Beruflich Dokumente
Kultur Dokumente
Example1.BackupEntireHarddisk
Tobackupanentirecopyofaharddisktoanotherharddiskconnectedtothesamesystem,execute theddcommandasshownbelow.Inthisddcommandexample,theUNIXdevicenameofthesource harddiskis/dev/hda,anddevicenameofthetargetharddiskis/dev/hdb.
#ddif=/dev/sdaof=/dev/sdb
Example2.CreateanImageofaHardDisk
Insteadoftakingabackupoftheharddisk,youcancreateanimagefileoftheharddiskandsaveit inotherstoragedevices.Therearemanyadvantagestobackingupyourdatatoadiskimage,one beingtheeaseofuse.Thismethodistypicallyfasterthanothertypesofbackups,enablingyouto quicklyrestoredatafollowinganunexpectedcatastrophe.
#ddif=/dev/hdaof=~/hdadisk.img
Example3.RestoreusingHardDiskImage
#ddif=hdadisk.imgof=/dev/hdb
Example4.CreatingaFloppyImage
Example5.BackupaPartition
Youcanusethedevicenameofapartitionintheinputfile,andintheoutputeitheryoucanspecify yourtargetpathorimagefileasshownintheddcommandexamplebelow.
#ddif=/dev/hda1of=~/partition1.img
Example6.CDROMBackup
ddcommandallowsyoutocreateanisofilefromasourcefile.SowecaninserttheCDandenterdd commandtocreateanisofileofaCDcontent.
#ddif=/dev/cdromof=tgsservice.isobs=2048
ddcommandreadsoneblockofinputandprocessitandwritesitintoanoutputfile.Youcanspecify theblocksizeforinputandoutputfile.Intheaboveddcommandexample,theparameterbs specifiestheblocksizefortheboththeinputandoutputfile.Sodduses2048bytesasablocksizein theabovecommand. Note:IfCDisautomounted,beforecreatinganisoimageusingddcommand,itsalwaysgoodifyou unmounttheCDdevicetoavoidanyunnecessaryaccesstotheCDROM 2. 15 rsync command examples :Everysysadminshouldmastertheusageofrsync.rsyncutilityisused tosynchronizethefilesanddirectoriesfromonelocationtoanother.Firsttime,rsyncreplicatesthe wholecontentbetweenthesourceanddestinationdirectories.Nexttime,rsynctransfersonlythe changedblocksorbytestothedestinationlocation,whichmakesthetransferreallyfast.
HowtoBackupLinux?15rsyncCommandExamples
rsyncstandsforremotesync. rsyncisusedtoperformthebackupoperationinUNIX/Linux. rsyncutilityisusedtosynchronizethefilesanddirectoriesfromonelocationtoanotherinaneffectiveway.Backup locationcouldbeonlocalserveroronremoteserver.
Importantfeaturesofrsync
Speed:Firsttime,rsyncreplicatesthewholecontentbetweenthesourceanddestinationdirectories.Nexttime,
rsynctransfersonlythechangedblocksorbytestothedestinationlocation,whichmakesthetransferreallyfast. Security:rsyncallowsencryptionofdatausingsshprotocolduringtransfer.
LessBandwidth:rsyncusescompressionanddecompressionofdatablockbyblockatthesendingandreceiving
endrespectively.Sothebandwidthusedbyrsyncwillbealwayslesscomparedtootherfiletransferprotocols.
Privileges:Nospecialprivilegesarerequiredtoinstallandexecutersync
Syntax
$rsyncoptionssourcedestination
Sourceanddestinationcouldbeeitherlocalorremote.Incaseofremote,specifytheloginname,remoteserver nameandlocation.
Example1.SynchronizeTwoDirectoriesinaLocalServer
Tosynctwodirectoriesinalocalcomputer,usethefollowingrsynczvrcommand. $rsynczvr/var/opt/installation/inventory//root/temp buildingfilelist...done sva.xml svB.xml . sent26385bytesreceived1098bytes54966.00bytes/sec totalsizeis44867speedupis1.63 $ Intheaboversyncexample:
Example2.PreservetimestampsduringSyncusingrsynca
rsyncoptionaindicatesarchivemode.aoptiondoesthefollowing, Recursivemode Preservessymboliclinks Preservespermissions Preservestimestamp Preservesownerandgroup Now,executingthesamecommandprovidedinexample1(Butwiththersyncoptiona)asshownbelow: $rsyncazv/var/opt/installation/inventory//root/temp/ buildingfilelist...done ./ sva.xml svB.xml . sent26499bytesreceived1104bytes55206.00bytes/sec totalsizeis44867speedupis1.63 $ Asyouseebelow,rsyncpreservedtimestampsduringsync. $lsl/var/opt/installation/inventory/sva.xml/root/temp/sva.xml rrr1rootbin949Jun182009/var/opt/installation/inventory/sva.xml rrr1rootbin949Jun182009/root/temp/sva.xml
Example3.SynchronizeOnlyOneFile
Tocopyonlyonefile,specifythefilenametorsynccommand,asshownbelow. $rsyncv/var/lib/rpm/Pubkeys/root/temp/ Pubkeys
sent42bytesreceived12380bytes3549.14bytes/sec totalsizeis12288speedupis0.99
Example4.SynchronizeFilesFromLocaltoRemote
rsyncallowsyoutosynchronizefiles/directoriesbetweenthelocalandremotesystem. $rsyncavz/root/temp/thegeekstuff@192.168.200.10:/home/thegeekstuff/temp/ Password: buildingfilelist...done ./ rpm/ rpm/Basenames rpm/Conflictname
sent15810261bytesreceived412bytes2432411.23bytes/sec
totalsizeis45305958speedupis2.87
Whiledoingsynchronizationwiththeremoteserver,youneedtospecifyusernameandipaddressoftheremote server.Youshouldalsospecifythedestinationdirectoryontheremoteserver.Theformatis username@machinename:path Asyouseeabove,itasksforpasswordwhiledoingrsyncfromlocaltoremoteserver. Sometimesyoudontwanttoenterthepasswordwhilebackingupfilesfromlocaltoremoteserver.Forexample,If youhaveabackupshellscript,thatcopiesfilesfromlocaltoremoteserverusingrsync,youneedtheabilitytorsync withouthavingtoenterthepassword. Todothat,setupssh password less login asweexplainedearlier.
Example5.SynchronizeFilesFromRemotetoLocal
Whenyouwanttosynchronizefilesfromremotetolocal,specifyremotepathinsourceandlocalpathintargetas shownbelow. $rsyncavzthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/ rpm/Basenames . sent406bytesreceived15810230bytes2432405.54bytes/sec totalsizeis45305958speedupis2.87
Example6.RemoteshellforSynchronization
rsyncallowsyoutospecifytheremoteshellwhichyouwanttouse.Youcanusersyncsshtoenablethesecured remoteconnection. Usersyncesshtospecifywhichremoteshelltouse.Inthiscase,rsyncwillusessh. $rsyncavzesshthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/ rpm/Basenames
sent406bytesreceived15810230bytes2432405.54bytes/sec totalsizeis45305958speedupis2.87
Example7.DoNotOverwritetheModifiedFilesattheDestination
Inatypicalsyncsituation,ifafileismodifiedatthedestination,wemightnotwanttooverwritethefilewiththe oldfilefromthesource. Usersyncuoptiontodoexactlythat.(i.edonotoverwriteafileatthedestination,ifitismodified).Inthe followingexample,thefilecalledBasenamesisalreadymodifiedatthedestination.So,itwillnotbeoverwritten withrsyncu. $lsl/root/temp/Basenames total39088 rwxrxrx1rootroot4096Sep211:35Basenames
$rsyncavzuthegeekstuff@192.168.200.10:/var/lib/rpm/root/temp Password: receivingfilelist...done rpm/
Example8.SynchronizeonlytheDirectoryTreeStructure(notthefiles)
Usersyncdoptiontosynchronizeonlydirectorytreefromsourcetothedestination.Thebelowexample, synchronizeonlydirectorytreeinrecursivemanner,notthefilesinthedirectories. $rsyncvdthegeekstuff@192.168.200.10:/var/lib/. Password: receivingfilelist...done logrotate.status CAM/ YaST2/ acpi/
sent240bytesreceived1830bytes318.46bytes/sec totalsizeis956speedupis0.46
Example9.ViewthersyncProgressduringTransfer
Whenyouusersyncforbackup,youmightwanttoknowtheprogressofthebackup.i.ehowmanyfilesarecopies, atwhatrateitiscopyingthefile,etc. rsyncprogressoptiondisplaysdetailedprogressofrsyncexecutionasshownbelow. $rsyncavzprogressthegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist... 19filestoconsider ./ Basenames 5357568100%14.98MB/s0:00:00(xfer#1,tocheck=17/19) Conflictname 12288100%35.09kB/s0:00:00(xfer#2,tocheck=16/19) . . . sent406bytesreceived15810211bytes2108082.27bytes/sec totalsizeis45305958speedupis2.87 Youcanalsousersnapshotutility(thatusesrsync)tobackup local linux server ,orbackup remote linux server .
Example10.DeletetheFilesCreatedattheTarget
Ifafileisnotpresentatthesource,butpresentatthetarget,youmightwanttodeletethefileatthetargetduring rsync. Inthatcase,usedeleteoptionasshownbelow.rsyncdeleteoptiondeletesfilesthatarenotthereinsource directory. #Sourceandtargetareinsync.Nowcreatingnewfileatthetarget. $>newfile.txt
$rsyncavzdeletethegeekstuff@192.168.200.10:/var/lib/rpm/.
Targethasthenewfilecallednewfile.txt,whensynchronizewiththesourcewithdeleteoption,itremovedthefile newfile.txt
Example11.DonotCreateNewFileattheTarget
Ifyoulike,youcanupdate(Sync)onlytheexistingfilesatthetarget.Incasesourcehasnewfiles,whichisnot thereatthetarget,youcanavoidcreatingthesenewfilesatthetarget.Ifyouwantthisfeature,useexistingoption withrsynccommand. First,addanewfile.txtatthesource. [/var/lib/rpm]$>newfile.txt Next,executethersyncfromthetarget. $rsyncavzexistingroot@192.168.1.2:/var/lib/rpm/. root@192.168.1.2'spassword: receivingfilelist...done ./
sent26bytesreceived419bytes46.84bytes/sec totalsizeis88551424speedupis198991.96
Ifyouseetheaboveoutput,itdidntreceivethenewfilenewfile.txt
Example12.ViewtheChangesBetweenSourceandDestination
Thisoptionisusefultoviewthedifferenceinthefilesordirectoriesbetweensourceanddestination. Atthesource: $lsl/var/lib/rpm rwrr1rootroot53575682010062408:57Basenames rwrr1rootroot122882008052822:03Conflictname rwrr1rootroot11796482010062408:57Dirnames Atthedestination: $lsl/root/temp rwrr1rootroot12288May282008Conflictname rwrr1binbin1179648Jun2405:27Dirnames rwrr1rootroot0Sep306:39Basenames Intheaboveexample,betweenthesourceanddestination,therearetwodifferences.First,ownerandgroupofthe fileDirnamediffers.Next,sizediffersforthefileBasenames. Nowletusseehowrsyncdisplaysthisdifference.ioptiondisplaystheitemchanges. $rsyncavzithegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done >f.st....Basenames .f....og.Dirnames
sent48bytesreceived2182544bytes291012.27bytes/sec totalsizeis45305958speedupis20.76
Example13.IncludeandExcludePatternduringFileTransfer
rsyncallowsyoutogivethepatternyouwanttoincludeandexcludefilesordirectorieswhiledoing synchronization. $rsyncavzinclude'P*'exclude'*'thegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done ./ Packages Providename Provideversion Pubkeys
sent129bytesreceived10286798bytes2285983.78bytes/sec totalsizeis32768000speedupis3.19
Intheaboveexample,itincludesonlythefilesordirectoriesstartingwithP(usingrsyncinclude)andexcludesall otherfiles.(usingrsyncexclude*)
Example14.DoNotTransferLargeFiles
Youcantellrsyncnottotransferfilesthataregreaterthanaspecificsizeusingrsyncmaxsizeoption. $rsyncavzmaxsize='100K'thegeekstuff@192.168.200.10:/var/lib/rpm//root/temp/ Password: receivingfilelist...done ./ Conflictname Group Installtid Name Sha1header Sigmd5 Triggername
sent252bytesreceived123081bytes18974.31bytes/sec totalsizeis45305958speedupis367.35
maxsize=100Kmakesrsynctotransferonlythefilesthatarelessthanorequalto100K.YoucanindicateMfor megabytesandGforgigabytes.
Example15.TransfertheWholeFile
Oneofthemainfeatureofrsyncisthatittransfersonlythechangedblocktothedestination,insteadofsendingthe wholefile. Ifnetworkbandwidthisnotanissueforyou(butCPUis),youcantransferthewholefile,usingrsyncWoption. Thiswillspeedupthersyncprocess,asitdoesnthavetoperformthechecksumatthesourceanddestination.
#rsyncavzWthegeekstuff@192.168.200.10:/var/lib/rpm//root/temp Password: receivingfilelist...done ./ Basenames Conflictname Dirnames Filemd5s Group Installtid Name sent406bytesreceived15810211bytes2874657.64bytes/sec totalsizeis45305958speedupis2.87
AdditionalrsyncTutorials
Rule#1:BackupEverything(andvalidatethebackupregularly)
Experiencedsysadminknowsthatproductionsystemwillcrashsomeday,nomatterhowproactivewe are.Thebestwaytobepreparedforthatsituationistohaveavalidbackup. Ifyoudonthaveabackupofyourcriticalsystems,youshouldstartplanningforitimmediately. Whileplanningforabackup,keepthefollowingfactorsinyourmind: Whatsoftware(orcustomscript?)youwouldusetotakeabackup? Doyouhaveenoughdiskspacetokeepthebackup? Howoftenwouldyourotatethebackups? Apartfromfullbackup,doyoualsoneedregularincrementalbackup? Howwouldyouexecuteyourbackup?i.eUsingcrontaborsomeotherschedulers? Ifyoudonthaveabackupofyourcriticalsystems,stopreadingthisarticleandgetbacktowork. Startplanningforyourbackupimmediately. Awhilebackinoneoftheresearchconductedbysomegroup(dontrememberwhodidthat),I remembertheymentionedthatonly70%oftheproductionapplicationsaregettingbackedup.Out ofthose,30%ofthebackupsareinvalidorcorrupted. AssumethatSamtakesbackupofthecriticalapplicationsregularly,butdoesntvalidatehisbackup. However,Jackdoesntevenbothertotakeanybackupofhiscriticalapplications.Itmightsoundlike SamwhohasabackupisinmuchbettershapethanJackwhodoesntevenhaveabackup.Inmy opinion,bothSamandJackareinthesamesituation,asSamnevervalidatedhisbackuptomake sureitcanberestoredwhenthereisadisater. Ifyouareasysadminanddontwanttofollowthisgoldenrule#1(orliketobreakthisrule),you shouldseriouslyconsiderquittingsysadminjobandbecomeadeveloper.
Rule#2:MastertheCommandLine(andavoidtheUIifpossible)
ThereisnotasingletaskonaUnix/Linuxserver,thatyoucannotperformfromcommandline. Whiletherearesomeuserinterfaceavailabletomakesomeofthesysadmintaskeasy,youreally dontneedthemandshouldbeusingcommandlineallthetime. So,ifyouareaLinuxsysadmin,youshouldmasterthecommandline. Onanysystem,ifyouwanttobeveryfluentandproductive,youshouldmasterthecommandline. ThemaindifferencebetweenaWindowssysadminandLinuxsysadminisGUIVsCommandline. Windowssysadminarenotverycomfortablewithcommandline.Linuxsysadminshouldbevery comfortablewithcommandline. EvenwhenyouhaveaUItodocertaintask,youshouldstillprefercommandline,asyouwould understandhowaparticularserviceworks,ifyoudoitfromthecommandline.Inlotofproduction serverenvironment,sysadminstypicallyuninstallallGUIrelatedservicesandtools. IfyouareUnix/Linuxsysadminanddontwanttofollowthisrule,probablythereisadeepdesire insideyoutobecomeaWindowssysadmin.
Rule#3:AutomateEverything(andbecomelazy)
Lazysysadministhebestsysadmin. ThereisnotevenasinglesysadminthatIknowof,wholikestobreakthisrule.Thatmighthave somethingtodowiththelazypart. Takefewminutestothinkandlistoutalltheroutinetasksthatyoumightdodaily,weeklyor monthly.Onceyouhavethatlist,figureouthowyoucanautomatethose.Thebestsysadmintypically doesntliketobebusy.Hewouldratherberelaxedandletthesystemdothejobforhim. 4. User and group disk quota :Thisarticleexplainshowtosetupuserandgroupquotewithsoft limit,hardlimitandgraceperiod.Forexample,ifyouspecify2GBashardlimit,userwillnotbeable tocreatenewfilesafter2GB. 5StepstoSetupUserandGroupDiskQuotaonUNIX/Linux OnLinux,youcansetupdiskquotausingoneofthefollowingmethods: Filesystembasediskquotaallocation Userorgroupbaseddiskquotaallocation Ontheuserorgroupbasedquota,followingarethreeimportantfactorstoconsider: HardlimitForexample,ifyouspecify2GBashardlimit,userwillnotbeabletocreatenewfiles after2GB SoftlimitForexample,ifyouspecify1GBassoftlimit,userwillgetawarningmessagediskquota exceeded,oncetheyreach1GBlimit.But,theyllstillbeabletocreatenewfilesuntiltheyreachthe hardlimit GracePeriodForexample,ifyouspecify10daysasagraceperiod,afteruserreachtheirhardlimit, theywouldbeallowedadditional10daystocreatenewfiles.Inthattimeperiod,theyshouldtryto getbacktothequotalimit.
1.Enablequotacheckonfilesystem
First,youshouldspecifywhichfilesystemareallowedforquotacheck.
Reboottheserveraftertheabovechange.
2.InitialquotacheckonLinuxfilesystemusingquotacheck
Onceyouveenableddiskquotacheckonthefilesystem,collectallquotainformationinitiallyas shownbelow.
#quotacheckavug quotacheck:Scanning/dev/sda3[/home]done quotacheck:Checked5182directoriesand31566files quotacheck:Oldfilenotfound. quotacheck:Oldfilenotfound.
3.Assigndiskquotatoauserusingedquotacommand
Usetheedquotacommandasshownbelow,toeditthequotainformationforaspecificuser. Forexample,tochangethediskquotaforuserramesh,useedquotacommand,whichwillopenthe soft,hardlimitvaluesinaneditorasshownbelow.
#edquotaramesh Diskquotasforuserramesh(uid500): Filesystemblockssofthardinodessofthard /dev/sda3141935200168600
4.Reportthediskquotausageforusersandgroupusingrepquota
#repquota/home ***Reportforuserquotasondevice/dev/sda3 Blockgracetime:7days;Inodegracetime:7days BlocklimitsFilelimits Userusedsofthardgraceusedsofthardgrace
Usetherepquotacommandasshownbelowtoreportthediskquotausagefortheusersandgroups.
5.Addquotachecktodailycronjob
Addthequotachecktothedailycronjob.Createaquotacheckfileasshownbelowunderthe /etc/cron.dailydirectory,thatwillrunthequotacheckcommandeveryday.Thiswillsendtheoutput ofthequotacheckcommandtorootemailaddress.
#cat/etc/cron.daily/quotacheck quotacheckavug
TroubleshootingUsingdmesgCommandinUnix andLinux
Duringsystembootupprocess,kernelgetsloadedintothememoryanditcontrolstheentiresystem. Whenthesystembootsup,itprintsnumberofmessagesonthescreenthatdisplaysinformationaboutthehardware devicesthatthekerneldetectsduringbootprocess. Thesemessagesareavailableinkernelringbufferandwheneverthenewmessagecomestheoldmessagegets overwritten.Youcouldseeallthosemessagesafterthesystembootupusingthedmesgcommand.
1.ViewtheBootMessages
Byexecutingthedmesgcommand,youcanviewthehardwaresthataredetectedduringbootupprocessandits configurationdetails.Therearelotofusefulinformationdisplayedindmesg.Justbrowsethroughthemlinebyline andtrytounderstandwhatitmeans.Onceyouhaveanideaofthekindofmessagesitdisplays,youmightfindit helpfulfortroubleshooting,whenyouencounteranissue. #dmesg|more Bluetooth:L2CAPver2.8 eth0:noIPv6routerspresent bnx2:eth0NICCopperLinkisDown usb15.2:USBdisconnect,address5 bnx2:eth0NICCopperLinkisUp,100Mbpsfullduplex Aswediscussedearlier,youcanalsoviewhardware information using dmidecode .
2.ViewAvailableSystemMemory
Youcanalsoviewtheavailablememoryfromthedmesgmessagesasshownbelow. #dmesg|grepMemory Memory:57703772k/60817408kavailable(2011kkernelcode,1004928kreserved,915kdata,208kinit)
3.ViewEthernetLinkStatus(UP/DOWN)
Intheexamplebelow,dmesgindicatesthattheeth0linkisinactivestateduringthebootitself. #dmesg|grepeth eth0:BroadcomNetXtremeIIBCM57091000BaseT(C0)PCIExpressfoundatmem96000000,IRQ169,nodeaddr
4.ChangethedmesgBufferSizein/boot/configfile
Linuxallowstoyouchangethedefaultsizeofthedmesgbuffer.TheCONFIG_LOG_BUF_SHIFTparameterinthe /boot/config2.6.18194.el5file(orsimilarfileonyoursystem)canbechangedtomodifythedmesgbuffer. Thebelowvalueisinthepowerof2.So,thebuffersizeinthisexamplewouldbe262144bytes.Youcanmodifythe buffersizebasedonyourneed(SUSE/REDHAT). #grepCONFIG_LOG_BUF_SHIFT/boot/config`unamer` CONFIG_LOG_BUF_SHIFT=18
5.ClearMessagesindmesgBuffer
Sometimesyoumightwanttoclearthedmesgmessagesbeforeyournextreboot.Youcanclearthedmesgbufferas shownbelow. #dmesgc
#dmesg
6.dmesgtimestamp:DateandTimeofEachBootMessageindmesg
Bydefaultthedmesgdonthavethetimestampassociatedwiththem.HoweverLinuxprovidesawaytoseethedate andtimeforeachbootmessagesindmesginthe/var/log/kern.logfileasshownbelow. klogdserviceshouldbeenabledandconfiguredproperlytologthemessagesin/var/log/kern.logfile. #dmesg|grep"L2cache" [0.014681]CPU:L2cache:2048K
#grep"L2cache"kern.log.1 Oct1823:55:40ubuntukernel:[0.014681]CPU:L2cache:2048K
RPMCommand:15ExamplestoInstall,Uninstall,Upgrade,QueryRPM Packages
Linuxsystem. RPMstandsforRedHatPackageManager.
RPMcommandisusedforinstalling,uninstalling,upgrading,querying,listing,andcheckingRPMpackagesonyour
1.InstallingaRPMpackageUsingrpmivh
RPMfilenamehaspackagename,version,releaseandarchitecturename. Forexample,IntheMySQLclient3.23.571.i386.rpmfile:
MySQLclientPackageName 3.23.57Version 1Release i386Architecture WhenyouinstallaRPM,itcheckswhetheryoursystemissuitableforthesoftwaretheRPMpackagecontains, figuresoutwheretoinstallthefileslocatedinsidetherpmpackage,installsthemonyoursystem,andaddsthat pieceofsoftwareintoitsdatabaseofinstalledRPMpackages. ThefollowingrpmcommandinstallsMysqlclientpackage. #rpmivhMySQLclient3.23.571.i386.rpm Preparing...###########################################[100%] 1:MySQLclient###########################################[100%] rpmcommandandoptions i:installapackage v:verbose h:printhashmarksasthepackagearchiveisunpacked. Youcanalsousedpkg on Debian ,pkgadd on Solaris ,depot on HPUX toinstallpackages.
2.QueryalltheRPMPackagesusingrpmqa
Youcanuserpmcommandtoqueryallthepackagesinstalledinyoursystem. #rpmqa cdrecord2.0110.7.el5 bluezlibs3.71.1 setarch2.01.1 . . qqueryoperation aqueriesallinstalledpackages Toidentifywhetheraparticularrpmpackageisinstalledonyoursystem,combinerpmandgrepcommandas shownbelow.Followingcommandcheckswhethercdrecordpackageisinstalledonyoursystem. #rpmqa|grep'cdrecord'
3.QueryaParticularRPMPackageusingrpmq
Theaboveexamplelistsallcurrentlyinstalledpackage.Afterinstallationofapackagetochecktheinstallation,you canqueryaparticularpackageandverifyasshownbelow. #rpmqMySQLclient MySQLclient3.23.571
#rpmqMySQL packageMySQLisnotinstalled
Note:Toqueryapackage,youshouldspecifytheexactpackagename.Ifthepackagenameisincorrect,thenrpm commandwillreportthatthepackageisnotinstalled.
