make certain the Linux firewall rules allow the XDMCP protocol to pass: List the firewall rules. [root@racnode1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT)
target
destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination If needed, flush all firewall rules. [root@racnode1 ~]# iptables -F Port 177 6000-6005 7100 Port 177 6000-6005 7100 Data Type XDMCP X11 protocol xfs: X font server Data Type XDMCP X11 protocol xfs: X font server
Finally, ensure the following ports and protocols are able to pass through the firewall: Protocol UDP TCP TCP Protocol UDP TCP TCP
ally, ensure the following ports and protocols are able to pass through the firewall:
Linux / UNIX Automatically Log BASH / TCSH / SSH Users Out After a Period of Inactivity
You can configure any Linux system to automatically log users out after a period of inactivity. Simply login as the root user and create a file called /etc/profile.d/autologout.sh, enter:: # vi /etc/profile.d/autologout.sh Append the following code: TMOUT=300 readonly TMOUT export TMOUT Save and close the file. Set permissions: # chmod +x /etc/profile.d/autologout.sh
Above script will implement a 5 minute idle time-out for the default /bin/bash shell
Today on the fatmin we are going to setup an ftp server on RHEL6 that accepts anonymous uploads. We are going to do so with SELinux support and will be making modifications to iptables as well. Installation: First and formost we need to install vsftpd
# yum -y install vsftpd && service vsftpd start && chkconfig vsftpd on
Our anonymous upload directory will be /var/ftp/anon, and we need to change group ownership to the ftp group and then change permissions so that the members of that group can write to it. Note that no one other than root can read or execute anything under /var/ftp/anon.
# chgrp ftp /var/ftp/anon # chmod 730 /var/ftp/anon # ls -ld /var/ftp/anon drwx-wx---. 3 root ftp 4096 Oct 19 13:34 /v1
SELinux Support: Next we need to configure SELinux support and assign the correct context to the /v1 directory and its future contents. Note -a is add -t is type.
# semanage fcontext -a -t public_content_rw_t '/var/ftp/anon(/.*)'
Now lets go ahead and apply the new context. Note -vv is verbose, -F force and R is recursive
# restorecon -vvFR /var/ftp/anon
Configure Vsftpd: Now vi /etc/vsftpd/vsftpd.conf and ensure that the following configuration values are set and uncommented. Note that I had to add the last line to my config file.
anonymous_enable=YES anon_upload_enable=YES chown_uploads=YES chown_username=daemon anon_umask=077
Configure iptables: Add the following to /etc/sysconfig/iptables-config. In my case I only needed to add the ip_nat_ftp part to the line
IPTABLES_MODULES="nf_conntrack_ftp ip_nat_ftp"
Now you are going to want to make sure that these two lines exist in /etc/sysconfig/iptables.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp --dport 21 -j ACCEPT
Now restart iptables Addendum: Note that I ran into issues with the semanage command below.
# semanage fcontext -a -t public_content_rw_t '/var/ftp/anon(/.*)'
It seems that the context assigned to the /var/ftp/anon directory was not changing correctly from public_content_t to public_content_rw_t
# ls -Zd /var/ftp drwxrwxrwx. root root system_u:object_r:public_content_t:s0 /var/ftp
So I ran the chon command seen below and did not run the restorecon command. This worked as afterwards the context on the directory /var/ftp/anon was correct
chcon -R -t public_content_rw_t /var/ftp/anon
SQUID PROXY iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 1. Confirm that the squid process ID (PID) has started as a confined service, as seen here by the squid_var_run_t value: 2. # ls -lZ /var/run/squid.pid -rw-r--r--. root squid unconfined_u:object_r:squid_var_run_t:s0 /var/run/squid.pid enable SElinux:# setsebool -P squid_connect_any on
6th edition mical jang http://www.torrentreactor.net/torrents/5452006/ RHCSARHCE -%28Exams-EX200ampampEX 300%29-by-Michael-Jang-6thED PXE configuration http://www.datadisk.co.uk/html_docs/redhat/rh_pxe.html successfully worked http://www.jaimegago .com/network-install-via-pxe-and-tftp-on-rhel6-x86_64/
http://www.cyberciti.biz/tips/recovering-deleted-etcshadow-password-file.html Grub passwd for ubuntu http://ubuntuforums.org/showthread.php?t=7353 cent os links http://mirrors.hns.net.in/centos/6.2/isos/i386/ crontab links http://www.thegeekstuff.com/2009/06/15-practical-crontab-examples/ port no list links http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers ssh links http://blog.urfix.com/25-ssh-commands-tricks/ http://www.linuxtutorialblog.com/post/ssh-and-scp-howto-tips-tricks
Explain Linux / UNIX TCP Wrappers / Find Out If Program Compiled With TCP Wrappers
http://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/
http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html Mail Server Configuration(successfully worked) http://linuxgravity.com/configuring-postfix-and-dovecot-pop3-and-imap-on-red-hat-or-centosusing-local-system-accounts MYSQL SERVER RESET THE PASSWORD http://crashmag.net/resetting-the-root-password-for-mysql-running-on-rhel-or-centos SSH & SSH-Agent &ssh-add http://www.lofar.org/wiki/doku.php?id=public:ssh-usage LUKS-encrypted_partitions http://rhce.co/rhel6/Create_and_configure_LUKSencrypted_partitions_and_logical_volumes_to_prompt_for_password_and_mount_a_decrypted _file_system_at_boot