4.QueryRPMPackagesinavariousformatusingrpmqueryformat
Rpmcommandprovidesanoptionqueryformat,whichallowsyoutogivetheheadertagnames,tolistthe packages.Enclosetheheadertagwithin{}. #rpmqaqueryformat'%{name%{version}%{release}%{size}\n' cdrecord2.0110.712324 bluezlibs3.71.15634
setarch2.01.1235563 . . #
5.WhichRPMpackagedoesafilebelongto?Userpmqf
Letussay,youhavelistoffilesandyouwouldwanttoknowwhichpackageownsallthesefiles.rpmcommandhas optionstoachievethis. Thefollowingexampleshowsthat/usr/bin/mysqlaccessfileispartoftheMySQLclient3.23.571rpm. #rpmqf/usr/bin/mysqlaccess MySQLclient3.23.571 f:filename
6.Locatedocumentationofapackagethatownsfileusingrpmqdf
Usethefollowingtoknowthelistofdocumentations,forapackagethatownsafile.Thefollowingcommand,gives thelocationofallthemanualpagesrelatedtomysqlpackage. #rpmqdf/usr/bin/mysqlaccess /usr/share/man/man1/mysql.1.gz /usr/share/man/man1/mysqlaccess.1.gz /usr/share/man/man1/mysqladmin.1.gz /usr/share/man/man1/mysqldump.1.gz /usr/share/man/man1/mysqlshow.1.gz d:refersdocumentation.
7.InformationaboutInstalledRPMPackageusingrpmqi
rpmcommandprovidesalotofinformationaboutaninstalledpacakgeusingrpmqiasshownbelow: #rpmqiMySQLclient Name:MySQLclientRelocations:(notrelocatable) Version:3.23.57Vendor:MySQLAB Release:1BuildDate:Mon09Jun200311:08:28PMCEST InstallDate:Mon06Feb201003:19:16AMPSTBuildHost:build.mysql.com Group:Applications/DatabasesSourceRPM:MySQL3.23.571.src.rpm Size:5305109License:GPL/LGPL Signature:(none) Packager:LenzGrimmer URL:http://www.mysql.com/ Summary:MySQLClient Description:ThispackagecontainsthestandardMySQLclients. IfyouhaveanRPMfilethatyouwouldliketoinstall,butwanttoknowmoreinformationaboutitbeforeinstalling, youcandothefollowing: #rpmqipMySQLclient3.23.571.i386.rpm Name:MySQLclientRelocations:(notrelocatable) Version:3.23.57Vendor:MySQLAB Release:1BuildDate:Mon09Jun200311:08:28PMCEST InstallDate:(notinstalled)BuildHost:build.mysql.com Group:Applications/DatabasesSourceRPM:MySQL3.23.571.src.rpm Size:5305109License:GPL/LGPL Signature:(none) Packager:LenzGrimmer URL:http://www.mysql.com/
Summary:MySQLClient Description:ThispackagecontainsthestandardMySQLclients.
i:viewinformationaboutanrpm p:specifyapackagename
8.ListalltheFilesinaPackageusingrpmqlp
TolistthecontentofaRPMpackage,usethefollowingcommand,whichwilllistoutthefileswithoutextracting intothelocaldirectoryfolder. $rpmqlpovpc2.1.10.rpm /usr/bin/mysqlaccess /usr/bin/mysqldata /usr/bin/mysqlperm . . /usr/bin/mysqladmin q:querytherpmfile l:listthefilesinthepackage p:specifythepackagename Youcanalsoextract files from RPM package using rpm2cpio aswediscussedearlier.
9.ListtheDependencyPackagesusingrpmqRP
Toviewthelistofpackagesonwhichthispackagedepends, #rpmqRpMySQLclient3.23.571.i386.rpm /bin/sh /usr/bin/perl
10.Findoutthestateoffilesinapackageusingrpmqsp
Thefollowingcommandistofindstate(installed,replacedornormal)forallthefilesinaRPMpackage. #rpmqspMySQLclient3.23.571.i386.rpm normal/usr/bin/msql2mysql normal/usr/bin/mysql normal/usr/bin/mysql_find_rows normal/usr/bin/mysqlaccess normal/usr/bin/mysqladmin normal/usr/bin/mysqlbinlog normal/usr/bin/mysqlcheck normal/usr/bin/mysqldump normal/usr/bin/mysqlimport normal/usr/bin/mysqlshow normal/usr/share/man/man1/mysql.1.gz normal/usr/share/man/man1/mysqlaccess.1.gz normal/usr/share/man/man1/mysqladmin.1.gz normal/usr/share/man/man1/mysqldump.1.gz normal/usr/share/man/man1/mysqlshow.1.gz
11.VerifyaParticularRPMPackageusingrpmVp
Verifyingapackagecomparesinformationabouttheinstalledfilesinthepackagewithinformationaboutthefiles takenfromthepackagemetadatastoredintherpmdatabase.Inthefollowingcommand,Visforverificationand poptionisusedtospecifyapackagenametoverify. #rpmVpMySQLclient3.23.571.i386.rpm S.5....Tc/usr/bin/msql2mysql
12.VerifyaPackageOwningfileusingrpmVf
Thefollowingcommandverifythepackagewhichownsthegivenfilename. #rpmVf/usr/bin/mysqlaccess S.5....Tc/usr/bin/mysql #
13.UpgradingaRPMPackageusingrpmUvh
Upgradingapackageissimilartoinstallingone,butRPMautomaticallyuninstallsexistingversionsofthepackage beforeinstallingthenewone.Ifanoldversionofthepackageisnotfound,theupgradeoptionwillstillinstallit. #rpmUvhMySQLclient3.23.571.i386.rpm Preparing...###########################################[100%] 1:MySQLclient###########################################
14.UninstallingaRPMPackageusingrpme
Toremoveaninstalledrpmpackageusingeasshownbelow.Afteruninstallation,youcanqueryusingrpmqaand verifytheuninstallation. #rpmevMySQLclient
15.VerifyingalltheRPMPackagesusingrpmVa
Thefollowingcommandverifiesalltheinstalledpackages. #rpmVa S.5....Tc/etc/issue S.5....Tc/etc/issue.net S.5....Tc/var/service/imap/ssl/seed S.5....Tc/home/httpd/html/horde/ingo/config/backends.php . . S.5....Tc/home/httpd/html/horde/ingo/config/prefs.php S.5....Tc/etc/printcap
UNIX/Linux:10NetstatCommandExamples
Netstatcommanddisplaysvariousnetworkrelatedinformationsuchasnetworkconnections,routingtables, interfacestatistics,masqueradeconnections,multicastmembershipsetc., Inthisarticle,letusreview10practicalunixnetstatcommandexamples.
1.ListAllPorts(bothlisteningandnonlisteningports)
Listallportsusingnetstata #netstata|more ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN udp00*:bootpc*:*
ActiveUNIXdomainsockets(serversandestablished) ProtoRefCntFlagsTypeStateINodePath unix2[ACC]STREAMLISTENING6135/tmp/.X11unix/X0 unix2[ACC]STREAMLISTENING5140/var/run/acpid.socket
Listalltcpportsusingnetstatat #netstatat ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN tcp00localhost:ipp*:*LISTEN tcp00*:smtp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN Listalludpportsusingnetstatau #netstatau ActiveInternetconnections(serversandestablished) ProtoRecvQSendQLocalAddressForeignAddressState udp00*:bootpc*:* udp00*:49119*:* udp00*:mdns*:*
2.ListSocketswhichareinListeningState
Listonlylisteningportsusingnetstatl #netstatl ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:ipp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN udp00*:49119*:* ListonlylisteningTCPPortsusingnetstatlt #netstatlt ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00localhost:30037*:*LISTEN tcp00*:smtp*:*LISTEN tcp600localhost:ipp[::]:*LISTEN
ListonlylisteningUDPPortsusingnetstatlu #netstatlu ActiveInternetconnections(onlyservers) ProtoRecvQSendQLocalAddressForeignAddressState udp00*:49119*:* udp00*:mdns*:* ListonlythelisteningUNIXPortsusingnetstatlx #netstatlx ActiveUNIXdomainsockets(onlyservers) ProtoRefCntFlagsTypeStateINodePath unix2[ACC]STREAMLISTENING6294private/maildrop unix2[ACC]STREAMLISTENING6203public/cleanup unix2[ACC]STREAMLISTENING6302private/ifmail unix2[ACC]STREAMLISTENING6306private/bsmtp
3.Showthestatisticsforeachprotocol
Showstatisticsforallportsusingnetstats #netstats Ip: 11150totalpacketsreceived 1withinvalidaddresses 0forwarded 0incomingpacketsdiscarded 11149incomingpacketsdelivered 11635requestssentout Icmp: 0ICMPmessagesreceived 0inputICMPmessagefailed. Tcp: 582activeconnectionsopenings 2failedconnectionattempts 25connectionresetsreceived Udp: 1183packetsreceived 4packetstounknownportreceived. ..... ShowstatisticsforTCP(or)UDPportsusingnetstatst(or)su #netstatst
#netstatsu
4.DisplayPIDandprogramnamesinnetstatoutputusingnetstatp
netstatpoptioncanbecombinedwithanyothernetstatoption.ThiswilladdthePID/ProgramNametothe netstatoutput.Thisisveryusefulwhiledebuggingtoidentifywhichprogramisrunningonaparticularport. #netstatpt ActiveInternetconnections(w/oservers) ProtoRecvQSendQLocalAddressForeignAddressStatePID/Programname tcp10rameshlaptop.loc:47212192.168.185.75:wwwCLOSE_WAIT2109/firefox tcp00rameshlaptop.loc:52750lax:wwwESTABLISHED2109/firefox
5.Dontresolvehost,portandusernameinnetstatoutput
Whenyoudontwantthenameofthehost,portorusertobedisplayed,usenetstatnoption.Thiswilldisplayin
6.Printnetstatinformationcontinuously
netstatwillprintinformationcontinuouslyeveryfewseconds. #netstatc ActiveInternetconnections(w/oservers) ProtoRecvQSendQLocalAddressForeignAddressState tcp00rameshlaptop.loc:36130101101181225.ama:wwwESTABLISHED tcp11rameshlaptop.loc:52564101.11.169.230:wwwCLOSING tcp00rameshlaptop.loc:43758server101101432:wwwESTABLISHED tcp11rameshlaptop.loc:42367101.101.34.101:wwwCLOSING ^C
7.FindthenonsupportiveAddressfamiliesinyoursystem
netstatverbose
8.Displaythekernelroutinginformationusingnetstatr
#netstatr KernelIProutingtable DestinationGatewayGenmaskFlagsMSSWindowirttIface 192.168.1.0*255.255.255.0U000eth2 linklocal*255.255.0.0U000eth2 default192.168.1.10.0.0.0UG000eth2
Note:Usenetstatrntodisplayroutesinnumericformatwithoutresolvingforhostnames.
9.Findoutonwhichportaprogramisrunning
#netstatap|grepssh (Notallprocessescouldbeidentified,nonownedprocessinfo willnotbeshown,youwouldhavetoberoottoseeitall.) tcp10devdb:ssh101.174.100.22:39213CLOSE_WAIT tcp10devdb:ssh101.174.100.22:57643CLOSE_WAIT
Findoutwhichprocessisusingaparticularport: #netstatan|grep':80'
10.Showthelistofnetworkinterfaces
#netstati KernelInterfacetable IfaceMTUMetRXOKRXERRRXDRPRXOVRTXOKTXERRTXDRPTXOVRFlg eth01500000000000BMU
eth2150002619600026883600BMRU lo16436040004000LRU
Displayextendedinformationontheinterfaces(similartoifconfig)usingnetstatie: #netstatie KernelInterfacetable eth0Linkencap:EthernetHWaddr00:10:40:11:11:11 UPBROADCASTMULTICASTMTU:1500Metric:1 RXpackets:0errors:0dropped:0overruns:0frame:0 TXpackets:0errors:0dropped:0overruns:0carrier:0 collisions:0txqueuelen:1000 RXbytes:0(0.0B)TXbytes:0(0.0B) Memory:f6ae0000f6b00000
HowToManagePackagesUsingaptget,aptcache,aptfileanddpkg Commands(With13PracticalExamples)
Debianbasedsystems(includingUbuntu)usesapt*commandsformanagingpackagesfromthecommandline. Inthisarticle,usingApache2installationasanexample,letusreviewhowtouseapt*commandstoview,install, remove,orupgradepackages.
1.aptcachesearch:SearchRepositoryUsingPackageName
IfyouareinstallingApache2,youmayguessthatthepackagenameisapache2.Toverifywhetheritisavalid packagename,youmaywanttosearchtherepositoryforthatparticularpackagenameasshownbelow. Thefollowingexampleshowshowtosearchtherepositoryforaspecificpackagename. $aptcachesearch^apache2$ apache2ApacheHTTPServermetapackage
2.aptcachesearch:SearchRepositoryUsingPackageDescription
Ifyoudontknowtheexactnameofthepackage,youcanstillsearchusingthepackagedescriptionasshownbelow. $aptcachesearch"ApacheHTTPServer" apache2ApacheHTTPServermetapackage apache2docApacheHTTPServerdocumentation apache2mpmeventApacheHTTPServereventdrivenmodel apache2mpmpreforkApacheHTTPServertraditionalnonthreadedmodel apache2mpmworkerApacheHTTPServerhighspeedthreadedmodel apache2.2commonApacheHTTPServercommonfiles
3.aptfilesearch:SearchRepositoryUsingaFilenamefromthePackage
Sometimesyoumayknowtheconfigurationfilename(or)theexecutablenamefromthepackagethatyouwould liketoinstall. Thefollowingexampleshowsthatapache2.conffileispartoftheapache2.2commonpackage.Searchthe repositorywithaconfigurationfilenameusingaptfilecommandasshownbelow. $aptfilesearchapache2.conf
apache2.2common:/etc/apache2/apache2.conf apache2.2common:/usr/share/doc/apache2.2common/examples/apache2/apache2.conf.gz
4.aptcacheshow:BasicInformationAboutaPackage
Followingexampledisplaysbasicinformationaboutapache2package. $aptcacheshowapache2 Package:apache2 Priority:optional Maintainer:UbuntuCoreDevelopers OriginalMaintainer:DebianApacheMaintainers Version:2.2.112ubuntu2.3 Depends:apache2mpmworker(>=2.2.112ubuntu2.3) |apache2mpmprefork(>=2.2.112ubuntu2.3) |apache2mpmevent(>=2.2.112ubuntu2.3) Filename:pool/main/a/apache2/apache2_2.2.112ubuntu2.3_all.deb Size:46350 Description:ApacheHTTPServermetapackage TheApacheSoftwareFoundation'sgoalistobuildasecure,efficientand extensibleHTTPserverasstandardscompliantopensourcesoftware. Homepage:http://httpd.apache.org/
5.aptcacheshowpkg:DetailedInformationAboutaPackage
aptcacheshowdisplaysbasicinformationaboutapackage.Useaptcacheshowpkgtodisplaydetailed
informationaboutapackageasshownbelow. $aptcacheshowpkgapache2 Package:apache2 Versions: 2.2.112ubuntu2.3(/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jauntyupdates_main_binaryi386_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_jauntysecurity_main_binaryi386_Packages) DescriptionLanguage: File:/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_jauntyupdates_main_binaryi386_Packages MD5:d24f049cd70ccfc178dd8974e4b1ed01 ReverseDepends: squirrelmail,apache2 squid3cgi,apache2 phpmyadmin,apache2 maharaapache2,apache2 ipplan,apache2 Dependencies: 2.2.112ubuntu2.3apache2mpmworker(182.2.112ubuntu2.3)apache2mpmprefork(182.2.112ubuntu2.3) apache2mpmevent(22.2.112ubuntu2.3) 2.2.112ubuntu2apache2mpmworker(182.2.112ubuntu2)apache2mpmprefork(182.2.112ubuntu2)apache2 mpmevent(22.2.112ubuntu2) Provides: 2.2.112ubuntu2.3 2.2.112ubuntu2 ReverseProvides: apache2mpmitk2.2.6021build4.3 apache2mpmworker2.2.112ubuntu2.3 apache2mpmprefork2.2.112ubuntu2.3 apache2mpmprefork2.2.112ubuntu2 apache2mpmevent2.2.112ubuntu2
6.aptfilelist:ListalltheFilesLocatedInsideaPackage
Useaptfilelisttodisplayallthefileslocatedinsidetheapache2packageasshownbelow. $aptfilelistapache2|more apache2:/usr/share/bug/apache2/control apache2:/usr/share/bug/apache2/script apache2:/usr/share/doc/apache2/NEWS.Debian.gz apache2:/usr/share/doc/apache2/README.Debian.gz apache2:/usr/share/doc/apache2/changelog.Debian.gz ...
7.aptcachedepends:ListallDependentPackages
Beforeinstallation,ifyouliketoviewallthedependentpackages,useaptcachedependsasshownbelow. $aptcachedependsapache2 apache2 |Depends:apache2mpmworker |Depends:apache2mpmprefork Depends:apache2mpmevent
8.dpkgl:IsthePackageAlreadyInstalled?
Beforeinstallingapackage,youmaywanttomakesureitisnotalreadyinstalledasshownbelowusingdpkgl command. $dpkgl|grepiapache
9.aptgetinstall:InstallaPackage
10.dpkgl:VerifyWhetherthePackagegotSuccessfullyInstalled
Afterinstallingthepackage,usedpkgltomakesureitgotinstalledsuccessfully. $dpkgl|grepapache iiapache22.2.112ubuntu2.3ApacheHTTPServermetapackage iiapache2mpmworker2.2.112ubuntu2.3ApacheHTTPServerhighspeedthreadedmod iiapache2utils2.2.112ubuntu2.3utilityprogramsforwebservers iiapache2.2common2.2.112ubuntu2.3ApacheHTTPServercommonfiles
11.aptgetremove:DeleteaPackage
Useaptgetpurgeoraptgetremovetodeleteapackageasshownbelow. $sudoaptgetpurgeapache2
(or) $sudoaptgetremoveapache2 Thefollowingpackageswereautomaticallyinstalledandarenolongerrequired: apache2utilslinuxheaders2.6.2811libapr1apache2.2common linuxheaders2.6.2811genericapache2mpmworkerlibpq5libaprutil1
aptgetremovewillnotdeletetheconfigurationfilesofthepackage aptgetpurgewilldeletetheconfigurationfilesofthepackage
12.aptgetuinstall:UpgradeaSpecificPackage
Thefollowingexampleshowshowtoupgradeonespecificpackage. $sudoaptgetuinstallapache2 Readingpackagelists...Done Buildingdependencytree Readingstateinformation...Done apache2isalreadythenewestversion. Thefollowingpackageswereautomaticallyinstalledandarenolongerrequired: linuxheaders2.6.2811linuxheaders2.6.2811generic Use'aptgetautoremove'toremovethem. 0upgraded,0newlyinstalled,0toremoveand26notupgraded.
13.aptgetuupgrade:UpgradeallPackages
Toupgradeallthepackagestoitslatestversion,useaptgetuupgradeasshownbelow. $sudoaptgetuupgrade Thefollowingpackageswillbeupgraded: libglib2.00libglib2.0datalibicu38libsmbclientlibwbclient0 openoffice.orgbasecoreopenoffice.orgcalcopenoffice.orgcommon openoffice.orgcoreopenoffice.orgdrawopenoffice.orgemailmerge openoffice.orggnomeopenoffice.orggtkopenoffice.orgimpress openoffice.orgmathopenoffice.orgstylehumanopenoffice.orgwriter pythonunosambacommonsmbclientttfopensymboltzdata 26upgraded,0newlyinstalled,0toremoveand0notupgraded.
LinuxmodprobeCommandExamplestoView,Install,RemoveModules
modprobeutilityisusedtoaddloadablemodulestotheLinuxkernel.Youcanalsoviewandremove modulesusingmodprobecommand. Linuxmaintains/lib/modules/$(unamer)directoryformodulesanditsconfigurationfiles(except /etc/modprobe.confand/etc/modprobe.d). InLinuxkernel2.6,the.komodulesareusedinsteadof.ofilessincethathasadditionalinformation thatthekernelusestoloadthemodules.Theexampleinthisarticlearedonewithusingmodprobe onUbuntu.
1.ListAvailableKernelModules
modprobelwilldisplayallavailablemodulesasshownbelow.
$modprobel|less kernel/arch/x86/kernel/cpu/mcheck/mceinject.ko kernel/arch/x86/kernel/cpu/cpufreq/e_powersaver.ko kernel/arch/x86/kernel/cpu/cpufreq/p4clockmod.ko kernel/arch/x86/kernel/msr.ko kernel/arch/x86/kernel/cpuid.ko kernel/arch/x86/kernel/apm.ko kernel/arch/x86/kernel/scx200.ko kernel/arch/x86/kernel/microcode.ko kernel/arch/x86/crypto/aesi586.ko kernel/arch/x86/crypto/twofishi586.ko
2.ListCurrentlyLoadedModules
Whiletheabovemodprobecommandshowsallavailablemodules,lsmodcommandwilldisplayall modulesthatarecurrentlyloadedintheLinuxkernel.
$lsmod|less soundcore72641snd ppdev66880 snd_page_alloc91561snd_pcm psmouse561800 lp89640
3.InstallNewmodulesintoLinuxKernel
Inordertoinsertanewmoduleintothekernel,executethemodprobecommandwiththemodule name. FollowingexampleloadsvmhgfsmoduletoLinuxkernelonUbuntu.
$sudomodprobevmhgfs
Onceamoduleisloaded,verifyitusinglsmodcommandasshownbelow.
$lsmod|grepvmhgfs vmhgfs507720
Themodulefilesarewith.koextension.IfyouliketoknowthefullfilelocationofaspecificLinux kernelmodule,usemodprobecommandanddoagrepofthemodulenameasshownbelow.
$modprobe|grepvmhgfs misc/vmhgfs.ko $cd/lib/modules/2.6.3114generic/misc $lsvmhgfs* vmhgfs.ko
Note:YoucanalsouseinsmodforinstallingnewmodulesintotheLinuxkernel.
4.LoadNewModuleswiththeDifferentNametoAvoidConflicts
vm_hgfs507720
5.RemovetheCurrentlyLoadedModule
IfyouveloadedamoduletoLinuxkernelforsometestingpurpose,youmightwanttounload (remove)itfromthekernel. Usemodproberoptiontounloadamodulefromthekernelasshownbelow.
modprobervmhgfs
1.ListEthernetDeviceProperties
Whenyouexecuteethtoolcommandwithadevicename,itdisplaysthefollowinginformationabout theethernetdevice.
#ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Advertisedautonegotiation:Yes Speed:100Mb/s Duplex:Full Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:on SupportsWakeon:d Wakeon:d Linkdetected:yes
2.ChangeNICParameterUsingethtoolOptionsautoneg
Theaboveethtooleth0outputdisplaysthattheAutonegotiationparameterisinenabledstate.You
candisablethisusingautonegoptionintheethtoolasshownbelow.
#ifdowneth0 eth0device:BroadcomCorporationNetXtremeIIBCM5709GigabitEthernet(rev20) eth0configuration:ethbuspci0000:0b:00.0 #ethtoolseth0autonegoff #ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:Unknown!(65535) Duplex:Unknown!(255) Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g Linkdetected:no #ifupeth0
Aftertheabovechange,youcouldseethatthelinkdetectionvaluechangedtodownandauto negotiationisinoffstate.
3.ChangetheSpeedofEthernetDevice
#ethtoolseth0speed100autonegoff
Usingethtoolyoucanchangethespeedoftheethernetdevicetoworkwiththecertainnetwork devices,andthenewlyassignspeedvalueshouldbewithinthelimitedcapacity.
#ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:Unknown!(65535) Duplex:Unknown!(255) Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g
Linkdetected:no
Onceyouchangethespeedwhentheadapterisonline,itautomaticallygoesoffline,andyouneedto bringitbackonlineusingifupcommand.
#ifupeth0 eth0device:BroadcomCorporationNetXtremeIIBCM5709GigabitEthernet(rev20) eth0configuration:ethbuspci0000:0b:00.0 Checkingfornetworktimeprotocoldaemon(NTPD):running #ethtooleth0 Settingsforeth0: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:Notreported Advertisedautonegotiation:No Speed:100Mb/s Duplex:Full Port:TwistedPair PHYAD:1 Transceiver:internal Autonegotiation:off SupportsWakeon:g Wakeon:g Linkdetected:yes
4.DisplayEthernetDriverSettings
#ethtoolieth0 driver:bnx2 version:2.0.1suse firmwareversion:1.9.3 businfo:0000:04:00.0
ethtoolioptiondisplaysdriverversion,firmwareversionandbusdetailsasshownbelow.
5.DisplayAutonegotiation,RXandTXofeth0
Viewtheautonegotiationdetailsaboutthespecificethernetdeviceasshownbelow.
#ethtoolaeth0 Pauseparametersforeth0: Autonegotiate:on RX:on TX:on
6.DisplayNetworkStatisticsofSpecificEthernetDevice
UseethtoolSoptiontodisplaythebytestransfered,received,errors,etc,asshownbelow.
#ethtoolSeth0 NICstatistics: rx_bytes:74356477841 rx_error_bytes:0
tx_bytes:110725861146 tx_error_bytes:0 rx_ucast_packets:104169941 rx_mcast_packets:138831 rx_bcast_packets:59543904 tx_ucast_packets:118118510 tx_mcast_packets:10137453 tx_bcast_packets:2221841 tx_mac_errors:0 tx_carrier_errors:0 rx_crc_errors:0 rx_align_errors:0 tx_single_collisions:0 tx_multi_collisions:0 tx_deferred:0 tx_excess_collisions:0 tx_late_collisions:0 tx_total_collisions:0 rx_fragments:0 rx_jabbers:0 rx_undersize_packets:0 rx_oversize_packets:0 rx_64_byte_packets:61154057 rx_65_to_127_byte_packets:55038726 rx_128_to_255_byte_packets:426962 rx_256_to_511_byte_packets:3573763 rx_512_to_1023_byte_packets:893173 rx_1024_to_1522_byte_packets:42765995 rx_1523_to_9022_byte_packets:0 tx_64_byte_packets:3633165 tx_65_to_127_byte_packets:51169838 tx_128_to_255_byte_packets:3812067 tx_256_to_511_byte_packets:113766 tx_512_to_1023_byte_packets:104081 tx_1024_to_1522_byte_packets:71644887 tx_1523_to_9022_byte_packets:0 rx_xon_frames:0 rx_xoff_frames:0 tx_xon_frames:0 tx_xoff_frames:0 rx_mac_ctrl_frames:0 rx_filtered_packets:14596600 rx_discards:0 rx_fw_discards:0
7.TroubleshoottheEthernetConnectionIssues
Whenthereisaproblemwiththenetworkconnection,youmightwanttocheck(orchange)the ethernetdeviceparametersexplainedintheaboveexamples,whenyouseefollowingissuesinthe outputofethtoolcommand. SpeedandDuplexvalueisshownasUnknown LinkdetectionvalueisshownasNo
8.IdentifySpecificDeviceFromMultipleDevices(BlinkLEDPortofNICCard)
9.MakeChangesPermanentAfterReboot
Ifyouvechangedanyethernetdeviceparametersusingtheethtool,itwillalldisappearafterthenext reboot,unlessyoudothefollowing. Onubuntu,youhavetomodify/etc/network/interfacesfileandaddallyourchangesasshown below.
#vim/etc/network/interfaces postupethtoolseth2speed1000duplexfullautonegoff
LinuxBeginnersGuidetoNFSMountUsing Exportfs
UsingNFS(NetworkFileSystem),youcanmountadiskpartitionofaremotemachineasifitisalocaldisk.This articleexplainshowtoexportafilesystemtoaremotemachineandmountitbothtemporarilyandpermanently.
1.ExportFileSystemtoRemoteServerusingexportfs
Toexportadirectorytoaremotemachine,dothefollowing. exportfsREMOTEIP:PATH REMOTEIPIPoftheremoteservertowhichyouwanttoexport. :delimiter PATHPathofdirectorythatyouwanttoexport.
2.MountRemoteServerFileSystemasaLocalStorage
Tomounttheremotefilesystemonthelocalserver,dothefollowing. mountREMOTEIP:PATHPATH Explanation REMOTEIPIPoftheremoteserverwhichexportedthefilesystem :delimeter PATHPathofdirectorywhichyouwanttoexport.
3.UnmountRemoteFileSystem
UmounttheremotefilesystemmountedonthelocalserverusingthenormalumountPATH.Formoreoptionrefer toumount command examples .
4.UnexporttheFileSystem
Youcanchecktheexportedfilesystemasshownbelow. #exportfs /publicdatawebserver.pq.net Tounexportthefilesystem,usetheuoptionasshownbelow. #exportfsuREMOTEIP:PATH Afterunexporting,checktomakesureitisnotavailableforNFSmountasshownbelow. #exportfs
5.MakeNFSExportPermanentAcrossSystemReboot
Exportcanbemadepermanentbyaddingthatentryinto/etc/exportsfile. #cat/etc/exports /publicdatawebserver.pq.net
6.MaketheMountPermanentAcrossReboot
mountcanbemadepermanentbyaddingthatentryinto/etc/fstabfile. #cat/etc/fstab webserver.pq.net:/publicdata/mydataext3defaults00
Question:WhenIinstalledtheLinuxOS,Iforgottosetthepropertimezone.HowdoI changethetimezoneonmyLinuxdistribution.IuseCentOS(RedHatLinux).But,canyouplease
Method1:ChangeTimeZoneUsing/etc/localtimeFile
#date MonSep1722:59:24UTC2010
AllUStimezonesarelocatedunderunderthe/usr/share/zoneinfo/USdirectoryasshownbelow.
#ls/usr/share/zoneinfo/US/ AlaskaArizonaEasternHawaiiMichiganPacific AleutianCentralEastIndianaIndianaStarkeMountainSamoa
Note:Forothercountrytimezones,browsethe/usr/share/zoneinfodirectory LinkthePacificfilefromtheaboveUSdirectorytothe/etc/localtimedirectoryasshownbelow.
#cd/etc #lns/usr/share/zoneinfo/US/Pacificlocaltime
NowthetimezoneonyourLinuxsystemischangedtoUSPacifictimeasshownbelow.
#date MonSep1723:10:14PDT2010
Method2:ChangeTimeZoneUsing/etc/timezoneFile
Onsomedistributions(forexample,Ubuntu),thetimezoneiscontrolledby/etc/timezonefile. Forexample,yourcurrenttimezonemightbeUSEasterntime(NewYork)asshownbelow.
#cat/etc/timezone America/New_York
TochangethistoUSPacifictime(LosAngeles),modifythe/etc/timezonefileasshownbelow.
#vim/etc/timezone America/Los_Angeles
Also,setthetimezonefromthecommandlineusingtheTZvariable.
#exportTZ=America/Los_Angeles
1.phpMyAdminPrerequisites
2.DownloadandInstallphpmyadmininApacheDocumentRoot
IdentifyyourApachesDocumentRoot.
#grepDocumentRoot/usr/local/apache2/conf/httpd.conf DocumentRoot/usr/local/apache2/htdocs
DownloadthelatestversionofphpMyAdmin.CurrentlythestableversionofphpMyAdminis3.3.7
#cd/usr/local/apache2/htdocs #tarxvfzphpMyAdmin3.3.7alllanguages.tar.gz #mvphpMyAdmin3.3.7alllanguagesphpmyadmin
3.SecurethephpmyadminDirectoryCreatephpmyuser
CreatephpmyUnixuser.
#adduserphpmy #passwdphpmy
CheckwhichuserandgroupisusedbyApache.
#egrep'User|Group'/usr/local/apache2/conf/httpd.conf Userdaemon Groupdaemon
Modifythephpmyadmindirectorysuserownershiptophpmyuser.
#cd/usr/local/apache2/htdocs
#chownRphpmy.daemonphpmyadmin/
4.UpdatephpMyAdminconfig.incfromWizard
Youneedtosetuptheconfig.incfileproperlyforphpMyAdmintowork.Youcaneithercreateand editthisfilemanually,orusetheconfigphpMyAdmininstallersetupwizard.Irecommendthatyou usethesetupwizard,asitisverystraightforward.Todothat,youshouldcreatethefollowing dummyconfig.incwithproperpermission.
#cd/usr/local/apache2/htdocs/phpmyadmin/ #mkdirconfig #chmodo+rwconfig #cpconfig.sample.inc.phpconfig/config.inc.php #chmodo+wconfig/config.inc.php
Now,invokethephpMyAdminsetupwizardfromthebrowserusingtheURL:http://{yourip address}/phpmyadmin/setup/index.php.Thiswillshowthefollowingsetupwizard. Fig:phpMyAdminSetupWizard ClickonNewServer,whichwilldisplayfollowingserverwizard. Fig:phpMyAdminCreateNewServer Filloutfollowinginformationinthenewserverscreen.Leaveotherfieldstodefaultvalues. VerboseNameoftheServerGivesomedescriptiveservername. PasswordforConfigAuthEntertheMySQLrootpasswordhere. AuthenticationTypeThedefaultselectioniscookie.Justusethat. ClickonSavetosavetheconfiguration.Youmightseefollowingwarningmessages.Ignoreitfornow. UseSSLYoushoulduseSSLconnectionsifyourwebserversupportsit PHPextensiontouseYoushouldusemysqliforperformancereasons BlowfishsecretYoudidnthaveblowfishsecretsetandhaveenabledcookieauthentication,soakey wasautomaticallygeneratedforyou.Itisusedtoencryptcookies;youdontneedtorememberit.
5.Launchphpmyadmin
InvokephpMyAdminfromthebrowserusingtheURL:http://{yourip address}/phpmyadmin/index.php IfyouveinstalledphpMyAdminonaLinuxdesktopdistribution,youcanalsoaccessphpMyAdmin usingthelocalhostURL:http://localhost/phpmyadmin/index.php LoginwithyourMySQLrootpassword.i.euserootforphpmyadminusername.UseMySQLroots passwordforphpmyadminpassword. IfyouseetheCannotloadmcryptextension.PleasecheckyourPHPconfiguration.message,you didntcompileyourPHPwithmcrypt.Makesureyouhavelibmcryptandlibmcryptdevelpackages installedonyourLinuxbeforeyoucompilePHPwithwithmcryptoption. Youwillalsoseethemessage:Directoryconfig,whichisusedbythesetupscript,stillexistsinyour phpMyAdmindirectory.YoushouldremoveitoncephpMyAdminhasbeenconfigured. Justlikethemessagesays,removetheconfigdirectory.
#cd/usr/local/apache2/htdocs/phpmyadmin #rmrfconfig
Aftermovingtheconfigdirectory,ifyougotosetup/index.phpurl,youllseefollowingmessage.This isagoodthing,asyouvealreadyconfiguredthephpMyAdmin.
Cannotloadorsaveconfiguration.PleasecreatewebserverwritablefolderconfiginphpMyAdmin topleveldirectoryasdescribedindocumentation.Otherwiseyouwillbeonlyabletodownloador displayit. OnceyouveloggedinyoushouldbeabletomanagealltheMySQLdatabasesfromyourbrowser. 14. Setup squid to control internet access :Squidisaproxycachingserver.Youcanusesquidto controlinternetaccessatwork.ThisguidewillgiveajumpstartonhowtosetupsquidonLinuxto restrictinternetaccessinannetwork.
HowToUseSquidProxyCacheServerToControl InternetAccess
Tweet Squidisaproxycachingserver.IfyouareLinuxsysadmin,youcanusesquidtocontrolinternet accessatyourworkenvironment. ThisbeginnersguidewillgiveajumpstartonhowtosetupsquidonLinuxtorestrictinternetaccess inannetwork.
InstallSquid
CheckConfigurationandStartupscripts
Apartfrominstallingthesquidrelatedpackages,italsocreatesthe/etc/squid/squid.confand /etc/init.d/squidstartupscript. BydefaultSquidrunson3128port.Youcanverifythisfromthesquid.conffile.Youcanalsosetthe visible_hostnameparameterinyoursquid.conf,whichwillbeusedinerror_log.Ifyoudontdefine, squidgetsthehostnamevalueusinggethostname()function.
#vim/etc/squid/squid.conf visible_hostnameubuntuserver httpd_port3128
StartSquidandViewLogs
#servicesquidstart squidstart/running,process11743
Followingistheformatofthesquidaccess.logrecord.
timeelapsedremotehostcode/statusbytesmethodURLrfc931peerstatus/peerhost
Todisablelogginginsquid,updatethesquid.confwiththefollowinginformation.
#todisableaccess.log cache_access_log/dev/null #todisablestore.log cache_store_lognone #todisablecache.log cache_log/dev/null
SquidUsage1:RestrictAccesstoSpecificWebsites
Thisishowyoucanrestrictfolksfrombrowsingcertainwebsitewhentheyareconnectedtoyour networkusingyourproxyserver. Createafilecalledrestricted_sitesandlistallsitesthatyouwouldwanttorestricttheaccess.
#vim/etc/squid/restricted_sites www.yahoo.com mail.yahoo.com
Modifythesquid.conftoaddthefollowing.
#vim/etc/squid/squid.conf aclRestrictedSitesdstdomain"/etc/squid/restricted_sites" http_accessdenyRestrictedSites
SquidUsage2:AllowAccesstoWebsitesOnlyDuringSpecificTime
SquidUsage3:RestrictAccesstoParticularNetwork
Insteadofrestrictingspecificsites,youcanalsoprovideaccessonlytocertainnetworkandblock everythingelse.Theexamplebelow,allowsaccessonlytothe192.168.1.*internalnetwork.
#vim/etc/squid/squid.conf aclbranch_officessrc192.168.1.0/24 http_accessdenyall http_accessallowbranch_offices
ForaLinuxbasedintrusiondetectionsystem,refertoourtripwirearticle.
SquidUsage4:UseRegularExpressiontoMatchURLs
Youcanalsouseregularexpressiontoallowordenywebsites. Firstcreateablocked_sitesfileswithalistofkeywords.
#cat/etc/squid/blocked_sites soccer movie www.example.com
Modifythesquid.conftoblockanysitesthathasanyofthesekeywordsintheirurl.
#vim/etc/squid/squid.conf aclblocked_sitesurl_regexi"/etc/squid/blocked_sites" http_accessdenyblocked_sites http_accessallowall
SARGSquidAnalysisReportGenerator
#togeneratethereportfortoday sargreporttoday #ondailybasis sargreportdaily #onweeklybasis sargreportweekly #onmonthlybasis sargreportmonthly
DownloadandinstallSARGtogeneratesquidusagereports. Usethesargreportscommandtogeneratereportsasshownbelow.
15. Add new swap space :Usedd,mkswapandswaponcommandstoaddswapspace.Youcan eitheruseadedicatedharddrivepartitiontoaddnewswapspace,orcreateaswapfileonan existingfilesystemanduseitasswapspace. UNIX/Linux:2WaystoAddSwapSpaceUsingdd,mkswapandswapon Tweet Question:IwouldliketoaddmoreswapspacetomyLinuxsystem.Canyouexplainwithclear examplesonhowtoincreasetheswapspace? Answer:Youcaneitheruseadedicatedharddrivepartitiontoaddnewswapspace,orcreateaswap fileonanexistingfilesystemanduseitasswapspace.
Howmuchswapspaceiscurrentlyusedbythesystem?
#freek totalusedfreesharedbufferscached Mem:3082356204370010386560509761646268
Freecommanddisplaystheswapspace.freekshowstheoutputinKB.
/+buffers/cache:3464562735900 Swap:419295604192956
Swaponcommandwithoptions,displaysthecurrentswapspaceinKB.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601
Swapons,issameasthefollowing.
#cat/proc/swaps FilenameTypeSizeUsedPriority /dev/sda2partition419295601
Method1:UseaHardDrivePartitionforAdditionalSwapSpace
Ifyouhaveanadditionalharddisk,(orspaceavailableinanexistingdisk),createapartitionusing fdiskcommand.Letusassumethatthispartitioniscalled/dev/sdc1 Nowsetupthisnewlycreatedpartitionasswapareausingthemkswapcommandasshownbelow.
#mkswap/dev/sdc1
Enabletheswappartitionforusageusingswaponcommandasshownbelow.
#swapon/dev/sdc1
Tomakethisswapspacepartitionavailableevenafterthereboot,addthefollowinglinetothe /etc/fstabfile.
#cat/etc/fstab /dev/sdc1swapswapdefaults00
Verifywhetherthenewlycreatedswapareaisavailableforyouruse.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601 /dev/sdc1partition104856802 #freek totalusedfreesharedbufferscached Mem:30823563022364599920520562646472 /+buffers/cache:3238362758520 Swap:524152405241524
Note:Intheoutputofswaponscommand,theTypecolumnwillsaypartitioniftheswapspaceis createdfromadiskpartition.
Method2:UseaFileforAdditionalSwapSpace
Changethepermissionoftheswapfilesothatonlyrootcanaccessit.
#chmod600/root/myswapfile
Makethisfileasaswapfileusingmkswapcommand.
#mkswap/root/myswapfile Settingupswapspaceversion1,size=1073737kB
Enablethenewlycreatedswapfile.
#swapon/root/myswapfile
Tomakethisswapfileavailableasaswapareaevenafterthereboot,addthefollowinglinetothe /etc/fstabfile.
#cat/etc/fstab /root/myswapfileswapswapdefaults00
Verifywhetherthenewlycreatedswapareaisavailableforyouruse.
#swapons FilenameTypeSizeUsedPriority /dev/sda2partition419295601 /root/myswapfilefile104856802 #freek totalusedfreesharedbufferscached Mem:30823563022364599920520562646472 /+buffers/cache:3238362758520 Swap:524152405241524
Snort:5StepstoInstallandConfigureSnorton Linux
SnortisafreelightweightnetworkintrusiondetectionsystemforbothUNIXandWindows. Inthisarticle,letusreviewhowtoinstallsnortfromsource,writerules,andperformbasictesting.
1.DownloadandExtractSnort
Downloadthelatestsnortfreeversionfromsnort website .Extractthesnortsourcecodetothe/usr/srcdirectoryas shownbelow. #cd/usr/src
#wgetOsnort2.8.6.1.tar.gzhttp://www.snort.org/downloads/116 #tarxvzfsnort2.8.6.1.tar.gz
Note:WealsodiscussedearlieraboutTripwire(Linuxhostbasedintrusiondetectionsystem) andFail2ban(Intrusionpreventionframework)
2.InstallSnort
Beforeinstallingsnort,makesureyouhavedevpackagesoflibpcapandlibpcre. #aptcachepolicylibpcap0.8dev libpcap0.8dev: Installed:1.0.02ubuntu1 Candidate:1.0.02ubuntu1
#aptcachepolicylibpcre3dev libpcre3dev: Installed:7.83 Candidate:7.83
Followthestepsbelowtoinstallsnort. #cdsnort2.8.6.1
#./configure #make #makeinstall
3.VerifytheSnortInstallation
Verifytheinstallationasshownbelow. #snortversion
,,_*>Snort!<* o")~Version2.8.6.1(Build39) ''''ByMartinRoesch&TheSnortTeam:http://www.snort.org/snort/snortteam Copyright(C)19982010Sourcefire,Inc.,etal. UsingPCREversion:7.820080905
4.Createtherequiredfilesanddirectory
Youhavetocreatetheconfigurationfile,rulefileandthelogdirectory. Createthefollowingdirectories: #mkdir/etc/snort
#mkdir/etc/snort/rules #mkdir/var/log/snort
Table:Rulestructureandexample Structure RuleActions Protocol SourceIPAddress SourcePort DirectionOperator DestinationIP Address DestinationPort (ruleoptions)
Example alert icmp any any > any any (msg:ICMPPacket;sid:477; rev:3;)
5.Executesnort
Executesnortfromcommandline,asmentionedbelow. #snortc/etc/snort/snort.confl/var/log/snort/ TrypingingsomeIPfromyourmachine,tocheckourpingrule.Followingistheexampleofasnortalertforthis ICMPrule. #head/var/log/snort/alert [**][1:477:3]ICMPPacket[**] [Priority:0] 07/2720:41:57.230345>l/llen:0l/ltype:0x2000:0:0:0:0:0 pkttype:0x4proto:0x800len:0x64 209.85.231.102>209.85.231.104ICMPTTL:64TOS:0x0ID:0IpLen:20DgmLen:84DF Type:8Code:0ID:24905Seq:1ECHO AlertExplanation Acoupleoflinesareaddedforeachalert,whichincludesthefollowing: Messageisprintedinthefirstline. SourceIP DestinationIP Typeofpacket,andheaderinformation. Ifyouhaveadifferentinterfaceforthenetworkconnection,thenusedevioption.Inthisexamplemynetwork interfaceisppp0. #snortdevippp0c/etc/snort/snort.confl/var/log/snort/
ExecutesnortasDaemon
AddDoptiontorunsnortasadaemon. #snortDc/etc/snort/snort.confl/var/log/snort/
AdditionalSnortinformation
Defaultconfigfilewillbeavailableatsnort2.8.6.1/etc/snort.conf Defaultrulescanbedownloadedfrom:http://www.snort.org/snortrules
HowtoRegisterRHEL/OELLinuxtoOracleSupport(ULN)usingup2date
Question:IhavepurchasedLinuxsupportforRHELandOELfromOraclecorporation. HowdoIregistermyLinuxsystemtoOraclesupportnetworktodownloadandupdatepackages? Canyouexplainmewithstepbystepinstruction? Answer:AfterpurchasingLinuxsupportfromOracle,youshouldregisteryourLinuxsystemwith OraclesUnbreakableLinuxNetworkusingup2dateutilityasexplainedinthisarticle.
1.Launchup2dateregisterWizard
#up2dateregister
Typethefollowingfromthecommandline,whichwillinvoketheUnbreakableLinuxNetwork Registrationwizardasshownbelow.
2.RegistertoOracleULNusingOracleCSINumber
Ifyoualreadyhaveauid/pwdtotheULNnetwork,enterithere.Ifyoudonthaveanexisting accountonULN,theuid/pwdinformationyouenterinthisstepwillbeusedtocreateanewaccount foryou. MakesuretoenteravalidCSInumber.WhenyoupurchasedtheLinuxsupportfromOracle,you wouldvereceivedaCSInumber.
3.RegisteraSystemProfileHardwareInfo
4.RegisteraSystemProfilePackagesInfo
5.SendProfileInformationtoOracleNetwork(ULN)
6.RHEL/OELRegistrationSuccessfulwithULN
Linuxprovidesseveralpowerful
Inthisarticle,letusdiscussabouthowtosetuptftpboot,includinginstallationof necessarypackages,andtftpbootconfigurations. TFTPbootserviceisprimarilyusedtoperformOSinstallationonaremotemachineforwhichyou donthavethephysicalaccess.InordertoperformtheOSinstallationsuccessfully,thereshouldbea waytoreboottheremoteservereitherusingwakeonlanorsomeonemanuallyrebootingitor someotherways. Inthosescenarios,youcansetupthetftpbootservicesaccordinglyandtheOSinstallationcanbe doneremotely(youneedtohavetheautoyastconfigurationfiletoautomatetheOSinstallation steps). StepbystepprocedureispresentedinthisarticlefortheSLES10SP3in64bitarchitecture.However, thesestepsareprettymuchsimilartoanyotherLinuxdistributions. Thefollowingpackagesneedstobeinstalledforthetftpbootsetup. dhcpservicespackages:dhcp3.0.77.5.20.x86_64.rpmanddhcpserver3.0.77.5.20.x86_64.rpm tftpbootpackage:tftp0.481.6.x86_64.rpm pxebootpackage:syslinux3.1120.14.26.x86_64.rpm
RequiredPackages
PackageInstallation
Installthepackagesforthedhcpserverservices:
$rpmivhdhcp3.0.77.5.20.x86_64.rpm Preparing...###########################################[100%] 1:dhcp###########################################[100%] $rpmivhdhcpserver3.0.77.5.20.x86_64.rpm Preparing...###########################################[100%] 1:dhcp###########################################[100%] $rpmivhtftp0.481.6.x86_64.rpm $rpmivhsyslinux3.1120.14.26.x86_64.rpm
DownloadtheappropriatetftpserverfromtherepositoryofyourrespectiveLinuxdistribution.
Stepstosetuptftpboot Step1:Create/tftpbootdirectory
#mkdir/tftpboot/
Createthetftpbootdirectoryunderrootdirectory(/)asshownbelow.
Step2:Copythepxelinuximage
PXELinuximagewillbeavailableonceyouinstalledthesyslinuxpackage.Copythisto/tftpboot pathasshownbelow.
#cp/usr/share/syslinux/pxelinux.0/tftpboot
Step3:CreatethemountpointforISOandmounttheISOimage
LetusassumethatwearegoingtoinstalltheSLES10SP3Linuxdistributiononaremoteserver.If youhavetheSUSE10SP3DVDinsertitinthedriveormounttheISOimagewhichyouhave.Here, theisoimagehasbeenmountedasfollows:
#mkdir/tftpboot/sles10_sp3 #mountoloopSLES10SP3DVDx86_64.iso/tftpboot/sles10_sp3
Step4:Copythevmlinuzandinitrdimagesinto/tftpboot
Step5:Createpxelinux.cfgDirectory
Createthedirectorypxelinux.cfgunder/tftpbootanddefinethepxebootdefinitionsfortheclient.
#mkdir/tftpboot/pxelinux.cfg #cat>/tftpboot/pxelinux.cfg/default defaultlinux labellinux kernellinux appendinitrd=initrdshowoptsinstmode=nfsinstall=nfs://192.168.1.101/tftpboot/sles10_sp3/
Step6:Changetheownerandpermissionfor/tftpbootdirectory
Assignnobody:nobodyto/tftpbootdirectory.
#chownnobody:nobody/tftpboot #chmod777/tftpboot
Step7:Modify/etc/dhcpd.conf
Modifythe/etc/dhcpd.confasshownbelow.
#cat/etc/dhcpd.conf ddnsupdatestylenone; defaultleasetime14400; filename"pxelinux.0"; #IPaddressofthedhcpservernothingbutthismachine.
Specifytheinterfacein/etc/syslinux/dhcpdtolistendhcprequestscomingfromclients.
#cat/etc/syslinux/dhcpd|grepDHCPD_INTERFACE DHCPD_INTERFACE=eth1;
Step8:Modify/etc/xinetd.d/tftp
Step9:Nochangesin/etc/xinetd.conf
Thereisnoneedtomodifytheetc/xinetd.conffile.Usethedefaultvaluesspecifiedinthexinetd.conf file.
Step10:Restartxinetd,dhcpdandnfsservices
Restarttheseservicesasshownbelow.
#/etc/init.d/xinetdrestart #/etc/init.d/dhcpdrestart #/etc/init.d/nfsserverrestart
Afterrestartingthenfsservices,youcanviewtheexporteddirectorylist(/tftpboot)bythefollowing command,
#showmounte
1.View/ListAlliptablesRules
#iptableslist
Whenyouwanttocheckwhatrulesareiniptables,uselistoptionasshownbelow.
Example1:Iptableslistoutputshowingnorules
#iptableslist ChainINPUT(policyACCEPT) targetprotoptsourcedestination ChainFORWARD(policyACCEPT) targetprotoptsourcedestination ChainOUTPUT(policyACCEPT) targetprotoptsourcedestination
Theaboveoutputshowschainheaders.Asyousee,therearenorulesinit.
Example2:Iptableslistoutputshowingsomerules
#iptableslist ChainINPUT(policyACCEPT) targetprotoptsourcedestination ChainFORWARD(policyACCEPT) targetprotoptsourcedestination
Whenthereisaruletodisablepingreply,youhavetheiptableslistoutputaslikethefollowing.You canseetheruleintheOUTPUTchain.
2.DeleteiptablesRulesusingflushoption
#iptablesflush
#iptablesflushOUTPUT
DisablepingreplyTemporarily
Youcantemporarilydisablethepingreplyusingthefollowingmethod.
#echo"1">/proc/sys/net/ipv4/icmp_echo_ignore_all
DisablepingreplyPermanently
net.ipv4.icmp_echo_ignore_all=1
Theabovecommandloadsthesysctlsettingsfromthesysctl.conffile. Afterthepingreplyisdisabledusingoneoftheabovemethod,whensomebodytriestopingyour machinetheywillendupwaitingwithoutgettingapingreplypacketevenwhenthemachineisup andrunning. 21. Block ip address using fail2ban :Fail2banisaintrusionpreventonframeworkthatscanslog filesforvariousservices(SSH,FTP ,SMTP ,Apache,etc.,)andbanstheIPthatmakestoomany passwordfailures.Italsoupdatesiptlesfirewallrulestorejecttheseipaddresses.
Fail2BanHowto:BlockIPAddressUsingFail2banandIPTables byS ELVAG ANES HA N S onJULY2,2010
InstallFail2ban
Toinstallfail2banfromsource,downloaditfromsourceforge.. UseaptgettoinstallFail2banonaDebianbasedsystemasshownbelow.
#aptgetinstallfail2ban
Howtoconfigurefail2ban
AllFail2banconfigurationfilesarelocatedunderthe/etc/fail2bandirectory.
/etc/fail2ban/fail2ban.conf
/etc/fail2ban/jail.conf
ServiceConfigurations
[ssh] enabled=true port=ssh filter=sshd logpath=/var/log/auth.log action=iptables
Bydefault,someservicesareinsertedastemplates.Followingisanexampleofthesshservices section.
Fail2banFilters
Fail2banActions
Start/StopFail2banService
#/etc/init.d/fail2banstop #/etc/init.d/fail2banstart
AftermakingconfigurationchangesstopandstarttheFail2bandaemonasshownbelow.
Debian:HowtoInstallorRemoveDEBPackages Usingdpkg
bySASIKALA onJUNE18,2010
Question:Iwouldliketoknowhowtoinstall,uninstall,verifydebpackagesonDebian.Canyouexplainmewithan example? Answer:Usedpkgtoinstallandremoveadebpackageasexplainedbelow. OnDebian,dpkg(Debianpackagesystem)allowsyoutoinstallandremovethesoftwarepackages.dpkgisthe simplestwaytoinstallanduninstallapackage. DebiannowsuppliesatoolnamedApt(forAPackageTool)andaptitudetohelptheadministratorstoaddor removesoftwaremoreeasily.RefertoourearlierManage packages using aptget formoredetails.
InstallingaDebUsingdpkgi
syntax: dpkgipackagefilename
iistoinstallapackage.
ThefollowingexampleinstallstheDebianpackagefortcltool. $dpkgitcl8.4_8.4.192_amd64.deb Selectingpreviouslydeselectedpackagetcl8.4. (Readingdatabase...94692filesanddirectoriescurrentlyinstalled.) Unpackingtcl8.4(fromtcl8.4_8.4.192_amd64.deb)... Settinguptcl8.4(8.4.192)... Processingtriggersformenu... Processingtriggersformandb... Youcanverifytheinstallationofpackageusingdpkglpackagenameasshownbelow. $dpkgl|grep'tcl' iitcl8.48.4.192Tcl(theToolCommandLanguage)v8.4runt Theabovecommandshowsthattclpackageisinstalledproperly.iispecifiesstatusinstalledokinstalled.
UninstallingaDebusingdpkgr
dpkgwithroptionremovestheinstalledpackage. $dpkgrtcl8.4 (Readingdatabase...94812filesanddirectoriescurrentlyinstalled.) Removingtcl8.4... Processingtriggersformandb... Processingtriggersformenu... Nowlistthepackageandcheckthestatus. #dpkgl|grep'tcl' rctcl8.48.4.192Tcl(theToolCommandLanguage)v8.4runt rcstandsforremovedokconfigfiles.Theremoveactiondidntpurgetheconfigurationfiles.Thestatusofeach installedpackagewillbeavailablein/var/lib/dpkg/status.Statusoftcl8.4packagelookslike, Package:tcl8.4 Status:deinstallokconfigfiles Priority:optional Section:interpreters InstalledSize:3308 Thefollowingcommandisusedtopurgethepackagecompletely. $dpkgPtcl8.4 (Readingdatabase...94691filesanddirectoriescurrentlyinstalled.) Removingtcl8.4... Purgingconfigurationfilesfortcl8.4... Processingtriggersformenu... $dpkgl|grep'tcl' $ Sothepackageiscompletelyremoved,andthestatusinthe/var/lib/dpkg/statusisgivenbelow. Package:tcl8.4 Status:purgeoknotinstalled Priority:optional Section:interpreters
1.InstallAlfrescoCommunityTomcatBundle
#cd~
2.ModifyAlfrescoGlobalProperties
3.VerifyMySQLconnectorisinstalled
Justdoublechecktomakesurethemysqlconnectorisinstalledintheproperlocation,asshown below.
#lsl/opt/alfresco/tomcat/lib/mysqlconnectorjava5.1.7bin.jar rwxrxrx1rootroot709922Jan1211:59/opt/alfresco/tomcat/lib/mysqlconnectorjava5.1.7bin.jar
4.CreatetheAlfrescoMySQLdatabases
5.VerifythatAlfrescoMySQLdatabasesgotcreated
#mysqlurootp Enterpassword: mysql>showdatabases; ++ |Database| ++ |information_schema| |alfresco| |mysql| |test| ++ 4rowsinset(0.00sec) mysql>
6.Updatethedb.urlintheglobalpropertyfiles
Updatethedb.urlparameterinthealfrescoglobal.propertiesfiletopointtolocalhost:3306asshown below.
#vi/opt/alfresco/tomcat/shared/classes/alfrescoglobal.properties db.url=jdbc:mysql://localhost:3306/alfresco
7.StartAlfrescoServer
Startthealfrescoserver.Thiswillstartthetomcatapplicationserverthatwasbundledwiththe alfresco.
#cd/opt/alfresco #./alfresco.shstart UsingCATALINA_BASE:/opt/alfresco/tomcat UsingCATALINA_HOME:/opt/alfresco/tomcat UsingCATALINA_TMPDIR:/opt/alfresco/tomcat/temp UsingJRE_HOME:/usr/java/jdk1.6.0_18
Whilethealfrescotomcatserverisstartingup,checkthe/opt/alfresco/alfresco.logforanypossible issues. Whenalfresco.shisexecutedforthe1sttime,itwilldosomedatabasesetup,andyoullseefollowing messagesinthealfresco.log(onlythe1sttime). Executingdatabasescript/opt/alfresco/tomcat/temp/Alfresco/*.sql Allexecutedstatements:/opt/alfresco/tomcat/temp/Alfresco/*.sql Appliedpatch[org.alfresco.repo.admin.patch.PatchExecuter] LookforthelineinthelogfilewhereitsaysAlfrescostarted,whichindicatesthatAlfrescowas startedsuccessfully. Followingarefewsamplelinesfromalfresco.log.
#tailf/opt/alfresco/alfresco.log 21:29:25,431INFO[org.alfresco.repo.domain.schema.SchemaBootstrap]Executingdatabasescript /opt/alfresco/tomcat/temp/Alfresco/AlfrescoSchemaMySQLInnoDBDialectUpdate3892772511531851057.sql(Copied
fromclasspath:alfresco/dbscripts/create/3.3/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate3.3 RepoTables.sql). 21:29:27,245INFO[org.alfresco.repo.domain.schema.SchemaBootstrap]Allexecutedstatements: /opt/alfresco/tomcat/temp/Alfresco/AlfrescoSchemaMySQLInnoDBDialectAll_Statements4724137490855924607.sql. ===Appliedpatch=== ID:patch.dbV3.00CreateActivitiesExtras RESULT: Scriptcompleted ===================================== 21:30:03,756INFO[org.alfresco.service.descriptor.DescriptorService]AlfrescoJVMv1.6.0_21b06;maximumheapsize 910.250MB 21:30:03,756INFO[org.alfresco.service.descriptor.DescriptorService]Alfrescostarted(Community):Currentversion 3.3.0(2765)schema4009Originallyinstalledversion3.3.0(2765)schema4009
8.Verifythealf_datadirectorycreation
Whenyoustartthealfrescoforthe1sttime,itwillcreatethealfrescodatarepositoryasshown below.
#lsl/opt/alfresco/alf_data total32 drwxrxrx2rootroot4096Mar2516:26audit.contentstore drwxrxrx2rootroot4096Mar2516:26contentstore drwxrxrx2rootroot4096Mar2516:26contentstore.deleted drwxrxrx3rootroot4096Mar2516:26luceneindexes
9.VerifythatAlfrescoServerisRunning
Makesurealfrescoserverisrunningsuccessfully.Viewthealfresco.logfiletomakesurethereareno errors.
#psef|grepialf root928015116:25pts/000:00:30/usr/java/jdk1.6.0_18/bin/javaXms128mXmx512m XX:MaxPermSize=160mserverDalfresco.home=.Dcom.sun.management.jmxremote Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Djava.util.logging.config.file=/opt/alfresco/tomcat/conf/logging.properties Djava.endorsed.dirs=/opt/alfresco/tomcat/endorsedclasspath:/opt/alfresco/tomcat/bin/bootstrap.jar Dcatalina.base=/opt/alfresco/tomcatDcatalina.home=/opt/alfresco/tomcat Djava.io.tmpdir=/opt/alfresco/tomcat/temporg.apache.catalina.startup.Bootstrapstart #tailf/opt/alfresco/alfresco.log
10.LogintoAlfrescoExplorerorAlfrescoShare
AlfrescohastwowaystoaccesstheapplicationAlfrescoExplorerandAlfrescoShare. Gotohttp://localhost:8080/alfrescotolaunchtheAlfrescoexplorer Gotohttp://localhost:8080/sharetolaunchtheAlfrescoshare Defaultalfrescoadministratoruid/pwdisadmin/admin.Changeitimmediatelyafteryoulogin.
11.Changethedefaultpasswordforthealfrescodatabase
Usethemysqlupdatecommandtochangethepasswordforthealfrescouserasshownbelow.
#mysqlurootpmysql Enterpassword: Readingtableinformationforcompletionoftableandcolumnnames YoucanturnoffthisfeaturetogetaquickerstartupwithA WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis51 Serverversion:5.0.77Sourcedistribution
12.Modifytheconfigurationfiletoreflectthenewalfrescopassword.
Updatethedb.passwordparameterinthealfrescoglobal.propertiesfileasshownbelow.
#vi/opt/alfresco/tomcat/shared/classes/alfrescoglobal.properties db.name=alfresco db.username=alfresco db.password=donttellanybody
1.VerifyPerlVersion
#perlv
Makesureyourperlversionis>=5.8.1asshownbelow.
Thisisperl,v5.8.8builtfori386linuxthreadmulti
MostLinuxdistributionscomeswithperl.Ifyoudonthaveitonyours,downloadandinstallitfrom correspondingdistributionwebsite.
2.InstallMySQLDatabase
MakesureyourMySQLversionis>=4.1.2asshownbelow.
#mysqlV mysqlVer14.12Distrib5.0.77,forredhatlinuxgnu(i686)usingreadline5.1
3.InstallApache
Ifyoualreadyhaveapacheinstalled,makesureyouareabletoaccessitbyusinghttp://{yourip address}. Ifyoudonthaveapache,installisusingyumbasedonLAMP install article,orinstall apache from source.
4.DownloadlatestBugzillatarball
#cd~
5.Executethebugzillachecksetup.pl
Bugzillachecksetup.plprogramwillverifywhetheralltherequiredperlmodulesareinstalled.This willalsodisplayalistofallmissingbugzillamodulesthatneedstobeinstalled. Youcanrunthechecksetup.plprogramasmanytimesasyoulikeuntilyouveverifiedallthe requiredperlmodulesareinstalled. Followingistheoutputof1strunofchecksetup.pl,whereishaslistedallthemissingoptionaland requiredmodules.
#cd/var/www/html/bugzilla3.4.6 #./checksetup.plcheckmodules COMMANDSTOINSTALLOPTIONALMODULES: GD:/usr/bin/perlinstallmodule.plGD Chart:/usr/bin/perlinstallmodule.plChart::Base TemplateGD:/usr/bin/perlinstallmodule.plTemplate::Plugin::GD::Image GDTextUtil:/usr/bin/perlinstallmodule.plGD::Text GDGraph:/usr/bin/perlinstallmodule.plGD::Graph XMLTwig:/usr/bin/perlinstallmodule.plXML::Twig MIMEtools:/usr/bin/perlinstallmodule.plMIME::Parser libwwwperl:/usr/bin/perlinstallmodule.plLWP::UserAgent PatchReader:/usr/bin/perlinstallmodule.plPatchReader PerlMagick:/usr/bin/perlinstallmodule.plImage::Magick perlldap:/usr/bin/perlinstallmodule.plNet::LDAP AuthenSASL:/usr/bin/perlinstallmodule.plAuthen::SASL RadiusPerl:/usr/bin/perlinstallmodule.plAuthen::Radius SOAPLite:/usr/bin/perlinstallmodule.plSOAP::Lite HTMLParser:/usr/bin/perlinstallmodule.plHTML::Parser HTMLScrubber:/usr/bin/perlinstallmodule.plHTML::Scrubber EmailMIMEAttachmentStripper:/usr/bin/perlinstallmodule.plEmail::MIME::Attachment::Stripper EmailReply:/usr/bin/perlinstallmodule.plEmail::Reply TheSchwartz:/usr/bin/perlinstallmodule.plTheSchwartz DaemonGeneric:/usr/bin/perlinstallmodule.plDaemon::Generic mod_perl:/usr/bin/perlinstallmodule.plmod_perl2
YOUMUSTRUNONEOFTHEFOLLOWINGCOMMANDS(dependingonwhichdatabaseyouuse): PostgreSQL:/usr/bin/perlinstallmodule.plDBD::Pg MySQL:/usr/bin/perlinstallmodule.plDBD::mysql Oracle:/usr/bin/perlinstallmodule.plDBD::Oracle COMMANDSTOINSTALLREQUIREDMODULES(You*must*runallthesecommandsandthenrerunchecksetup.pl): /usr/bin/perlinstallmodule.plCGI /usr/bin/perlinstallmodule.plDigest::SHA /usr/bin/perlinstallmodule.plDate::Format /usr/bin/perlinstallmodule.plDateTime /usr/bin/perlinstallmodule.plDateTime::TimeZone /usr/bin/perlinstallmodule.plTemplate /usr/bin/perlinstallmodule.plEmail::Send /usr/bin/perlinstallmodule.plEmail::MIME /usr/bin/perlinstallmodule.plEmail::MIME::Encodings /usr/bin/perlinstallmodule.plEmail::MIME::Modifier /usr/bin/perlinstallmodule.plURI Toattemptanautomaticinstallofeveryrequiredandoptionalmodulewithonecommand,do: /usr/bin/perlinstallmodule.plall
6.Executebugzillainstallmodule.pl
Assuggestedbytheoutputofthechecksetup.pl,youcanexecutetheinstallmodule.pltoinstallall bugzillarequiredandoptionalperlmodules.
#/usr/bin/perlinstallmodule.plall
MySQL:/usr/bin/perlinstallmodule.plDBD::mysql Oracle:/usr/bin/perlinstallmodule.plDBD::Oracle
7.InstallmissingPerlModules
Asweseefromtheabovechecksetup.ploutput,someoftheoptionalmodulesandrequiredmodule installedwasnotcompletedwhenwerantheinstallmodule.pl. So,wehavetoinstallthemissingmodulesmanuallyonebyonetofigureouttheissuesandfixit onebyone. RefertotheTroubleshootingSectionattheendforlistofalltheissuesthatIfacedwhileinstalling theperlmodulesrequiredforbugzilla(alongwiththesolutiononhowtofixthoseissues).
8.Finalchecksetup.plcheckmodulesverification
Executechecksetup.plcheckmodulesagainasshownbelowasfinalverificationtomakesureallthe modulesgotinstalledsuccessfully.
#./checksetup.plcheckmodules *ThisisBugzilla3.4.6onperl5.8.8 *RunningonLinux2.6.18164.el5PAE#1SMPThuSep304:10:44EDT2009 Checkingperlmodules... CheckingforCGI.pm(v3.21)ok:foundv3.49 CheckingforDigestSHA(any)ok:foundv5.48 CheckingforTimeDate(v2.21)ok:foundv2.24 CheckingforDateTime(v0.28)ok:foundv0.55 CheckingforDateTimeTimeZone(v0.71)ok:foundv1.17 CheckingforDBI(v1.41)ok:foundv1.52 CheckingforTemplateToolkit(v2.22)ok:foundv2.22 CheckingforEmailSend(v2.00)ok:foundv2.198 CheckingforEmailMIME(v1.861)ok:foundv1.903 CheckingforEmailMIMEEncodings(v1.313)ok:foundv1.313 CheckingforEmailMIMEModifier(v1.442)ok:foundv1.903 CheckingforURI(any)ok:foundv1.54 CheckingavailableperlDBDmodules... CheckingforDBDPg(v1.45)notfound CheckingforDBDmysql(v4.00)ok:foundv4.013 CheckingforDBDOracle(v1.19)notfound ThefollowingPerlmodulesareoptional: CheckingforGD(v1.20)ok:foundv2.44 CheckingforChart(v1.0)ok:foundv2.4.1 CheckingforTemplateGD(any)ok:foundv1.56 CheckingforGDTextUtil(any)ok:foundv0.86 CheckingforGDGraph(any)ok:foundv1.44 CheckingforXMLTwig(any)ok:foundv3.34 CheckingforMIMEtools(v5.406)ok:foundv5.427 Checkingforlibwwwperl(any)ok:foundv5.834 CheckingforPatchReader(v0.9.4)ok:foundv0.9.5 CheckingforPerlMagick(any)ok:foundv6.2.8 Checkingforperlldap(any)ok:foundv0.4001 CheckingforAuthenSASL(any)ok:foundv2.1401 CheckingforRadiusPerl(any)ok:foundv0.17 CheckingforSOAPLite(v0.710.06)ok:foundv0.711
9.Createlocalconfigfileusingchecksetup.pl
Executechecksetup.plwithoutanyargument,whichwillcreatealocalconfigfileinthecurrent directory.Thelocalconfigfilecontainsthekeyconfigurationparametersusedbythebugzilla(for example,mysqldbusernameandpassword).
#./checksetup.pl Reading./localconfig... ThisversionofBugzillacontainssomevariablesthatyoumaywantto changeandadapttoyourlocalsettings.Pleaseeditthefile ./localconfigandrerunchecksetup.pl. Thefollowingvariablesarenewto./localconfigsinceyoulastran checksetup.pl:create_htaccess,webservergroup,db_driver,db_host,db_name,db_user,db_pass,db_port,db_sock, db_check,index_html,cvsbin,interdiffbin,diffpath,site_wide_secret
10.Modifythelocalconfigfile.
TheonlythingyouneedtomodifythelocalconfigfileisMySQLdatabasedbpasswordbychanging the$db_passvariableasshownbelow.
#vi./localconfig $db_pass='Bugs4All';
11.Modify/etc/my.cnftoincreasebugzillaattachmentsize
Setthemax_allowed_packetto4Minthe/etc/my.cnftoincreasebugzillaattachmentsize.
#cat/etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql #Defaulttousingoldpasswordformatforcompatibilitywithmysql3.x #clients(thoseusingthemysqlclient10compatibilitypackage). old_passwords=1 #Disablingsymboliclinksisrecommendedtopreventassortedsecurityrisks; #todoso,uncommentthisline: #symboliclinks=0 #Allowpacketsupto4MB max_allowed_packet=4M [mysqld_safe] logerror=/var/log/mysqld.log pidfile=/var/run/mysqld/mysqld.pid
Restartthemysqldafterthischange.
#servicemysqldrestart
12.Createbugsmysqluser
Addbugzillauser(bugs)tothemysqldatabaseasshownbelow.
#mysqlurootp mysql>GRANTSELECT,INSERT, UPDATE,DELETE,INDEX,ALTER,CREATE,LOCKTABLES, CREATETEMPORARYTABLES,DROP ,REFERENCESONbugs.* TObugs@localhostIDENTIFIEDBY'Bugs4All'; mysql>FLUSHPRIVILEGES;
13.Createthebugzilladatabase
Executethechecksetup.pl(withoutanyarguments)againtocreatethemysqlbugzilladatabase. Sincethelocalconfigfilealreadyexist,thesecondtimewhenyouexecutethechecksetup.pl,itwill createthemysqldatabasebasedontheinformationfromlocalconfigfile.
#./checksetup.pl Creatingdatabasebugs... BuildingSchemaobjectfromdatabase... Addingnewtablebz_schema... InitializingthenewSchemastorage... Addingnewtableattach_data... Addingnewtableattachments... Addingnewtablebug_group_map... Addingnewtablebug_see_also... Addingnewtablebug_severity... Addingnewtablebug_status... Insertingvaluesintothe'priority'table: Insertingvaluesintothe'bug_status'table: Insertingvaluesintothe'rep_platform'table: Creating./datadirectory... Creating./data/attachmentsdirectory... Creating./data/duplicatesdirectory... Addingforeignkey:attachments.bug_id>bugs.bug_id... Addingforeignkey:attachments.submitter_id>profiles.userid... Addingforeignkey:bug_group_map.bug_id>bugs.bug_id...
14.Createbugzillaadministratoraccount.
Attheendofthe./checksetup.plexecution,itwilldetectthatyoudonthaveanadminsitrator accountandrequestyoutoenteradministrationlogininformationasshownbelow.
Lookslikewedon'thaveanadministratorsetupyet.Eitherthisis yourfirsttimeusingBugzilla,oryouradministrator'sprivileges mighthaveaccidentallybeendeleted. Entertheemailaddressoftheadministrator:ramesh@thegeekstuff.com Entertherealnameoftheadministrator:RameshNatarajan Enterapasswordfortheadministratoraccount:NotRealPwd Pleaseretypethepasswordtoverify:welcome
15.Configureapacheformod_perl
Renamethebugzilladirectory.(i.eremovetheversionnumberinit)
#cd/var/www/html #mvbugzilla3.4.6/bugzilla
Addthefollowingtwolinestohttpd.conf
#tail2/etc/httpd/conf/httpd.conf PerlSwitchesI/var/www/html/bugzillaI/var/www/html/bugzilla/libwT PerlConfigRequire/var/www/html/bugzilla/mod_perl.pl
VerifytheGroupinhttpd.confmatchesthewebservergroupinlocalconfig
#cd/var/www/html/bugzilla/ #grepwebservergrouplocalconfig $webservergroup='apache'; #grepGroup/etc/httpd/conf/httpd.conf Groupapache
16.Finalchecksetup.plexecution
Executethechecksetup.plagain.
#./checksetup.pl Reading./localconfig... Removingexistingcompiledtemplates... Precompilingtemplates...done. Fixingfilepermissions... NowthatyouhaveinstalledBugzilla,youshouldvisitthe'Parameters' page(linkedinthefooteroftheAdministratoraccount)toensureit issetupasyouwishthisincludessettingthe'urlbase'optionto thecorrectURL.
17.Logintobugzillaandcompleteonetimesetup.
Starttheapache,gotohttp://{youripaddress}/bugzillaandloginusingtheadministratoraccount youcreatedabove. FromthebugzillaUI,atthefooter>Administration>Parameters>RequiredSettingssection> Filloutfollowinginformation: maintainer:ramesh@thegeekstuff.com urlbase:http://{youripaddress}/ Note:Dependingonyoursetup,goto>UserAuthentication>andyoumightwanttochange requiredloginandemailregexpparameter.
TroubleshootingBugzillaInstallIssues Issue1:DBD::mysqlmodulefailed
TheDBD:mysqlperlmodulefailedwiththemysql.h:Nosuchfileordirectoryerrormessageas shownbelow.
#/usr/bin/perlinstallmodule.plDBD::mysql dbdimp.h:22:49:error:mysql.h:Nosuchfileordirectory dbdimp.h:23:45:error:mysqld_error.h:Nosuchfileordirectory dbdimp.h:25:49:error:errmsg.h:Nosuchfileordirectory Infileincludedfromdbdimp.c:20: dbdimp.h:144:error:expectedspecifierqualifierlistbeforeMYSQL dbdimp.h:236:error:expectedspecifierqualifierlistbeforeMYSQL_RES
Solution1:installmysqldevel
Errormessagemysql.h:Nosuchfileordirectoryisbecausemysqldevelpackagewasmissingas shownbelow.
#rpmqa|grepimysql MySQLpython1.2.11 mysql5.0.774.el5_4.2 mysqlconnectorodbc3.51.26r11271.el5 mysqlserver5.0.774.el5_4.2 libdbidbdmysql0.8.1a1.2.2 perlDBDMySQL3.00072.el5
Installthemysqldevelpackageasshownbelow.
#yuminstallmysqldevel #rpmqa|grepi"mysqldevel" mysqldevel5.0.774.el5_4.2
DBD::mysqlinstallationwillgothroughwithoutanyissuesnow.
#/usr/bin/perlinstallmodule.plDBD::mysql
Issue2:GDfailedwithmissinggdlibconfig/libgd
InstallingGDmodulefailedwiththefollowingerrormessage.
#/usr/bin/perlinstallmodule.plGD **UNRECOVERABLEERROR** Couldnotfindgdlibconfiginthesearchpath.Pleaseinstalllibgd2.0.28orhigher. Ifyouwanttotrytocompileanyway,pleasererunthisscriptwiththeoptionignore_missing_gd. Runningmaketest Makehadsomeproblems,maybeinterrupted?Won'ttest Runningmakeinstall Makehadsomeproblems,maybeinterrupted?Won'tinstall
Solution2:Installgddevelpackage
Installlibgd(i.egddevelpackage)asshownbelowtofixtheGDmoduleissue.
#yuminstallgddevel #rpmqa|grepgd gd2.0.339.4.el5_4.2 gddevel2.0.339.4.el5_4.2
GDgotinstalledwithoutanyissuesafterinsingallinggddevelpackage.
#/usr/bin/perlinstallmodule.plGD
Issue3:TwigFailedwithexpat.herror
Twigmodulefailedtoinstallwiththeerrormessageexpat.h:Nosuchfileordirectoryasshown below.
#/usr/bin/perlinstallmodule.plXML::Twig Expat.xs:12:19:error:expat.h:Nosuchfileordirectory Expat.xs:60:error:expectedspecifierqualifierlistbeforeXML_Parser
Solution3:InstallexpatandexpatdevelforTwig
Installexpatandexpatdevelpackageasshownbelow.
#yuminstallexpat #yuminstallexpatdevel
NowinstallTwigwithoutanyissues.
#/usr/bin/perlinstallmodule.plXML::Twig
Issue4:Image::Magickfailedtoinstall
Image::Magickinstallationfailedwithmagick/MagickCore.h:Nosuchfileordirectoryerror messageasshownbelow.
#/usr/bin/perlinstallmodule.plImage::Magick Note(probablyharmless):NolibraryfoundforlMagickCore Magick.xs:64:31:error:magick/MagickCore.h:Nosuchfileordirectory Magick.xs:171:error:expectedspecifierqualifierlistbeforeMagickRealType Magick.xs:192:error:expectedspecifierqualifierlistbeforeImageInfo Magick.xs:214:error:MagickNoiseOptionsundeclaredhere(notinafunction) Magick.xs:214:warning:missinginitializer
Solution4:Image::Magickfailedtoinstall
MakesurefollowingImageMagicrelatedpackagesarepresent.
#rpmqa|grepiImage ImageMagick6.2.8.04.el5_1.1 ImageMagickc++devel6.2.8.04.el5_1.1 ImageMagickdevel6.2.8.04.el5_1.1 ImageMagickc++6.2.8.04.el5_1.1 ImageMagickperl6.2.8.04.el5_1.1
Inmycase,ImageMagicdevelwasmissing.So,installeditasshownbelow.Afterthat,Image::Magick perlmodulegotinstalledsuccessfully.
#yuminstallImageMagickdevel #/usr/bin/perlinstallmodule.plImage::Magick
Issue5:SOAP::Litefailedtoinstall
SOAP::LitemodulefailedtoinstallwithCannotlocateversion.pmin@INCmessageasshown below.
#/usr/bin/perlinstallmodule.plSOAP::Lite Failedtest'useSOAP::Lite;'att/SOAP/Data.tline5. Triedtouse'SOAP::Lite'. Error:Can'tlocateversion.pmin@INC
Solution5:Installversion.pmrequiredforSOAP::Lite
Installedversion.pmasshownbelow.Afterthis,SOAP::Litegotinstalledwithoutanyissue.
#perlMCPANe'installversion' #/usr/bin/perlinstallmodule.plSOAP::Lite
Issue6(andSolution6):mod_perlwasmissing
Dontinstallmod_perlusing/usr/bin/perlinstallmodule.plmod_perl2.Insetad,useyumtoinstall mod_perlasshownbelow.
#yuminstallmod_perl
Issue7:Apachestartfailed
StartingapachefailedwithCannotlocateTemplate/Config.pmin@INCerrormessage.
#servicehttpdrestart Stoppinghttpd:[OK] Startinghttpd:Syntaxerroronline994of/etc/httpd/conf/httpd.conf: Can'tlocateTemplate/Config.pmin@INC
Solution7:InstallTemplateToolKitasshownbelow
InstallTemplateToolkittofixtheaboveapacheerrormessage
#cpan cpan>i/TemplateToolkit/ DistributionA/AB/ABEL/EidolonDriverTemplateToolkit0.01.tar.gz DistributionA/AB/ABW/TemplateToolkit1.07.tar.gz DistributionA/AB/ABW/TemplateToolkit2.22.tar.gz DistributionI/IN/INGY/TemplateToolkitSimple0.03.tar.gz 4itemsfound cpan>installA/AB/ABW/TemplateToolkit2.22.tar.gz
Issue8:Apachestartfailedagain
StartingapachefailedwithCannotlocateDateTime/Locale.pmin@INCerrormessage.
#servicehttpdrestart Stoppinghttpd:[OK] Startinghttpd:Syntaxerroronline994of/etc/httpd/conf/httpd.conf: Can'tlocateDateTime/Locale.pmin@INC
Solution8:InstallDateTime/Locale.pmasshownbelow
InstallDateTime/Locale.pmtofixtheaboveapacheerrormessage
#cpan cpan>installDateTime:Locale
Also,inyourapacheerror_logifyouseeDigest/SHA.pmissue,youshouldinstallitasshownbelow.
#tailf/etc/httpd/logs/error_log Can'tlocateDigest/SHA.pmin@INC(@INCcontains: #cpan cpan>installDigest::SHA
25.
variouspackagetypesusedbydifferentLinux/UNIXdistributions.
HowtoViewandExtractFilesfromrpm,deb,depotandmsiPackages bySA SIKA LA onAPRIL19,2010
1.RPMpackageinRedhat/CentOS/Fedora
ListingthefilesfromaRPMpackageusingrpmqlp
$rpmqlpovpc2.1.10.rpm /usr/src/ovpc/5.10.0 /usr/src/ovpc/ovpc2.1.10/examples /usr/src/ovpc/ovpc2.1.10/examples/bin /usr/src/ovpc/ovpc2.1.10/examples/lib /usr/src/ovpc/ovpc2.1.10/examples/test . . . /usr/src/ovpc/ovpc2.1.10/pcs
RPMstandsforRedHatpackagemanager.Thefollowingexampleshowshowtoviewthefiles availableinaRPMpackagewithoutextractingorinstallingtherpmpackage.
ExtractingthefilesfromaRPMpackageusingrpm2cpioandcpio
$rpm2cpioovpc2.1.10.rpm|cpioidmv ./usr/src/ovpc/5.10.0 ./usr/src/ovpc/ovpc2.1.10/examples ./usr/src/ovpc/ovpc2.1.10/examples/bin ./usr/src/ovpc/ovpc2.1.10/examples/lib ./usr/src/ovpc/ovpc2.1.10/examples/test . . . ./usr/src/ovpc/ovpc2.1.10/pcs $ls. usr
RPMisasortofacpioarchive.First,converttherpmtocpioarchiveusingrpm2cpiocommand. Next,usecpiocommandtoextractthefilesfromthearchiveasshownbelow.
2.DebpackageinDebian
debistheextensionofDebiansoftwarepackageformat.*.debisalsousedinotherdistributionsthat
arebasedonDebian.(forexample:Ubuntuuses*.deb)
Listingthefilesfromadebianpackageusingdpkgc
dpkgisthepackagemanagerfordebian.Sousingdpkgcommandyoucanlistandextractthe packages,asshownbelow. Toviewthecontentof*.debfile:
$dpkgcovpc_1.06.943_i386.deb drxrxrxroot/root02010022510:54./ drxrxrxroot/root02010022510:54./ovpc/ drxrxrxroot/root02010022510:54./ovpc/pkg/ drxrxrxroot/root02010022510:54./ovpc/pkg/lib/ drxrxrxroot/root02010022510:48./ovpc/pkg/lib/header/ rxrxrxroot/root1302009102917:06./ovpc/pkg/lib/header/libov.so . . . rxrxrxroot/root1312009102917:06./ovpc/pkg/etc/conf drxrxrxroot/root02010022510:54./ovpc/pkg/etc/conf/log.conf
Extractingthefilesfromadebianpackageusingdpkgx
Usedpkgxtoextractthefilesfromadebpackageasshownbelow.
$dpkgxovpc_1.06.943_i386.deb/tmp/ov $ls/tmp/ov ovpc
Next,extractthecontentofdata.tar.gzfileasshownbelow.
$tarxvzfdata.tar.gz ./ ./ovpc/ ./ovpc/pkg/ ./ovpc/pkg/lib/ ./ovpc/pkg/lib/header/ ./ovpc/pkg/lib/header/libov.so . . ./ovpc/pkg/etc/conf ./ovpc/pkg/etc/conf/log.con
3.DepotpackageinHPUX
Listingthefilesfromadepotpackageusingtarandswlist
DEPOTfileisaHPUXSoftwareDistributorCatalogDepotfile.HPUXdepotsarejustatarfile,with someadditionalinformationasshownbelow.
swlistisaHPUXcommandwhichisusedtodisplaytheinformationaboutthesoftware.Viewthe contentofthedepotpackageasshownbelowusingswlistcommand.
$swlistlfiles/root/ovcsw_3672.depot #Initializing... #Contactingtarget"osgsw"... # #Target:osgsw:/root/ovcsw_3672.depot # #OcswServer8.50.000OcswServerproduct #OcswServer.MGR9.00.140OcsServerOvw /etc /etc/opt /etc/opt/OV /etc/opt/OV/share /etc/opt/OV/share/conf /etc/opt/OV/share/conf/OpC
Extractingthefilesfromadepotpackageusingswcopy
Swcopycommandcopiesormergessoftware_selectionsfromasoftwaresourcetooneormore softwaredepottarget_selections.Usinguncompressoptioninswcopy,youcanextractthefilesfroma depotsoftwarepackage.
$swcopyxuncompress_files=truexenforce_dependencies=falses/root/ovcsw_3672.depot\*@/root/extracted/ $ls/root/extracted MGRcatalogosmsw.log $
Sincedepotfilestarfiles,youcanextractusingnormaltarextractionasshownbelow.
$tarxvffilename
1.SetupKeyBasedAuthentication
Asweveexplainedearliersetupthekeybasedauthenticationasexplainedeitherinsshkeygen and sshcopyidarticleoropenSSHarticle.
[root@localhost]#sshkeygen [root@localhost]#sshcopyidi~/.ssh/id_rsa.pubremotehost
2.Verifythepasswordlessloginbetweenservers
Logintotheremotehostfromlocalhostwithoutenteringthepassword.
[root@localhost]#sshremotehost Lastlogin:SunMar1516:45:402009fromlocalhost [root@remotehost]#
3.ConfigurersnapshotandspecifyRemoteHostBackupDirectories
Defineyourremotehostdestinationbackupdirectoriesin/etc/rsnapshot.confasshownbelow.In thisexample, root@remotehost:/etcSourcedirectoryontheremotehostthatshouldbebackedup.i.eremote backupdestinationdirectory. remotehostbackup/destinationdirectorywherethebackupoftheremotehostwillbestored. Pleasenotethatthisdirectorywillbecreatedunderlocalhost/.snapshots/{internal.n}/directoryas showninthelaststep.
#vi/etc/rsnapshot.conf backuproot@remotehost:/etc/remotehostbackup/exclude=mtab,exclude=core
4.TestrsnapshotConfiguration
PerformconfigurationtesttomakesurersnapshotissetupproperlyandreadytoperformLinuxrsync backup.
#rsnapshotconfigtest SyntaxOK
5.AddCrontabEntryforrsnapshot
Onceyouveverifiedthatthersynchourlyanddailybackupconfigurationsaresetupproperlyinthe rsnapshotcwrsyncutility,itistimetosetthispuppyupinthecrontabasshownbelow.
#crontabe 0*/4***/usr/local/bin/rsnapshothourly 3023***/usr/local/bin/rsnapshotdaily
6.Manuallytesttheremotehostbackuponce
[root@localhost]#/usr/local/bin/rsnapshothourly [root@localhost]#lsl/.snapshots/hourly.0/ total8 drwxrxrx3rootroot4096Jul2204:19remotehostbackup drwxrxrx3rootroot4096Jul1305:07localhost
TroubleshootingTips
Problem:rsnapshotfailedwithERROR:/usr/bin/rsyncreturned20asshownbelow.
[root@localhost]#/usr/local/bin/rsnapshothourly rsyncerror:receivedSIGINT,SIGTERM,orSIGHUP(code20)atrsync.c(260) [receiver=2.6.8] rsnapshotencounteredanerror!Theprogramwasinvokedwiththeseoptions: /usr/local/bin/rsnapshothourly ERROR:/usr/bin/rsyncreturned20whileprocessingcopyman@192.168.2.2:/etc/
Method1:LinuxuseraddCommandCreateUserWithDefault Configurations
Thisisafundamentallowleveltoolforusercreation.Tocreateuserwithdefaultconfigurations useuseraddasshownbelow.
Syntax:#useraddLOGINNAME
Whilecreatingusersasmentionedabove,allthedefaultoptionswillbetakenexceptgroupid.To viewthedefaultoptionsgivethefollowingcommandwiththeoptionD.
$useraddD GROUP=1001 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/sh SKEL=/etc/skel CREATE_MAIL_SPOOL=no
GROUP:Thisistheonlyoptionwhichwillnotbetakenasdefault.Becauseifyoudontspecifyn optionagroupwithsamenameastheuserwillbecreatedandtheuserwillbeaddedtothatgroup.
Toavoidthatandtomaketheuserasthememberofthedefaultgroupyouneedtogivetheoption n. HOME:Thisisthedefaultpathprefixforthehomedirectory.Nowthehomedirectorywillbecreated as/home/USERNAME. INACTIVE:1bydefaultdisablesthefeatureofdisablingtheaccountoncetheuserpasswordhas expired.Tochangethisbehavioryouneedtogiveapositivenumberwhichmeansifthepassword getsexpiredafterthegivennumberofdaystheuseraccountwillbedisabled. EXPIRE:Thedateonwhichtheuseraccountwillbedisabled. SHELL:Usersloginshell. SKEL:Contentsoftheskeldirectorywillbecopiedtotheusershomedirectory. CREATE_MAIL_SPOOL:Accordingtothevaluecreatesordoesnotcreatethemailspool.
Example1:Creatinguserwithallthedefaultoptions,andwithhisowngroup.
#useraddramesh #passwdramesh Changingpasswordforuserramesh. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully. #grepramesh/etc/passwd ramesh:x:500:500::/home/ramesh:/bin/bash #grepramesh/etc/group ramesh:x:500: [Note:defaultuseraddcommandcreatedrameshasusernameandgroup]
Followingexamplecreatesuserrameshwithgroupramesh.UseLinuxpasswdcommandtochange thepasswordfortheuserimmediatelyafterusercreation.
Example2:Creatinganuserwithallthedefaultoptions,andwiththedefaultgroup.
#useraddnsathiya #grepsathiya/etc/passwd sathiya:x:511:100::/home/sathiya:/bin/bash #grepsathiya/etc/group [Note:Norowsreturned,asgroupsathiyawasnotcreated] #grep100/etc/group users:x:100: [Note:useraddncommandcreatedusersathiyawithdefaultgroupid100] #passwdsathiya Changingpasswordforusersathiya. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully. [Note:Alwayssetthepasswordimmediatelyafterusercreation]
Example3:Editingthedefaultoptionsusedbyuseradd.
Thefollowingexampleshowshowtochangethedefaultshellfrom/bin/bashto/bin/kshduring
usercreation.
Syntax:#useraddDshell=<SHELLNAME> #useraddD GROUP=100 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel [Note:Thedefaultshellis/bin/bash] #useraddDs/bin/ksh #useraddD GROUP=100 HOME=/home INACTIVE=1 EXPIRE= SHELL=/bin/ksh SKEL=/etc/skel [Note:Nowthedefaultshellchangedto/bin/ksh] #adduserpriya #greppriya/etc/passwd priya:x:512:512::/home/priya:/bin/ksh [Note:Newusersaregettingcreatedwith/bin/ksh] #useraddDs/bin/bash [Note:Setitbackto/bin/bash,astheaboveisonlyfortestingpurpose]
Method2:LinuxuseraddCommandCreateUsersWithCustom Configurations
Insteadofacceptingthedefaultvalues(forexample,group,shelletc.)thatisgivenbytheuseradd commandasshownintheabovemethod,youcanspecifycustomvaluesinthecommandlineas parameterstotheuseraddcommand.
Syntax:#useradds<SHELL>md<HomeDir>g<Group>UserName
Example4:CrateLinuxUserwithCustomConfigurationsUsinguseraddCommand
Thefollowingexamplecreatesanaccount(lebron)withhomedirectory/home/king,defaultshellas /bin/cshandwithcommentLeBronJames.
#useradds/bin/cshmd/home/kingc"LeBronJames"grootlebron
#greplebron/etc/passwd lebron:x:513:0:LeBronJames:/home/king:/bin/csh
Note:Youcangivethepasswordusingpoption,whichshouldbeencryptedpassword.Oryoucan usethepasswdcommandtochangethepasswordoftheuser.
Method3:LinuxadduserCommandCreateUsersInteractively
Syntax:#adduserUSERNAME
Example5:CreatinganUserInteractivelyWithadduserCommand
#adduserspidey Addinguser`spidey'... Addingnewgroup`spidey'(1007)... Addingnewuser`spidey'(1007)withgroup`spidey'... Creatinghomedirectory`/home/spidey'... Copyingfilesfrom`/etc/skel'... EnternewUNIXpassword: RetypenewUNIXpassword: passwd:passwordupdatedsuccessfully Changingtheuserinformationforspidey Enterthenewvalue,orpressENTERforthedefault FullName[]:PeterParker RoomNumber[]: WorkPhone[]: HomePhone[]: Other[]: Istheinformationcorrect?[y/N]y
Method4:LinuxnewusersCommandCreatingbulkusers
Thisfileformatissameasthepasswordfile.
loginname:password:uid:gid:comment:home_dir:shell
Example6:CreatingLargeNumberofUsersUsingnewusersCommand
IfSimpsonfamilydecidestojoinyourorganizationandneedaccesstoyourLinuxserver,youcan createaccountforallofthemtogetherusingnewuserscommandasshownbelow.
#cathomerfamily.txt homer:HcZ600a9:1008:1000:HomerSimpson:/home/homer:/bin/bash marge:1enz733N:1009:1000:MargeSimpson:/home/marge:/bin/csh bart:1y5eJr8K:1010:1000:BartSimpson:/home/bart:/bin/ksh lisa:VGz638i9:1011:1000:LisaSimpson:/home/lisa:/bin/sh maggie:5lj3YGQo:1012:1000:MaggieSimpson:/home/maggie:/bin/bash
1.HowtomountisofileswithoutwritingittoCD/DVD?
Formountingyouneedtobeloggedinasrootoryoushouldhavesudopermission.Readbelowto findouthowtomountisofileasregularnonrootuser.
2.Howtomountorviewanisofileasanonrootuser?
Anonrootusercanalsomountafile,evenwithoutsudopermission.Usingmidnightcommanderyou canmounttheisofile.Actually,itisreallynotmountingthefile.Butyoucanviewtheisofilecontent
Stepstoviewisofileinmidnightcommander:
3.Howtosolvetheissueisoisnotablockdeviceerror?
Whilemountinganisofileyoumaygetthefollowingerror:
mount:file.isoisnotablockdevice(maybetry`oloop'?)
Problem:
#mount/downloads/Fedora11i386DVD.iso/tmp/mnt mount:/downloads/Fedora11i386DVD.isoisnotablockdevice(maybetry`oloop'?)
Solution:Asitissuggestedbythemountcommand,usetheoloopastheoption.
#mount/downloads/Fedora11i386DVD.iso/tmp/mntoloop
4.Howtoupdatethecontentofanisofile?
ISOfilecontentcannotbeupdatedoncetheISOfileiscreated.Onlywaytodoasofnowis,
Stepstoupdatetheisofile.
5.Extractingfilesfromtheisofileasrootuser?
Mounttheisofileasrootuser,andnavigatetothedirectorytocopytherequiredfilesfromiso.
Stepstomountandextracttheisofileasrootuser.
1. Mounttheisofileasrootuser.
#mount/downloads/debian501i386DVD1.iso/tmp/mntoloop
2. Navigatetothemounteddirectory.
#cd/tmp/mnt
3. Copytherequiredfiles.
#cpsomefileinsideiso/home/test
6.Extractingfilesfromtheisofileasnormaluser?
Viewthecontentofthefileasnonrootuserinmidnight commander ,andthencopyitusing midnightcommandercommandsorusingshellcommands.
Stepstoextractthecontentfromisofileasnonrootuser.
1. 2. 3. 4.
PhotoCourtesy:mattblaze
1.Listthepasswordanditsrelateddetailsforanuser
Syntax:chagelistusername(or)chagelusername $chagelistdhinesh Lastpasswordchange:Apr01,2009 Passwordexpires:never Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:99999 Numberofdaysofwarningbeforepasswordexpires:7
Asshownbelow,anyusercanexecutethechagecommandforhimselftoidentifywhenhis passwordisabouttoexpire.
Ifuserdhineshtriestoexecutethesamecommandforuserramesh,hellgetthefollowingpermission deniedmessage.
$chagelistramesh chage:permissiondenied
Note:However,arootusercanexecutechagecommandforanyuseraccount. WhenuserdhineshchangeshispasswordonApr23rd2009,itwillupdatetheLastpassword changevalueasshownbelow. Pleaserefertoourearlierarticle:Best Practices and Ultimate Guide For Creating Super Strong
Password,whichwillhelpyoutofollowthebestpracticeswhilechangingpasswordforyouraccount.
$date ThuApr2300:15:20PDT2009 $passwddhinesh EnternewUNIXpassword: RetypenewUNIXpassword: passwd:passwordupdatedsuccessfully $chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:never Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:99999 Numberofdaysofwarningbeforepasswordexpires:7
2.SetPasswordExpiryDateforanuserusingchageoptionM
Rootuser(systemadministrators)cansetthepasswordexpirydateforanyuser.Inthefollowing example,userdhineshpasswordissettoexpire10daysfromthelastpasswordchange. PleasenotethatoptionMwillupdatebothPasswordexpiresandMaximumnumberofdays betweenpasswordchangeentriesasshownbelow.
Syntax:#chageMnumberofdaysusername #chageM10dhinesh #chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:never Accountexpires:never Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
3.PasswordExpiryWarningmessageduringlogin
Bydefaultthenumberofdaysofwarningbeforepasswordexpiresissetto7.So,intheabove example,whentheuserdhineshtriestologinonApr30,2009hellgetthefollowingmessage.
$sshdhinesh@testingserver dhinesh@testingserver'spassword: Warning:yourpasswordwillexpirein3days
4.UserForcedtoChangePasswordafterExpiryDate
Ifthepasswordexpirydatereachesanduserdoesntchangetheirpassword,thesystemwillforcethe usertochangethepasswordbeforetheloginasshownbelow.
$sshdhinesh@testingserver dhinesh@testingserver'spassword: Youarerequiredtochangeyourpasswordimmediately(passwordaged) WARNING:Yourpasswordhasexpired.
5.SettheAccountExpiryDateforanUser
YoucanalsousechagecommandtosettheaccountexpirydateasshownbelowusingoptionE.The dategivenbelowisinYYYYMMDDformat.ThiswillupdatetheAccountexpiresvalueasshown below.
#chageE"20090531"dhinesh #chageldhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:never Accountexpires:May31,2009 Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
6.ForcetheuseraccounttobelockedafterXnumberofinactivitydays
Typicallyifthepasswordisexpired,usersareforcedtochangeitduringtheirnextlogin.Youcanalso setanadditionalcondition,whereafterthepasswordisexpired,iftheusernevertriedtologinfor10 days,youcanautomaticallylocktheiraccountusingoptionIasshownbelow.Inthisexample,the Passwordinactivedateissetto10daysfromthePasswordexpiresvalue. Onceanaccountislocked,onlysystemadministratorswillbeabletounlockit.
#chageI10dhinesh #chageldhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:May03,2009 Passwordinactive:May13,2009 Accountexpires:May31,2009 Minimumnumberofdaysbetweenpasswordchange:0 Maximumnumberofdaysbetweenpasswordchange:10 Numberofdaysofwarningbeforepasswordexpires:7
7.Howtodisablepasswordagingforanuseraccount
Toturnoffthepasswordexpirationforanuseraccount,setthefollowing: m0willsettheminimumnumberofdaysbetweenpasswordchangeto0 M99999willsetthemaximumnumberofdaysbetweenpasswordchangeto99999 I1(numberminusone)willsetthePasswordinactivetonever E1(numberminusone)willsetAccountexpirestonever.
#chagem0M99999I1E1dhinesh #chagelistdhinesh Lastpasswordchange:Apr23,2009 Passwordexpires:never Passwordinactive:never
ThisarticlewaswrittenbyDhineshkumarManikannan.Heisworkingat bk Systems (p) Ltd ,and interestedincontributingtotheopensource.TheGeekStuffwelcomesyourtipsand guest articles 30. ifconfig examples :Interfaceconfiguratorcommandifconfigisusedtoinitializethenetwork interfaceandtoenableordisabletheinterfacesasshowninthese7examples.
Ifconfig:7ExamplesToConfigureNetworkInterface byRAM ES H NATARAJA N onMARCH9,2009
Photocourtesyofnew1mproved
1.ViewNetworkSettingsofanEthernetAdapter
#ifconfigeth0 eth0Linkencap:EthernetHWaddr00:2D:32:3E:39:3B inetaddr:192.168.2.2Bcast:192.168.2.255Mask:255.255.255.0 inet6addr:fe80::21d:92ff:fede:499b/64Scope:Link UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1 RXpackets:977839669errors:0dropped:1990overruns:0frame:0 TXpackets:1116825094errors:8dropped:0overruns:0carrier:0 collisions:0txqueuelen:1000 RXbytes:2694625909(2.5GiB)TXbytes:4106931617(3.8GiB) Interrupt:185Baseaddress:0xdc00
Ifconfig,wheninvokedwithnoargumentswilldisplayallthedetailsofcurrentlyactiveinterfaces.If yougivetheinterfacenameasanargument,thedetailsofthatspecificinterfacewillbedisplayed.
2.DisplayDetailsofAllinterfacesIncludingDisabledInterfaces
#ifconfiga
3.DisableanInterface
#ifconfigeth0down
4.EnableanInterface
#ifconfigeth0up
5.AssignipaddresstoanInterface
#ifconfigeth0192.168.2.2
Assign192.168.2.2astheIPaddressfortheinterfaceeth0. ChangeSubnetmaskoftheinterfaceeth0.
#ifconfigeth0netmask255.255.255.0
ChangeBroadcastaddressoftheinterfaceeth0.
#ifconfigeth0broadcast192.168.2.255
Assignipaddress,netmaskandbroadcastatthesametimetointerfaceeht0.
#ifconfigeth0192.168.2.2netmask255.255.255.0broadcast192.168.2.255
6.ChangeMTU
ThiswillchangetheMaximumtransmissionunit(MTU)toXX.MTUisthemaximumnumberof octetstheinterfaceisabletohandleinonetransaction.ForEthernettheMaximumtransmissionunit bydefaultis1500.
#ifconfigeth0mtuXX
7.Promiscuousmode
Bydefaultwhenanetworkcardreceivesapacket,itcheckswhetherthepacketbelongstoitself.If not,theinterfacecardnormallydropsthepacket.Butinpromiscuousmode,thecarddoesntdrop thepacket.Instead,itwillacceptallthepacketswhichflowsthroughthenetworkcard. Superuserprivilegeisrequiredtosetaninterfaceinpromiscuousmode.Mostnetworkmonitortools usethepromiscuousmodetocapturethepacketsandtoanalyzethenetworktraffic. Followingwillputtheinterfaceinpromiscuousmode.
#ifconfigeth0promisc
Followingwillputtheinterfaceinnormalmode.
#ifconfigeth0promisc
PhotocourtesyofRob Shenk
HowToStartupOracleDatabase
1.Logintothesystemwithoracleusername
Typicaloracleinstallationwillhaveoracleasusernameanddbaasgroup.OnLinux,dosutooracle asshownbelow.
$suoracle
2.Connecttooraclesysdba
MakesureORACLE_SIDandORACLE_HOMEaresetproperlyasshownbelow.
$env|grepORA ORACLE_SID=DEVDB ORACLE_HOME=/u01/app/oracle/product/10.2.0
Youcanconnectusingeither/assysdbaoranoracleaccountthathasDBAprivilege.
$sqlplus'/assysdba' SQL*Plus:Release10.2.0.3.0ProductiononSunJan1811:11:282009 Copyright(c)1982,2006,Oracle.AllRightsReserved. Connectedto: OracleDatabase10gEnterpriseEditionRelease10.2.0.3.0Production WiththePartitioningandDataMiningoptions SQL>
3.StartOracleDatabase
ThedefaultSPFILE(serverparameterfile)islocatedunder$ORACLE_HOME/dbs.Oraclewilluse thisSPFILEduringstartup,ifyoudontspecifyPFILE. Oraclewilllookfortheparameterfileinthefollowingorderunder$ORACLE_HOME/dbs.Ifanyone ofthemexist,itwillusethatparticularparameterfile. 1. spfile$ORACLE_SID.ora 2. spfile.ora 3. init$ORACLE_SID.ora TypestartupattheSQLcommandprompttostartupthedatabaseasshownbelow.
SQL>startup ORACLEinstancestarted. TotalSystemGlobalArea812529152bytes FixedSize2264280bytes VariableSize960781800bytes DatabaseBuffers54654432bytes RedoBuffers3498640bytes Databasemounted. Databaseopened. SQL>
IfyouwanttostartupOraclewithPFILE,passitasaparameterasshownbelow.
SQL>STARTUPPFILE=/u01/app/oracle/product/10.2.0/dbs/init.ora
HowToShutdownOracleDatabase
1.NormalShutdown
Duringnormalshutdown,beforetheoracledatabaseisshutdown,oraclewillwaitforallactiveusers todisconnecttheirsessions.Astheparametername(normal)suggest,usethisoptiontoshutdown thedatabaseundernormalconditions.
SQL>shutdown Databaseclosed. Databasedismounted. ORACLEinstanceshutdown. SQL>
2.ShutdownImmediate
Duringimmediateshutdown,beforetheoracledatabaseisshutdown,oraclewillrollbackactive transactionanddisconnectallactiveusers.Usethisoptionwhenthereisaproblemwithyour databaseandyoudonthaveenoughtimetorequestuserstologoff.
SQL>shutdownimmediate; Databaseclosed. Databasedismounted. ORACLEinstanceshutdown. SQL>
3.ShutdownAbort
Duringshutdownabort,beforetheoracledatabaseisshutdown,allusersessionswillbeterminated immediately.Uncomittedtransactionswillnotberolledback.Usethisoptiononlyduringemergency situationswhentheshutdownandshutdownimmediatedoesntwork.
$sqlplus'/assysdba' SQL*Plus:Release10.2.0.3.0ProductiononSunJan1811:11:332009 Copyright(c)1982,2006,Oracle.AllRightsReserved. Connectedtoanidleinstance. SQL>shutdownabort ORACLEinstanceshutdown. SQL>
SimilartomySQL,postgreSQLisveryfamousandfeaturepackedfreeandopensourcedatabase. EarlierwevediscussedseveralinstallationsincludingLAMP stack installation ,Apache2 installation from source ,PHP5 installation from source andmySQL installation . Inthisarticle,letusreviewhowtoinstallpostgreSQLdatabaseonLinuxfromsourcecode.
Step1:DownloadpostgreSQLsourcecode
Step2:InstallpostgreSQL
#tarxvfzpostgresql8.3.7.tar.gz #cdpostgresql8.3.7 #./configure checkingforsgmlspl...no configure:creating./config.status config.status:creatingGNUmakefile config.status:creatingsrc/Makefile.global config.status:creatingsrc/include/pg_config.h config.status:creatingsrc/interfaces/ecpg/include/ecpg_config.h config.status:linking./src/backend/port/tas/dummy.stosrc/backend/port/tas.s config.status:linking./src/backend/port/dynloader/linux.ctosrc/backend/port/dynloader.c config.status:linking./src/backend/port/sysv_sema.ctosrc/backend/port/pg_sema.c config.status:linking./src/backend/port/sysv_shmem.ctosrc/backend/port/pg_shmem.c config.status:linking./src/backend/port/dynloader/linux.htosrc/include/dynloader.h config.status:linking./src/include/port/linux.htosrc/include/pg_config_os.h config.status:linking./src/makefiles/Makefile.linuxtosrc/Makefile.port #make make[3]:Leavingdirectory`/usr/save/postgresql8.3.7/contrib/spi' rmrf./testtablespace mkdir./testtablespace make[2]:Leavingdirectory`/usr/save/postgresql8.3.7/src/test/regress' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/src' makeCconfigall make[1]:Enteringdirectory`/usr/save/postgresql8.3.7/config' make[1]:Nothingtobedonefor`all'. make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/config' AllofPostgreSQLsuccessfullymade.Readytoinstall. #makeinstall makeCtest/regressinstall make[2]:Enteringdirectory`/usr/save/postgresql8.3.7/src/test/regress' /bin/sh../../../config/installshcpg_regress'/usr/local/pgsql/lib/pgxs/src/test/regress/pg_regress' make[2]:Leavingdirectory`/usr/save/postgresql8.3.7/src/test/regress' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/src' makeCconfiginstall make[1]:Enteringdirectory`/usr/save/postgresql8.3.7/config' mkdirp/usr/local/pgsql/lib/pgxs/config /bin/sh../config/installshcm755./installsh'/usr/local/pgsql/lib/pgxs/config/installsh' /bin/sh../config/installshcm755./mkinstalldirs'/usr/local/pgsql/lib/pgxs/config/mkinstalldirs' make[1]:Leavingdirectory`/usr/save/postgresql8.3.7/config' PostgreSQLinstallationcomplete.
enablenls[=LANGUAGES]enableNativeLanguageSupport disableshareddonotbuildsharedlibraries disablerpathdonotembedsharedlibrarysearchpathinexecutables disablespinlocksdonotusespinlocks enabledebugbuildwithdebuggingsymbols(g) enableprofilingbuildwithprofilingenabled enabledtracebuildwithDTracesupport enabledependturnonautomaticdependencytracking enablecassertenableassertionchecks(fordebugging) enablethreadsafetymakeclientlibrariesthreadsafe enablethreadsafetyforceforcethreadsafetydespitethreadtestfailure disablelargefileomitsupportforlargefiles withdocdir=DIRinstallthedocumentationinDIR[PREFIX/doc] withoutdocdirdonotinstallthedocumentation withincludes=DIRSlookforadditionalheaderfilesinDIRS withlibraries=DIRSlookforadditionallibrariesinDIRS withlibs=DIRSalternativespellingofwithlibraries withpgport=PORTNUMchangedefaultportnumber[5432] withtclbuildTclmodules(PL/Tcl) withtclconfig=DIRtclConfig.shisinDIR withperlbuildPerlmodules(PL/Perl) withpythonbuildPythonmodules(PL/Python) withgssapibuildwithGSSAPIsupport withkrb5buildwithKerberos5support withkrbsrvnam=NAMEdefaultserviceprincipalnameinKerberos[postgres] withpambuildwithPAMsupport withldapbuildwithLDAPsupport withbonjourbuildwithBonjoursupport withopensslbuildwithOpenSSLsupport withoutreadlinedonotuseGNUReadlinenorBSDLibeditforediting withlibeditpreferredpreferBSDLibeditoverGNUReadline withosspuuiduseOSSPUUIDlibrarywhenbuildingcontrib/uuidossp withlibxmlbuildwithXMLsupport withlibxsltuseXSLTsupportwhenbuildingcontrib/xml2 withsystemtzdata=DIRusesystemtimezonedatainDIR withoutzlibdonotuseZlib withgnuldassumetheCcompilerusesGNUld[default=no] PostgreSQLInstallationIssue1: Youmayencounterthefollowingerrormessagewhileperforming./configureduringpostgreSQL installation.
#./configure checkingforlreadline...no checkingforledit...no configure:error:readlinelibrarynotfound Ifyouhavereadlinealreadyinstalled,seeconfig.logfordetailsonthe
failure.Itispossiblethecompilerisn'tlookingintheproperdirectory. Usewithoutreadlinetodisablereadlinesupport.
PostgreSQLInstallationSolution1: Installthereadlinedevelandlibtermcapdeveltosolvetheaboveissue.
#rpmivhlibtermcapdevel2.0.846.1.i386.rpmreadlinedevel5.11.1.i386.rpm warning:libtermcapdevel2.0.846.1.i386.rpm:HeaderV3DSAsignature:NOKEY,keyID1e5e0159 Preparing...###########################################[100%] 1:libtermcapdevel###########################################[50%] 2:readlinedevel###########################################[100%]
Step3:VerifythepostgreSQLdirectorystructure
Aftertheinstallation,makesurebin,doc,include,lib,manandsharedirectoriesarecreatedunder thedefault/usr/local/pgsqldirectoryasshownbelow.
#lsl/usr/local/pgsql/ total24 drwxrxrx2rootroot4096Apr823:25bin drwxrxrx3rootroot4096Apr823:25doc drwxrxrx6rootroot4096Apr823:25include drwxrxrx3rootroot4096Apr823:25lib drwxrxrx4rootroot4096Apr823:25man drwxrxrx5rootroot4096Apr823:25share
Step4:CreatepostgreSQLuseraccount
#adduserpostgres #passwdpostgres Changingpasswordforuserpostgres. NewUNIXpassword: RetypenewUNIXpassword: passwd:allauthenticationtokensupdatedsuccessfully.
Step5:CreatepostgreSQLdatadirectory
Createthepostgresdatadirectoryandmakepostgresuserastheowner.
#mkdir/usr/local/pgsql/data #chownpostgres:postgres/usr/local/pgsql/data #lsld/usr/local/pgsql/data drwxrxrx2postgrespostgres4096Apr823:26/usr/local/pgsql/data
Step6:InitializepostgreSQLdatadirectory
BeforeyoucanstartcreatinganypostgreSQLdatabase,theemptydatadirectorycreatedintheabove stepshouldbeinitializedusingtheinitdbcommandasshownbelow.
#supostgres #/usr/local/pgsql/bin/initdbD/usr/local/pgsql/data/ Thefilesbelongingtothisdatabasesystemwillbeownedbyuserpostgres Thisusermustalsoowntheserverprocess. Thedatabaseclusterwillbeinitializedwithlocaleen_US.UTF8. ThedefaultdatabaseencodinghasaccordinglybeensettoUTF8. Thedefaulttextsearchconfigurationwillbesetto"english".
fixingpermissionsonexistingdirectory/usr/local/pgsql/data...ok creatingsubdirectories...ok selectingdefaultmax_connections...100 selectingdefaultshared_buffers/max_fsm_pages...32MB/204800 creatingconfigurationfiles...ok creatingtemplate1databasein/usr/local/pgsql/data/base/1...ok initializingpg_authid...ok initializingdependencies...ok creatingsystemviews...ok loadingsystemobjects'descriptions...ok creatingconversions...ok creatingdictionaries...ok settingprivilegesonbuiltinobjects...ok creatinginformationschema...ok vacuumingdatabasetemplate1...ok copyingtemplate1totemplate0...ok copyingtemplate1topostgres...ok WARNING:enabling"trust"authenticationforlocalconnections Youcanchangethisbyeditingpg_hba.conforusingtheAoptionthe nexttimeyouruninitdb. Success.Youcannowstartthedatabaseserverusing: /usr/local/pgsql/bin/postgresD/usr/local/pgsql/data or /usr/local/pgsql/bin/pg_ctlD/usr/local/pgsql/datallogfilestart
Step7:ValidatethepostgreSQLdatadirectory
MakesureallpostgresDBconfigurationfiles(Forexample,postgresql.conf)arecreatedunderthe datadirectoryasshownbelow.
$lsl/usr/local/pgsql/data total64 drwx5postgrespostgres4096Apr823:29base drwx2postgrespostgres4096Apr823:29global drwx2postgrespostgres4096Apr823:29pg_clog rw1postgrespostgres3429Apr823:29pg_hba.conf rw1postgrespostgres1460Apr823:29pg_ident.conf drwx4postgrespostgres4096Apr823:29pg_multixact drwx2postgrespostgres4096Apr823:29pg_subtrans drwx2postgrespostgres4096Apr823:29pg_tblspc drwx2postgrespostgres4096Apr823:29pg_twophase rw1postgrespostgres4Apr823:29PG_VERSION drwx3postgrespostgres4096Apr823:29pg_xlog rw1postgrespostgres16592Apr823:29postgresql.conf
Step8:StartpostgreSQLdatabase
UsethepostgrespostmastercommandtostartthepostgreSQLserverinthebackgroundasshown below.
$/usr/local/pgsql/bin/postmasterD/usr/local/pgsql/data>logfile2>&1& [1]2222
Step9:CreatepostgreSQLDBandtesttheinstallation
Createatestdatabaseandconnecttoittomakesuretheinstallationwassuccessfulasshownbelow. Onceyoustartusingthedatabase,takebackupsfrequentlyasmentionedinhow to backup and restore PostgreSQL article.
$/usr/local/pgsql/bin/createdbtest $/usr/local/pgsql/bin/psqltest Welcometopsql8.3.7,thePostgreSQLinteractiveterminal. Type:\copyrightfordistributionterms \hforhelpwithSQLcommands \?forhelpwithpsqlcommands \gorterminatewithsemicolontoexecutequery \qtoquit test=#
PhotocourtesyofKCIvey
ListofSysRqCommandKeys
iSendtheSIGKILLsignaltoallprocessesexceptinit rSwitchthekeyboardfromrawmode(themodeusedbyprogramssuchasX11),toXLATEmode. ssyncallmountedfilesystem. tOutputalistofcurrenttasksandtheirinformationtotheconsole. uRemountallmountedfilesystemsinreadonlymode. oShutdownthesystemimmediately. pPrintthecurrentregistersandflagstotheconsole. 09Setstheconsoleloglevel,controllingwhichkernelmessageswillbeprintedtoyourconsole. fWillcalloom_killtokillprocesswhichtakesmorememory. hUsedtodisplaythehelp.Butanyotherkeysthantheabovelistedwillprinthelp. Wecanalsodothisbyechoingthekeystothe/proc/sysrqtriggerfile.Forexample,toreboota systemyoucanperformthefollowing.
echo"b">/proc/sysrqtrigger
PerformaSaferebootofLinuxusingMagicSysRqKey
ToperformasaferebootofaLinuxcomputerwhichhangsup,dothefollowing.Thiswillavoidthe fsckduringthenextrebooting.i.ePressAlt+SysRq+letterhighlightedbelow. unRaw(takecontrolofkeyboardbackfromX11, tErminate(sendSIGTERMtoallprocesses,allowingthemtoterminategracefully), kIll(sendSIGILLtoallprocesses,forcingthemtoterminateimmediately), Sync(flushdatatodisk), Unmount(remountallfilesystemsreadonly), reBoot. ThisarticlewaswrittenbyLakshmananG.Heisworkingin bk Systems (p) Ltd ,andinterestedin contributingtotheopensource.TheGeekStuffwelcomesyourtipsand guest articles 34. Wakeonlan Tutorial :UsingWakeonlanWOL,youcanturnontheremoteserverswhereyou donthavephysicalaccesstopressthepowerbutton.
WOLWakeonlanGuide:TurnOnServersRemotelyWithoutPhysicalAccess byRAM ES H NATARAJA N onNOVEMBER27,2008
PhotocourtesyofJamison Judd ThisisaguestpostwrittenbySathiyaMoorthy. Wakeonlan(wol)enablesyoutoswitchONremoteserverswithoutphysicallyaccessingit. WakeonlansendsmagicpacketstowakeonLANenabledethernetadaptersandmotherboardsto switchonremotecomputers. Bymistake,whenyoushutdownasysteminsteadofrebooting,youcanuseWakeonlantopoweron theserverremotely.Also,Ifyouhaveaserverthatdontneedtobeupandrunning247,youcan turnoffandturnontheserverremotelyanytimeyouwant. ThisarticlegivesabriefoverviewofWakeOnLANandinstructionstosetupWakeonlanfeature.
OverviewofWakeOnLAN
YoucanuseWakeonlanwhenamachineisconnectedtoLAN,andyouknowtheMACaddressofthat machine. YourNICshouldsupportwakeonlanfeature,anditshouldbeenabledbeforethe shutdown.Inmostcases,bydefaultwakeonlanisenabledontheNIC. Youneedtosendthemagicpacketfromanothermachinewhichisconnectedtothesamenetwork( LAN).Youneedrootaccesstosendmagicpacket.wakeonlanpackageshouldbeinstalledonthe machine. Whenthesystemcrashesbecauseofpowerfailure,forthefirsttimeyoucannotswitchonyour machineusingthisfacility.Butafterthefirstfirstbootyoucanusewakeonlantoturniton,ifthe servergetsshutdownforsomereason. WakeonLanisalsoreferredaswol.
CheckwhetherwolissupportedontheNIC
ExecutethefollowingethtoolcommandintheserverwhichyouwanttoswitchONfromaremote place.
#ethtooleth0 Settingsforeth0: Supportedports:[TPMII] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full Supportsautonegotiation:Yes Advertisedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full Advertisedautonegotiation:Yes Speed:100Mb/s Duplex:Full Port:MII PHYAD:1 Transceiver:internal Autonegotiation:on SupportsWakeon:pumbg[Note:checkwhetherflaggispresent] Wakeon:g[Note:gmeanenabled.dmeansdisabled] Currentmessagelevel:0x00000001(1) Linkdetected:yes
IfSupportsWakeonisg,thenthesupportforwolfeatureisenabledontheNICcard.
EnablingwoloptionontheEthernetCard
#ethtoolseth0wolg
Installwakeonlanpackageonadifferentmachine
Installthewakeonlanpackageinthemachinefromwhereyouneedtosendthemagicpacketto
switchonyourserver.
#aptgetinstallwakeonlan
35.
ThisisaguestpostwrittenbySathiyaMoorthy. lshw(HardwareLister)commandgivesacomprehensivereportaboutallhardwareinyoursystem. Thisdisplaysdetailedinformationaboutmanufacturer,serialnumberofthesystem,motherboard, CPU,RAM,PCIcards,disks,networkcardetc., Usinglshw,youcangetinformationaboutthehardwarewithouttouchingascrewdrivertoopenthe serverchassis.Thisisalsoveryhelpfulwhentheserverislocatedinaremotedatacenter,whereyou donthavephysicalaccesstotheserver. Inourpreviousarticle,wediscussedabouthowtodisplayhardwareinformationonlinux usingdmidecode command .Inthisarticle,letusreviewhowtoviewthehardwarespecifications usinglshwcommand.
Photocourtesyofviagallery.com
Downloadlshw
Installlshw
#make
Installlshwasshownbelow.Thiswillinstalllshwinthe/usr/sbindirectory.
#makeinstall makeCsrcinstall make[1]:Enteringdirectory`/usr/src/lshwB.02.13/src' makeCcoreall make[2]:Enteringdirectory`/usr/src/lshwB.02.13/src/core' make[2]:Nothingtobedonefor`all'. make[2]:Leavingdirectory`/usr/src/lshwB.02.13/src/core' g++L./core/gWl,asneededolshwlshw.ollshwlresolv installpdm0755///usr/sbin installpm0755lshw///usr/sbin installpdm0755///usr/share/man/man1 installpm0644lshw.1///usr/share/man/man1
lshwOutputLayout
Whenexecutinglshwwithoutoption,youwillgetdetailedinformationonthehardware configurationofthemachineintextformat.Followingisthestructureoflshwoutput.
systeminformation motherboardinformation cpuinformation cache,logicalcpu memory capacity,totalsize,individualbankinformation pcislotinformation ideslotinformation diskinformation totalsize,partition, usbslotinformation network
Followingisthepartialoutputoflshwcommand.
#lshw|head localhost description:RackMountChassis product:PowerEdge2850 vendor:DellComputerCorporation serial:1234567 width:32bits capabilities:smbios2.3dmi2.3smp1.4smp configuration:boot=normalchassis=rackmountcpus=2uuid=12345 *core description:Motherboard
Note:lshwmustberunasroottogetafullreport.lshwwilldisplaypartialreportwithawarning messageasshownbelowwhenyouexecuteitfromanonrootuser.
jsmith@localhost~>/usr/sbin/lshw WARNING:youshouldrunthisprogramassuperuser.
lshwClasses
Togetinformationaboutaspecifichardware,youcanuseclassoption.Followingclassescanbe usedwiththeclassoptioninthelshwcommand.
address bridge bus communication disk display generic input memory multimedia network
GetInformationabouttheDisksusinglshw
Theexamplebelowwilldisplayalltheinformationaboutthedisksonthesystem.Thisindicatesthat the/dev/sdaisaSCSIDisk,RAID1configurationwithatotalcapacityof68G.
#lshwclassdisk *disk description:SCSIDisk product:LD0RAID169G vendor:MegaRAID physicalid:2.0.0 businfo:scsi@0:2.0.0 logicalname:/dev/sda version:516A size:68GiB(73GB) capabilities:partitionedpartitioned:dos configuration:ansiversion=2signature=000e1213
GetInformationaboutPhysicalMemory(RAM)oftheSystem
Pleasenotethatonlypartialoutputisshownbelow.
#lshwclassmemory *memory description:SystemMemory size:512MB capacity:2GB *bank:8 description:DIMMSynchronous[empty] *bank:9 description:DIMMSynchronous size:512MB width:32bits
GenerateCompactHardwareReportUsinglshw
Bydefaultlshwcommandgeneratesmultipagedetailedreport.Togenerateacompactreportuse shortoptionasshownbelow.Onlypartialoutputisshownbelow.
#lshwshort H/WpathDeviceClassDescription ======================================================= systemPowerEdge2850 /0bus12345 /0/0memory64KiBBIOS /0/400processorIntel(R)Xeon(TM)CPU3.40GHz /0/400/700memory16KiBL1cache /0/400/701memory1MiBL2cache /0/400/702memoryL3cache
/0/400/1.1processorLogicalCPU /0/1000memory4GiBSystemMemory /0/1000/0memory1GiBDIMMSynchronous400MHz(2.5ns) /0/1000/1memory1GiBDIMMSynchronous400MHz(2.5ns) /0/100/6/0/4eth2network82546EBGigabitEthernetController(Copper) /0/100/6/0/4.1eth3network82546EBGigabitEthernetController(Copper) /0/100/6/0.2bridge6700PXHPCIExpresstoPCIBridgeB /0/100/6/0.2/2busThorLightPulseFibreChannelHostAdapter /0/100/1ebridge82801PCIBridge /0/100/1e/ddisplayRadeonRV100QY[Radeon7000/VE]
GenerateHTMLorXMLHardwareReportUsinglshw
YoucangenerateaHTMLorXMLoutputfromthelshwcommanddirectlyasshownbelow.
#lshwhtml>hwinfo.html #lshwxml>hwinfo.xml
ThisarticlewaswrittenbySathiyaMoorthy,developerof enterprise postgres query analyser ,an efficienttoolforparsingpostgresqllogtogeneratehtmlreport,whichcanbeusedforfinetuningthe postgressettings,andsqlqueries.TheGeekStuffwelcomesyourtipsand guest articles . 36. View hardware spec using dmidecode :dmidecodecommandreadsthesystemDMItableto displayhardwareandBIOSinformationoftheserver.Apartfromgettingcurrentconfigurationofthe system,youcanalsogetinformationaboutmaximumsupportedconfigurationofthesystemusing dmidecode.Forexample,dmidecodegivesboththecurrentRAMonthesystemandthemaximum RAMsupportedbythesystem.
HowToGetHardwareInformationOnLinuxUsingdmidecodeCommand byRAM ES H NATARAJA N onNOVEMBER10,2008
1.Overviewofdmidecode
Distributed Management Task Force maintainstheDMI specification andSMBIOS specification .The outputofthedmidecodecontainsseveralrecordsfromtheDMI(DesktopManagementinterface) table. FollowingistherecordformatofthedmidecodeoutputoftheDMItable.
RecordHeader:Handle{recordid},DMItype{dmitypeid},{recordsize}bytes RecordValue:{multilinerecordvalue}
recordid:UniqueidentifierforeveryrecordintheDMItable. dmitypeid:Typeoftherecord.i.eBIOS,Memoryetc.,
GetthetotalnumberofrecordsintheDMItableasshownbelow:
#dmidecode|grep^Handle|wcl 56 (or) #dmidecode|grepstructures 56structuresoccupying1977bytes.
2.DMITypes
DMITypeidwillgiveinformationaboutaparticularhardwarecomponentofyoursystem.Following commandwithtypeid4willgettheinformationaboutCPUofthesystem.
#dmidecodet4 #dmidecode2.9 SMBIOS2.3present. Handle0x0400,DMItype4,35bytes ProcessorInformation SocketDesignation:Processor1 Type:CentralProcessor Family:Xeon Manufacturer:Intel ID:290F0000FFFBEBBF Signature:Type0,Family15,Model2,Stepping9 Flags: FPU(Floatingpointunitonchip) VME(Virtualmodeextension) DE(Debuggingextension) PSE(Pagesizeextension) TSC(Timestampcounter) MSR(Modelspecificregisters)
FollowingarethedifferentDMItypesavailable.
TypeInformation 0BIOS 1System 2BaseBoard 3Chassis 4Processor 5MemoryController 6MemoryModule 7Cache 8PortConnector 9SystemSlots 10OnBoardDevices 11OEMStrings 12SystemConfigurationOptions 13BIOSLanguage 14GroupAssociations 15SystemEventLog 16PhysicalMemoryArray 17MemoryDevice 1832bitMemoryError 19MemoryArrayMappedAddress 20MemoryDeviceMappedAddress 21BuiltinPointingDevice 22PortableBattery 23SystemReset 24HardwareSecurity 25SystemPowerControls 26VoltageProbe 27CoolingDevice 28TemperatureProbe 29ElectricalCurrentProbe 30OutofbandRemoteAccess 31BootIntegrityServices 32SystemBoot 3364bitMemoryError 34ManagementDevice 35ManagementDeviceComponent 36ManagementDeviceThresholdData 37MemoryChannel 38IPMIDevice 39PowerSupply
Insteadoftype_id,youcanalsopassthekeywordtothetoptionofthedmidecodecommand. Followingaretheavailablekeywords.
KeywordTypes bios0,13 system1,12,15,23,32 baseboard2,10 chassis3
Forexample,togetallthesystembaseboardrelatedinformationexecutethefollowingcommand, whichwilldisplaythetype_id2and10
#dmidecodetbaseboard #dmidecode2.9 SMBIOS2.3present. Handle0x0200,DMItype2,9bytes BaseBoardInformation Manufacturer:DellComputerCorporation ProductName:123456 Version:A05 SerialNumber:..CN123456789098. Handle0x0A00,DMItype10,14bytes OnBoardDevice1Information Type:SCSIController Status:Enabled Description:LSILogic53C1030Ultra320SCSI OnBoardDevice2Information Type:SCSIController Status:Enabled Description:LSILogic53C1030Ultra320SCSI OnBoardDevice3Information Type:Video Status:Enabled Description:ATIRageXLPCIVideo OnBoardDevice4Information Type:Ethernet Status:Enabled Description:BroadcomGigabitEthernet1 OnBoardDevice5Information Type:Ethernet Status:Enabled Description:BroadcomGigabitEthernet2
3.GetPhysicalMemory(RAM)informationusingdmidecode
WhatisthemaximumRAMsupportedbythesystem?Inthisexample,thissystemcansupport maximum8GBofRAM.
#dmidecodet16 #dmidecode2.9 SMBIOS2.3present. Handle0x1000,DMItype16,15bytes PhysicalMemoryArray Location:SystemBoardOrMotherboard Use:SystemMemory
HowmuchmemorycanIexpandto?From/proc/meminfoyoucanfindoutthetotalcurrent memoryofyoursystemasshownbelow.
#grepMemTotal/proc/meminfo MemTotal:1034644kB
ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:NoModuleInstalled[Note:Slot3isempty] FormFactor:DIMM Set:2 Locator:DIMM_2A BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns) Handle0x1103,DMItype17,23bytes MemoryDevice ArrayHandle:0x1000 ErrorInformationHandle:NotProvided TotalWidth:72bits DataWidth:64bits Size:NoModuleInstalled[Note:Slot4isempty] FormFactor:DIMM Set:2 Locator:DIMM_2B BankLocator:NotSpecified Type:DDR TypeDetail:Synchronous Speed:266MHz(3.8ns)
4.GetBIOSinformationusingdmidecode
#dmidecodetbios #dmidecode2.9 SMBIOS2.3present. Handle0x0000,DMItype0,20bytes BIOSInformation Vendor:DellComputerCorporation Version:A07 ReleaseDate:01/13/2004 Address:0xF0000 RuntimeSize:64kB ROMSize:4096kB Characteristics: ISAissupported PCIissupported PNPissupported BIOSisupgradeable BIOSshadowingisallowed ESCDsupportisavailable BootfromCDissupported Selectablebootissupported EDDissupported
JapanesefloppyforToshiba1.2MBissupported(int13h) 5.25"/360KBfloppyservicesaresupported(int13h) 5.25"/1.2MBfloppyservicesaresupported(int13h) 3.5"/720KBfloppyservicesaresupported(int13h) 8042keyboardservicesaresupported(int9h) Serialservicesaresupported(int14h) CGA/monovideoservicesaresupported(int10h) ACPIissupported USBlegacyissupported LS120bootissupported BIOSbootspecificationissupported Functionkeyinitiatednetworkbootissupported Handle0x0D00,DMItype13,22bytes BIOSLanguageInformation InstallableLanguages:1 en|US|iso88591 CurrentlyInstalledLanguage:en|US|iso88591
5.ViewManufacturer,ModelandSerialnumberoftheequipmentusingdmidecode
Youcangetinformationaboutthemake,modelandserialnumberoftheequipmentasshownbelow:
#dmidecodetsystem #dmidecode2.9 SMBIOS2.3present. Handle0x0100,DMItype1,25bytes SystemInformation Manufacturer:DellComputerCorporation ProductName:PowerEdge1750 Version:NotSpecified SerialNumber:1234567 UUID:4123454C41231123812312345603431 WakeupType:PowerSwitch Handle0x0C00,DMItype12,5bytes SystemConfigurationOptions Option1:NVRAM_CLR:ClearusersettableNVRAMareasandsetdefaults Option2:PASSWD:Closetoenablepassword Handle0x2000,DMItype32,11bytes SystemBootInformation Status:Noerrorsdetected
10TipstoUseYourHardwareandSoftware VendorSupportEffectively
byRAMESHNATARAJAN onSEPTEMBER29,2008 Photocourtesyofwraithtdk
Companiespurchasesupportformostoftheirenterprisehardwares(servers,switches,routers,firewallsetc.,)and softwares(databases,OS,applications,frameworksetc.,).Theyspendlotofcashonsupportmainlyfortwo reasons:1)Togethelpfromvendorstofixcriticalproductionissues2)Tokeepuptodatewiththelatestversionof thesoftwareandsecuritypatchesreleasedbythevendors.Inthisarticle,Ivegiven10practicaltipsforDBAs, sysadminsanddeveloperstousetheirhardwareandsoftwaresupporteffectively.
1.UsetheKnowledgeBase
Mostvendorshavededicatedsupportwebsiteincludingaseparateknowledgebasesectionwithlotofwhitepapers, bestpracticedocuments,troubleshootingtipsandtricks.Usetheknowledgebasesectionofsupportwebsitetolearn andexpandyourknowledge.Mostofthetime,thebestpossiblesolutiontosolveaspecificproblemcanbefound fromtheknowledgebaseorforumofyourvendorsupportwebsite.Forexample,whenyouhaveanissuesettingup AutomaticStorageManagementduringOracle11ginstallation,Oraclessupportwebsitemetalink,willgiveyou appropriatesolutionthansearchingGoogle.
2.Usesupportwebsitetocreateticket
Insteadofcallingthesupportoverphone,usetheirwebsitetocreateaticket.Itis noteasytoexplaincomplextechnicalissueindetailtothesupportpersonover phone.Evenwhenyoutaketimetoexplaintheissueindetailoverphone,theymay stillmisslotofdetailsorwritetheissuedescriptionlittledifferently.Thiswillcause unnecessarydelay,asyouvetoexplaintheproblemagaintothesupportengineer whowillbeassignedtotheticket.Ifyoucreatetheticketyourselffromtheir website,youcanuploadallthesupportingmaterialsandcopy/pastetheerror message.Afteryoucreateaticketfromtheirwebsite,callthesupporttofollowupandmakesureanengineeris gettingassignedtoitimmediately.Iftheydonthaveasupportwebsite,askthemwhetheryoucancreateaticketby sendinganemail.
3.Explaintheissueindetail
Provideasmuchasinformationpossibleintheticketdescription.Dontassumethat thesupportengineerwillunderstandtheissuejustbylookingattheerrormessage youveprovided.Providingasmuchasinformationupfrontintheticketwillhelp youavoidlotofwastedtimegoingbackandforthexplainingtheissuesindetailto thesupport.Provideaclearstepbystepinstructionsonhowtoreproducetheissue.
4.Dosomeresearchanddebuggingbeforesubmittingthe ticket
Beforecreatingaticket,performsomebasicdebuggingtoeliminatesomeofthecommonissues.Attachrelatedlog filesanddebuggingoutputtotheticket.Ifyouveworkedwithyourvendorbefore,youllhaveagoodideaofallthe basiclogfilesandtestingtheymayaskyoutoperform.Dontwaitforthemtoaskthesamethingagain.Goahead
anddothosebasictestingyourselfandattachallthelogfilestotheticket.
5.Dontwastetimewithfirstlevelofsupport
Dealingwithfirstlevelofsupportiswasteoftimeforcomplexissues.Ifyouvedone#2,#3and#4mentioned aboveproperly,callthesupportanddemandthemtoescalateittothesecondlevelofsupport.Iftheydontrespond properly,escalatetheissuethroughvendorsaccountmanagerassignedtoyourcompany.
6.Usesupportforyourresearchproject
Dontjustcallsupportonlyforproductionissues.Callthemevenforyourresearchproject.Forexample,ifyouare performingaprototypeofanewsoftwarethatwasreleasedbyyourvendor,callthesupporttogettheirhelpwhen yougetstuck.Whenyouaretestingtheirnewbleedingedgesoftware,thatwasreleasedrecently,mostofthe vendorswillevenassignadedicatedresourcetohelpyouresolvetheissue,astheywanttofixalltheissuesintheir newsoftwareassoonasposible.
7.Setupyoursupportprofile
Anytimeyoucreateaticket,youmayhavetorepeatedlyentersomebasicinformationrelatedtoyouraccountand environment.Mostofthesupportsitehastheabilitytosetupaprofilewithallthebasicinformation,whichyoucan usewhenyouarecreatingaticket.Thiswillspeeduptheticketcreationprocess.
8.Setupsupportaccessforadmins
MakesureallyourDBAs,sysadminsandseniordevelopershaveaccesstothesupportwebsite.Ifyouaretheonly personwhohasaccesstosupportwebsite,identifyanotherbackupresourceforyouandmakesuretheyknowhow toaccessthesupportwebsitetocreateaticket,whenyouarenotavailable.Also,createaseparatesupportaccess documentwithvendorssupporttelephonenumber,youraccountnumber,supportwebsiteURLandputitina sharedareawherealladminscanaccessit.
9.Subscribetosecurityalert
ItisveryimportantforDBAs,sysadmins,andseniordeveloperstosubscribetothesecurityalertsfromthesupport website.Ifthereareanycriticalsecurityupdatesthataffectsyourhardwareandsoftware,itshouldbeimmediately testedontestenvironmentandmovedtoproduction.Ihaveseenadminswhoreceivethesecurityalerts,butdont readthoseemailsconsistently.Itisveryimportanttoactonsecurityalertsfromyourvendorsimmediately.
10.Getofficialdocumentationanddiagnosticstools
Usesupporttogetofficialdocumentationforyourhardwareandsoftware.Callyourvendorsupportandaskfor diagnosticstoolsandbestpracticedocumentsformaintainingyourhardwareandsoftware.Mostofushatetoread documentation.Butexperienceddevelopersandadminsunderstandthatreadingofficialdocumentationof hardwareandsoftwarewillgivethemindepthunderstandingabouttheproduct.
Doyouusesupportfromyourhardwareandsoftwarevendors?Ifyouhaveanytips,pleaseleaveacomment. Ifyoulikedthisarticle,pleasebookmarkitondeliciousandstumbleit.
agoodchoice,ifyouwanttokeepthingssimpleandjustusethedefaultconfiguration.
HowToInstallOrUpgradeLAMP:Linux,Apache,MySQLandPHPStackUsingYum byRAM ES H NATARAJA N onSEPTEMBER15,2008
1.InstallApacheusingYum
#rpmqa|grephttpd [Note:Iftheabovecommanddidnotreturnanything, installapacheasshownbelow] #yuminstallhttpd
VerifythatApachegotinstalledsuccessfully
#rpmqa|grepihttp httpdtools2.2.91.fc9.i386 httpd2.2.91.fc9.i386
Enablehttpdservicetostartautomaticallyduringsystemstartupusingchkconfig.StarttheApache asshownbelow.
#chkconfighttpdon #servicehttpdstart Startinghttpd:[OK]
2.UpgradeApacheusingYum
IfyouveselectedwebserverpackageduringLinuxinstallation,Apacheisalreadyinstalledonyour Linux.Inwhichcase,youcanupgradeApachetothelatestversionasshownbelow. CheckwhetherApacheisalreadyinstalled.
#rpmqa|grepihttp httpdtools2.2.83.i386 httpd2.2.83.i386 [Note:ThisindicatesthatApache2.2.8versionisinstalledalready] #yumcheckupdatehttpd Loadedplugins:refreshpackagekit httpd.i3862.2.91.fc9updates [Note:ThisindicatesthatthelatestApacheversion2.2.9 isavailableforupgrade]
CheckwhetherlatestversionofApacheisavailableforinstallationusingyum.
UpgradeApachetolatestversionusingyum.
#yumupdatehttpd
Outputoftheyumupdatehttpdcommand:
Loadedplugins:refreshpackagekit SettingupUpdateProcess
ResolvingDependencies >Runningtransactioncheck >Packagehttpd.i3860:2.2.91.fc9settobeupdated >ProcessingDependency:httpdtools=2.2.91.fc9forpackage:httpd >Runningtransactioncheck >Packagehttpdtools.i3860:2.2.91.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Updating: httpdi3862.2.91.fc9updates975k httpdtoolsi3862.2.91.fc9updates69k TransactionSummary =============================================================== ============== Install0Package(s) Update2Package(s) Remove0Package(s) Totaldownloadsize:1.0M Isthisok[y/N]:y DownloadingPackages: (1/2):httpdtools2.2.91.fc9.i386.rpm|69kB00:00 (2/2):httpd2.2.91.fc9.i386.rpm|975kB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Updating:httpdtools[1/4] Updating:httpd[2/4] Cleanup:httpd[3/4] Cleanup:httpdtools[4/4] Updated:httpd.i3860:2.2.91.fc9httpdtools.i3860:2.2.91.fc9 Complete!
VerifywhethertheApachegotupgradedsuccessfully.
#rpmqa|grepihttp
3.InstallMySQLusingYum
Yumisverysmarttoidentifyallthedependenciesandinstallthoseautomatically.Forexample,while
installingmysqlserverusingyum,italsoautomaticallyinstallsthedependedmysqllibs,perlDBI, mysql,perlDBDMySQLpackagesasshownbelow.
#yuminstallmysqlserver
Outputofyuminstallmysqlservercommand:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagemysqlserver.i3860:5.0.51a1.fc9settobeupdated >ProcessingDependency:libmysqlclient_r.so.15formysqlserver >ProcessingDependency:libmysqlclient.so.15formysqlserver >ProcessingDependency:perlDBIforpackage:mysqlserver >ProcessingDependency:mysql=5.0.51a1.fc9forpackage:mysqlserver >ProcessingDependency:libmysqlclient.so.15forpackage:mysqlserver >ProcessingDependency:perl(DBI)forpackage:mysqlserver >ProcessingDependency:perlDBDMySQLforpackage:mysqlserver >ProcessingDependency:libmysqlclient_r.so.15forpackage:mysqlserver >Runningtransactioncheck >Packagemysql.i3860:5.0.51a1.fc9settobeupdated >Packagemysqllibs.i3860:5.0.51a1.fc9settobeupdated >PackageperlDBDMySQL.i3860:4.0058.fc9settobeupdated >PackageperlDBI.i3860:1.6071.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: mysqlserveri3865.0.51a1.fc9fedora9.8M Installingfordependencies: mysqli3865.0.51a1.fc9fedora2.9M mysqllibsi3865.0.51a1.fc9fedora1.5M perlDBDMySQLi3864.0058.fc9fedora165k perlDBIi3861.6071.fc9updates776k TransactionSummary =============================================================== ============== Install5Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:15M Isthisok[y/N]:y DownloadingPackages: (1/5):perlDBDMySQL4.0058.fc9.i386.rpm|165kB00:00
(2/5):perlDBI1.6071.fc9.i386.rpm|776kB00:00 (3/5):mysqllibs5.0.51a1.fc9.i386.rpm|1.5MB00:00 (4/5):mysql5.0.51a1.fc9.i386.rpm|2.9MB00:00 (5/5):mysqlserver5.0.51a1.fc9.i386.rpm|9.8MB00:01 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:mysqllibs[1/5] Installing:perlDBI[2/5] Installing:mysql[3/5] Installing:perlDBDMySQL[4/5] Installing:mysqlserver[5/5] Installed:mysqlserver.i3860:5.0.51a1.fc9 DependencyInstalled: mysql.i3860:5.0.51a1.fc9mysqllibs.i3860:5.0.51a1.fc9 perlDBDMySQL.i3860:4.0058.fc9perlDBI.i3860:1.6071.fc9 Complete!
VerifywhetherMySQLgotinstalledproperly.
#rpmqa|grepimysql phpmysql5.2.62.fc9.i386 mysqllibs5.0.51a1.fc9.i386 mysqlserver5.0.51a1.fc9.i386 perlDBDMySQL4.0058.fc9.i386 mysql5.0.51a1.fc9.i386 #mysqlV
mysqlVer14.12Distrib5.0.51a,forredhatlinuxgnu(i386)usingreadline5.0
ConfigureMySQLtostartautomaticallyduringsystemstartup.
#chkconfigmysqldon #servicemysqldstart
whichwillalsogiveyoutheoptionofremovingthetest databasesandanonymoususercreatedbydefault.Thisis highlyrecommendedforproductionservers. Seethemanualformoreinstructions. YoucanstarttheMySQLdaemonwith: cd/usr;/usr/bin/mysqld_safe& YoucantesttheMySQLdaemonwithmysqltestrun.pl cdmysqltest;perlmysqltestrun.pl Pleasereportanyproblemswiththe/usr/bin/mysqlbugscript! ThelatestinformationaboutMySQLisavailableonthewebat http://www.mysql.com SupportMySQLbybuyingsupport/licensesathttp://shop.mysql.com StartingMySQL:[OK]
4.PerformMySQLpostinstallationactivities
Afterthemysqlinstallation,youcanlogintomysqlrootaccountwithoutprovidinganypasswordas shownbelow.
#mysqluroot WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis2 Serverversion:5.0.51aSourcedistribution Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>
Outputofmysql_secure_installationscript:
NOTE:RUNNINGALLPARTSOFTHISSCRIPTISRECOMMENDEDFORALLMySQL SERVERSINPRODUCTIONUSE!PLEASEREADEACHSTEPCAREFULLY! InordertologintoMySQLtosecureit,we'llneedthecurrent passwordfortherootuser.Ifyou'vejustinstalledMySQL,and youhaven'tsettherootpasswordyet,thepasswordwillbeblank, soyoushouldjustpressenterhere. Entercurrentpasswordforroot(enterfornone): OK,successfullyusedpassword,movingon... SettingtherootpasswordensuresthatnobodycanlogintotheMySQL rootuserwithouttheproperauthorisation.
Setrootpassword?[Y/n]Y Newpassword:[Note:Enterthemysqlrootpasswordhere] Reenternewpassword: Passwordupdatedsuccessfully! Reloadingprivilegetables.. ...Success! Bydefault,aMySQLinstallationhasananonymoususer,allowinganyone tologintoMySQLwithouthavingtohaveauseraccountcreatedfor them.Thisisintendedonlyfortesting,andtomaketheinstallation goabitsmoother.Youshouldremovethembeforemovingintoa productionenvironment. Removeanonymoususers?[Y/n]Y ...Success! Normally,rootshouldonlybeallowedtoconnectfrom'localhost'.This ensuresthatsomeonecannotguessattherootpasswordfromthenetwork. Disallowrootloginremotely?[Y/n]Y ...Success! Bydefault,MySQLcomeswithadatabasenamed'test'thatanyonecan access.Thisisalsointendedonlyfortesting,andshouldberemoved beforemovingintoaproductionenvironment. Removetestdatabaseandaccesstoit?[Y/n]Y Droppingtestdatabase... ...Success! Removingprivilegesontestdatabase... ...Success! Reloadingtheprivilegetableswillensurethatallchangesmadesofar willtakeeffectimmediately. Reloadprivilegetablesnow?[Y/n]Y ...Success! Cleaningup... Alldone!Ifyou'vecompletedalloftheabovesteps,yourMySQL installationshouldnowbesecure. ThanksforusingMySQL!
VerifytheMySQLpostinstallactivities:
#mysqluroot ERROR1045(28000):Accessdeniedforuser'root'@'localhost'(usingpassword:NO) [Note:rootaccesswithoutpasswordisdenied] #mysqlurootp Enterpassword:
WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis13 Serverversion:5.0.51aSourcedistribution Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>showdatabases; ++ |Database| ++ |information_schema| |mysql| ++ 2rowsinset(0.00sec) [Note:testdatabaseisremoved]
5.UpgradeMySQLusingYum
CheckwhetherMySQLisalreadyinstalled.
#rpmqa|grepimysql
CheckwhetheralatestversionofMySQLisavailableforinstallationusingyum.
#yumcheckupdatemysqlserver #yumupdatemysqlserver #yuminstallphp
UpgradeMySQLtolatestversionusingyum.
6.InstallPHPusingYum
Outputofyuminstallphp:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagephp.i3860:5.2.62.fc9settobeupdated >ProcessingDependency:phpcommon=5.2.62.fc9forpackage:php >ProcessingDependency:phpcli=5.2.62.fc9forpackage:php >Runningtransactioncheck >Packagephpcommon.i3860:5.2.62.fc9settobeupdated >Packagephpcli.i3860:5.2.62.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved =============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: phpi3865.2.62.fc9updates1.2M Installingfordependencies: phpclii3865.2.62.fc9updates2.3M phpcommoni3865.2.62.fc9updates228k TransactionSummary
=============================================================== ============== Install3Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:3.8M Isthisok[y/N]:y DownloadingPackages: (1/3):phpcommon5.2.62.fc9.i386.rpm|228kB00:00 (2/3):php5.2.62.fc9.i386.rpm|1.2MB00:00 (3/3):phpcli5.2.62.fc9.i386.rpm|2.3MB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:phpcommon[1/3] Installing:phpcli[2/3] Installing:php[3/3] Installed:php.i3860:5.2.62.fc9 DependencyInstalled:phpcli.i3860:5.2.62.fc9phpcommon.i3860:5.2.62.fc9 Complete!
Verifythatphpgotinstalledsuccessfully.
#rpmqa|grepiphp phpcli5.2.62.fc9.i386 php5.2.62.fc9.i386 phpcommon5.2.62.fc9.i386
InstallMySQLmoduleforPHP .
#yumsearchphpmysql Loadedplugins:refreshpackagekit ===========Matched:phpmysql============= phpmysql.i386:AmoduleforPHPapplicationsthatuseMySQLdatabases #yuminstallphpmysql
Outputofyuminstallphpmysql:
Loadedplugins:refreshpackagekit SettingupInstallProcess Parsingpackageinstallarguments ResolvingDependencies >Runningtransactioncheck >Packagephpmysql.i3860:5.2.62.fc9settobeupdated >ProcessingDependency:phppdoforpackage:phpmysql >Runningtransactioncheck >Packagephppdo.i3860:5.2.62.fc9settobeupdated >FinishedDependencyResolution DependenciesResolved
=============================================================== ============== PackageArchVersionRepositorySize =============================================================== ============== Installing: phpmysqli3865.2.62.fc9updates81k Installingfordependencies: phppdoi3865.2.62.fc9updates62k TransactionSummary =============================================================== ============== Install2Package(s) Update0Package(s) Remove0Package(s) Totaldownloadsize:143k Isthisok[y/N]:y DownloadingPackages: (1/2):phppdo5.2.62.fc9.i386.rpm|62kB00:00 (2/2):phpmysql5.2.62.fc9.i386.rpm|81kB00:00 Runningrpm_check_debug RunningTransactionTest FinishedTransactionTest TransactionTestSucceeded RunningTransaction Installing:phppdo[1/2] Installing:phpmysql[2/2] Installed:phpmysql.i3860:5.2.62.fc9 DependencyInstalled:phppdo.i3860:5.2.62.fc9 Complete!
IfyouneedadditionalPHPmodules,installthemusingyumasshownbelow.
#yuminstallphpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd
7.UpgradePHPusingYum
#rpmqa|grepiphp
CheckwhetherPHPisinstalled. CheckwhetheralatestversionofPHPisavailableforinstallationusingyum.
#yumcheckupdatephp #yumupdatephp
UpgradePHPtothelatestversionusingyum. UpgradeanyadditionalPHPmodulesthatyouveinstalledusingyum.
#yumcheckupdatephpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd #yumupdatephpcommonphpmbstringphpmcryptphpdevelphpxmlphpgd
VerifythePHPinstallationbycreatingatest.phpfileasshownbelow.
#cat/var/www/html/test.php <?phpinfo();?>
Invokethetest.phpfromthebrowserhttp://{lampserverip}/test.php,whichwilldisplayallPHP configurationinformationandtheinstalledmodules. Ifyoulikedthisarticle,pleasebookmarkitondel.icio.usandStumbleit. 39. Template to track your hardware assests :Ifyouaremanagingmorethanoneequipmentin yourorganization,itisveryimportanttodocumentandtrackALLinformationabouttheservers effectively.Inthisarticle,Ihavelisted36attributesthatneedstobetrackedforyourequipments, withanexplanationonwhyitneedstobetracked.Ihavealsoprovidedaspreadsheettemplatewith thesefieldsthatwillgiveyouajumpstart.
36ItemsToCaptureForPracticalHardwareAssetTracking byRAM ES H NATARAJA N onAUGUST18,2008
Ifyouaremanagingmorethanoneequipmentinyourorganization,itisveryimportant todocumentandtrackALLinformationabouttheserverseffectively.Inthisarticle,Ihavelisted36 attributesthatneedstobetrackedforyourequipments,withanexplanationonwhyitneedstobe tracked.Ihavealsoprovidedaspreadsheettemplatewiththesefieldsthatwillgiveyouajumpstart. Beforegettingintothedetailsofwhatneedstobetracked,letuslookatfewreasonsonwhyyou shoulddocumentALLyourequipments. IdentifyingWhatneedstobetrackedisfarmoreimportantthanHowyouaretrackingit.Dontget trappedintoresearchingthebestavailableassettrackingsoftware.Keepitsimpleanduseaspread sheetfortracking.Onceyouhavedocumentedeverything,lateryoucanalwaysfindasoftwareand exportthisdatatoit. Sysadminshatestodocumentanything.Theywouldratherspendtimeexploringcoolnew technologythandocumentingtheircurrenthardwareandenvironment.But,aseasonedsysadmin knowsthatspendingtimetodocumentthedetailsabouttheequipemnts,isgoingtosavelotoftime inthefuture,whenthereisaproblem. Neverassumeanything.Whenitcomestodocumentation,themoredetailsyoucanaddisbetter. Dontcreatedocumentbecauseyourbossisinsistingonit.Instead,createthedocumentbecauseyou trulybelieveitwilladdvaluetoyouandyourteam.Ifyoudocumentwithoutunderstandingor believingthepurpose,youwillessentiallyleaveoutlotofcriticaldetails,whichwilleventuallymake thedocumentworthless. OnceyouvecapturedtheattributesmentionedbelowforALLyourservers,switches,firewallsand otherequipments,youcanusethismasterlisttotrackanyfutureenterprisewide implementation/changes.Fore.g.Ifyouarerollingoutanewbackupstrategythroughoutyour enterprise,addanewcolumncalledbackupandmarkitasYesorNo,totrackwhetherthatspecific actionhasbeenimplementedonthatparticularequipment. Ihavearrangedthe36itemsinto9differentgroupsandprovidedasamplevaluenexttothefield namewithinparenthesis.Thesefieldsandgroupingsarejustguidelines.Ifrequired,modifythis accordinglytotrackadditionalattributesspecifictoyourenvironment.
Equipment Detail
(5)Model(PowerEdge2950)Modeloftheequipment. (6)Status(Active)Thecurrentstatusoftheequipment.Usethisfieldtoidentifywhetherthe equipmentisinoneofthefollowingstate: ActiveCurrentlyinuse RetiredOldequipment,notgettingusedanymore AvailableOld/Newequipment,readyandavailableforusage (7)Category(Server)Iprimarilyusethistotrackthetypeofequipment.Thevalueinthisfield couldbeoneofthefollowingdependingtheequipment: Server Switch PowerCircuit Router Firewalletc.
Tag/Serial#
Fortrackingpurpose,differentvendorsusedifferentnamesfortheserialnumbers.i.eSerialNumber, PartNumber,AssetNumber,ServiceTag,ExpressCodeetc.Fore.g.DELLtrackstheirequipment usingServiceTagandExpresscode.So,ifmajorityoftheequipmentsinyourorganizationareDELL, itmakesensetohaveseparatecolumnsforServiceTagandExpressCode. (8)SerialNumber (9)PartNumber (10)ServiceTAG (11)ExpressCode (12)CompanyAssetTAGEveryorganizationmayhavetheirownwayoftrackingthesystemusing barcodeorcustomassettrackingnumber.Usethisfieldtotracktheequipmentusingthecode assignedbyyourcompany
Location
Network
(17)PrivateIP(192.168.100.1)Specifytheinternalipaddressoftheequipment. (18)PublicIPSpecifytheexternalipaddressoftheequipment. (19)NIC(GB1,Slot1/Port1) Trackingthisinformationisveryhelpful,whensomeoneaccidentallypullsacablefromtheserver(If thisneverhappenedtoyou,itisonlyamatteroftimebeforeithappens).Usingthisfieldvalue,you willknowexactlywheretopluginthecable.Iftheserverhasmorethanonenetworkconnection, specifyalltheNICsusingacommaseparatedvalue. Inthisexample(GB1,Slot1/Port1),theserverhastwoethernetcablesconnected.Firstone connectedtotheonboardNICmarkedasGB1.SecondoneconnectedtothePort#1ontheNIC card,insertedtothePCISlot#1. Evenwhentheserverhasonlyoneethernetcableconnected,specifytheport#towhichitis
Storage
OS Detail
(22)SAN/NASConnected?(Yes)Usethisfieldtotrackwhetheraparticularserverisconnectedto anexternalstorage. (23)TotalDriveCount(4)Thisindicatesthetotalnumberofinternaldrivesontheserver.This cancomeveryhandyforcapacitymanagement.fore.g.Someofthedellserverscomesonlywith6 slotsforinternalharddrives.Inthisexample,justbylookingatthedocument,weknowthatthere are4diskdrivesintheserversandyouhaveroomtoadd2morediskdrives. (24)OS(Linux)UsethisfieldtotracktheOSthatisrunningontheequipment.Fore.g.Linux, Windows,CiscoIOSetc. (25)OSVersion(RedHatEnterpriseLinuxASrelease4(NahantUpdate5))Theexactversionof theOS.
Warranty
(26)WarrentyStartDate (27)WarrentyEndDate (28)DateofPurchaseIfyouhavepurchasedtheequipment,filloutthedateofpurchaseandthe price. (29)PurchasePrice (30)LeaseBeginDateIfyouhaveleasedtheequipment,filloutalltheleasedetails. (31)LeaseExpiryDate (32)LeasingCompanyThecompanywhoownstheleaseonthisequipment. (33)BuyOutOption($1)Isthisadollaronebuyout(or)FairMarketValuepurchase?Thiswill giveyouanideaonwhethertostartplanningforanewequipmentaftertheleaseexpirydateorto keeptheexistingequipment. (34)MonthlyLeasePayment
Additional Information
(35)URLIfthisisawebserver,givetheURLtoaccessthewebapplicationrunningonthesystem. Ifthisisaswitchorrouter,specifytheadminURL. (36)NotesEnteradditionalnotesabouttheequipmentthatdoesntfitunderanyoftheabove fields.Itmaybeverytemptingtoaddusernameandpasswordfieldstothisspreadsheet.Forsecurity reasons,neverusethisspreadsheettostoretherootoradministratorpasswordoftheequipment. Asset Tracking Excel Template 1.0 Thisexceltemplatecontainsallthe36fieldsmentionedaboveto giveyouajumpstartontrackingequipmentsinyourenterprise.Ifyouconvertthisspreadsheetto otherformatsusedbydifferenttools,sendittomeandIlladdithereandgivecredittoyou.Ihope youfindthisarticlehelpful.Forwardthistoappropriatepersoninyourorganizationwhomaybenefit fromthisarticlebytrackingtheequipmentseffectively.Also,IfyouthinkIvemissedanyattributeto
trackintheabovelist,pleaseletmeknow. Ifyoulikedthisarticle,pleasebookmarkitondel.icio.us,DiggandStumbleusingthelinkprovided belowunderWhatNext?section. 40. Disable SELinux :IfyoudontunderstandhowSELinuxworksandthefundamentaldetailson howtoconfigureit,keepingitenabledwillcauselotofissues.Untilyouunderstandthe implementationdetailsofSELinuxyoumaywanttodisableittoavoidsomeunnecessaryissuesas explainedhere.
4EffectiveMethodstoDisableSELinuxTemporarilyorPermanently byRAM ES H NATARAJA N onJUNE1,2009
OnsomeoftheLinuxdistributionSELinuxisenabledbydefault,whichmaycausesome unwantedissues,ifyoudontunderstandhowSELinuxworksandthefundamentaldetailsonhowto configureit.IstronglyrecommendthatyouunderstandSELinuxandimplementitonyour environment.But,untilyouunderstandtheimplementationdetailsofSELinuxyoumaywantto disableittoavoidsomeunnecessaryissues. TodisableSELinuxyoucanuseanyoneofthe4differentmethodsmentionedinthisarticle. TheSELinuxwillenforcesecuritypoliciesincludingthemandatoryaccesscontrolsdefinedbytheUS DepartmentofDefenceusingtheLinuxSecurityModule(LSM)definedintheLinuxKernel.Every filesandprocessinthesystemwillbetaggedwithspecificlabelsthatwillbeusedbytheSELinux. YoucanuselsZandviewthoselabelsasshownbelow.
#lsZ/etc/ rwrrrootrootsystem_u:object_r:etc_t:s0a2ps.cfg rwrrrootrootsystem_u:object_r:adjtime_t:s0adjtime rwrrrootrootsystem_u:object_r:etc_aliases_t:s0aliases drwxrxrootrootsystem_u:object_r:auditd_etc_t:s0audit drwxrxrxrootrootsystem_u:object_r:etc_runtime_t:s0blkid drwxrxrxrootrootsystem_u:object_r:bluetooth_conf_t:s0bluetooth drwxrootrootsystem_u:object_r:system_cron_spool_t:s0cron.d rwrwrrootdisksystem_u:object_r:amanda_dumpdates_t:s0dumpdates
Method1:DisableSELinuxTemporarily
#cat/selinux/enforce 1 #echo0>/selinux/enforce #cat/selinux/enforce
TodisableSELinuxtemporarilyyouhavetomodifythe/selinux/enforcefileasshownbelow.Please notethatthissettingwillbegoneaftertherebootofthesystem.
YoucanalsousesetenforcecommandasshownbelowtodisableSELinux.Possibleparametersto setenforcecommandsare:Enforcing,Permissive,1(enable)or0(disable).
#setenforce0
Method2:DisableSELinuxPermanently
TodisabletheSELinuxpermanently,modifythe/etc/selinux/configandsettheSELINUX=disabled asshownbelow.Oneyoumakeanychangestothe/etc/selinux/config,reboottheserverforthe changestobeconsidered.
#cat/etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0
FollowingarethepossiblevaluesfortheSELINUXvariableinthe/etc/selinux/configfile enforcingTheSecurityPolicyisalwaysEncoforced permissiveThisjustsimulatestheenforcingpolicybyonlyprintingwarningmessagesandnotreally enforcingtheSELinux.ThisisgoodtofirstseehowSELinuxworksandlaterfigureoutwhatpolicies shouldbeenforced. disabledCompletelydisableSELinux FollowingarethepossiblevaluesforSELINUXTYPEvariableinthe/etc/selinux/configfile.This indicatesthetypeofpoliciesthatcanbeusedfortheSELinux. targetedThispolicywillprotectedonlyspecifictargetednetworkdaemons. strictThisisformaximumSELinuxprotection.
Method3:DisableSELinuxfromtheGrubBootLoader
Ifyoucantlocate/etc/selinux/configfileonyoursystem,youcanpassdisableSELinuxbypassingit asparametertotheGrubBootLoaderasshownbelow.
#cat/boot/grub/grub.conf default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu titleEnterpriseLinuxEnterpriseLinuxServer(2.6.1892.el5PAE) root(hd0,0) kernel/boot/vmlinuz2.6.1892.el5PAEroroot=LABEL=/rhgbquietselinux=0 initrd/boot/initrd2.6.1892.el5PAE.img titleEnterpriseLinuxEnterpriseLinuxServer(2.6.1892.el5) root(hd0,0) kernel/boot/vmlinuz2.6.1892.el5roroot=LABEL=/rhgbquietselinux=0 initrd/boot/initrd2.6.1892.el5.img
Method4:DisableOnlyaSpecificServiceinSELinuxHTTP/Apache
IfyouarenotinterestedindisabilitythewholeSELinux,youcanalsodisableSELinuxonlyfora specificservice.Forexample,dodisableSELinuxforHTTP/Apacheservice,modify thehttpd_disable_transvariableinthe/etc/selinux/targeted/booleansfile. Setthehttpd_disable_transvariableto1asshownbelow.
SetSELinuxbooleanvalueusingsetseboolcommandasshownbelow.MakesuretorestarttheHTTP serviceafterthischange.
#setseboolhttpd_disable_trans1 #servicehttpdrestart
AllLinuxdistributionscomeswithPHP .However,itisrecommendedtodownloadlatest PHPsourcecode,compileandinstallonLinux.ThiswillmakeiteasiertoupgradePHPonan ongoingbasisimmediatelyafteranewpatchorreleaseisavailablefordownloadfromPHP .This articleexplainshowtoinstallPHP5fromsourceonLinux. Apachewebservershouldalreadybeinstalled.RefertomypreviouspostonHow to install Apache 2 on Linux .IfyouareplanningtousePHPwithMySQL,youshouldhaveMySQLalreadyinstalled.I wroteaboutHow to install MySQL on Linux .
1.Prerequisites
2.DownloadPHP
3.InstallPHP
Inthefollowingexample,PHPwillbecompiledandinstalledunderthedefaultlocation /usr/local/libwithApacheconfigurationandMySQLsupport.
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql #make #makeinstall #cpphp.inidist/usr/local/lib/php.ini
4.Configurehttpd.confforPHP
<FilesMatch"\.ph(p[26]?|tml)$">
Modifythe/usr/local/apache2/conf/httpd.conftoaddthefollowing:
SetHandlerapplication/xhttpdphp </FilesMatch>
Makesurethehttpd.confhasthefollowinglinethatwillgetautomaticallyinsertedduringthePHP installationprocess.
LoadModulephp5_modulemodules/libphp5.so
Restarttheapacheasshownbelow:
#/usr/local/bin/apache2/apachectlrestart
5.VerifyPHPInstallation
Createatest.phpunder/usr/local/apache2/htdocswiththefollowingcontent
#vitest.php <?phpphpinfo();?>
Gotohttp://localhost/test.php,whichwillshowadetailedinformationaboutallthePHP configurationoptionsandPHPmodulesinstalledonthesystem.
6.Troubleshootingduringinstallation
Error1:configure:error:xml2confignotfound: Whileperformingthe./configureduringPHPinstallation,youmaygetthefollowingerror:
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql Configuringextensions checkingwhethertoenableLIBXMLsupport...yes checkinglibxml2installdir...no checkingforxml2configpath... configure:error:xml2confignotfound.Pleasecheckyourlibxml2installation.
Installthelibxml2develandzlibdevelasshownbelowtothefixthisissue.
#rpmivh/home/downloads/linuxiso/libxml2devel2.6.262.1.2.0.1.i386.rpm/home/downloads/linuxiso/zlibdevel 1.2.33.i386.rpm Preparing...###########################################[100%] 1:zlibdevel###########################################[50%] 2:libxml2devel###########################################[100%]
Error2:configure:error:CannotfindMySQLheaderfiles. Whileperformingthe./configureduringPHPinstallation,youmaygetthefollowingerror:
#./configurewithapxs2=/usr/local/apache2/bin/apxswithmysql checkingforMySQLUNIXsocketlocation.../var/lib/mysql/mysql.sock configure:error:CannotfindMySQLheaderfilesunderyes. NotethattheMySQLclientlibraryisnotbundledanymore!
InstalltheMySQLdevelcommunitypackageasshownbelowtofixthisissue.
#rpmivh/home/downloads/MySQLdevelcommunity5.1.250.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLdevelcommunity###########################################[100%]
communityeditionofMySQLonLinuxplatform.
1.DownloadthelateststablerelaseofMySQL
DownloadmySQLfrommysql.com.PleasedownloadthecommunityeditionofMySQLforyour appropriateLinuxplatform.IdownloadedtheRedHatEnterpriseLinux5RPM(x86).Makesureto downloadMySQLServer,ClientandHeadersandlibrariesfromthedownloadpage. MySQLclientcommunity5.1.250.rhel5.i386.rpm MySQLservercommunity5.1.250.rhel5.i386.rpm MySQLdevelcommunity5.1.250.rhel5.i386.rpm
2.RemovetheexistingdefaultMySQLthatcamewiththeLinuxdistro
[localhost]#rpmqa|grepimysql mysql5.0.222.1.0.1 mysqlclient103.23.584.RHEL4.1 [localhost]#rpmemysqlnodeps warning:/etc/my.cnfsavedas/etc/my.cnf.rpmsave [localhost]#rpmemysqlclient10
DonotperformthisonansystemwheretheMySQLdatabaseisgettingusedbysomeapplication.
3.InstallthedownloadedMySQLpackage
InstalltheMySQLServerandClientpackagesasshownbelow.
[localhost]#rpmivhMySQLservercommunity5.1.250.rhel5.i386.rpmMySQLclientcommunity5.1.25 0.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLclientcommunity###########################################[50%] 2:MySQLservercommunity###########################################[100%]
ThiswillalsodisplaythefollowingoutputandstarttheMySQLdaemonautomatically.
PLEASEREMEMBERTOSETAPASSWORDFORTHEMySQLrootUSER! Todoso,starttheserver,thenissuethefollowingcommands: /usr/bin/mysqladminurootpassword'newpassword' /usr/bin/mysqladminuroothmedica2password'newpassword' Alternativelyyoucanrun: /usr/bin/mysql_secure_installation whichwillalsogiveyoutheoptionofremovingthetest databasesandanonymoususercreatedbydefault.Thisis stronglyrecommendedforproductionservers. Seethemanualformoreinstructions. Pleasereportanyproblemswiththe/usr/bin/mysqlbugscript! ThelatestinformationaboutMySQLisavailableathttp://www.mysql.com/ SupportMySQLbybuyingsupport/licensesfromhttp://shop.mysql.com/ StartingMySQL.[OK] Givingmysqld2secondstostart
InstalltheHeaderandLibrariesthatarepartoftheMySQLdevelpackages.
[localhost]#rpmivhMySQLdevelcommunity5.1.250.rhel5.i386.rpm Preparing...###########################################[100%] 1:MySQLdevelcommunity###########################################[100%]
configure:error:CannotfindMySQLheaderfilesunderyes. NotethattheMySQLclientlibraryisnotbundledanymore!
4.PerformpostinstallsecurityactivitiesonMySQL.
Atabareminimumyoushouldsetapasswordfortherootuserasshownbelow:
[localuser]#/usr/bin/mysqladminurootpassword'My2Secure$Password'
5.VerifytheMySQLinstallation:
YoucanchecktheMySQLinstalledversionbyperformingmysqlVasshownbelow:
[localhost]#mysqlV mysqlVer14.14Distrib5.1.25rc,forredhatlinuxgnu(i686)usingreadline5.1
ConnecttotheMySQLdatabaseusingtherootuserandmakesuretheconnectionissuccessfull.
[localhost]#mysqlurootp Enterpassword: WelcometotheMySQLmonitor.Commandsendwith;or\g. YourMySQLconnectionidis13 Serverversion:5.1.25rccommunityMySQLCommunityServer(GPL) Type'help;'or'\h'forhelp.Type'\c'toclearthebuffer. mysql>
FollowsthestepsbelowtostopandstartMySQL
[localhost]#servicemysqlstatus MySQLrunning(12588)[OK] [localhost]#servicemysqlstop ShuttingdownMySQL.[OK] [localhost]#servicemysqlstart StartingMySQL.[OK]
onyourremoteLinuxservertotheWindowslaptop. Cygwincanbeusedtoperformtheaboveactivities.Following15stepsexplainshowtoinstall CygwinandlaunchsoftwareinstallersonLinuxfromWindows.GotoCygwinanddownloadthe setup.exe.Launchthesetup.exeontheWindowsandfollowthestepsmentionedbelow. 1.WelcomeScreen.ClicknextontheCygwininstallationwelcomescreen. 2. Chooseadownloadsource.SelecttheInstallfrominternetoption 3.ChooseInstallationdirectory.IselectedC:\cygwinasshownbelow.Thisisthelocationwhere theCygwinsoftwarewillbeinstalledontheWindows. 4.SelectLocalPackageInstalldirectory.Thisisthedirectorywheretheinstallationfileswillbe downloadedandstored. 5.SelectConnectionType.Ifyouareconnectedtointernetviaproxy,entertheinformation.Ifnot, selectDirectConnection. 6.Chooseadownloadsite.Youcaneitherchooseadownloadsitethatisclosertoyouorleavethe defaultselection. 7. DownloadProgress.Thisscreenwilldisplaytheprogressofthedownload. 8. SelectPackagestoinstall.Irecommendthatyouleavethedefaultselectionhere. 9. InstallationProgress.Thisscreenwilldisplaytheprogressoftheinstallation. 10. InstallationCompletion. 11.StarttheCygwinBashShellonWindows.Clickoncygwinicononthedesktop(or)Clickon Start>AllPrograms>Cygwin>CygwinBashshell,whichwilldisplaytheCygwinBashShell window. 12.StarttheXServeronWindows.FromtheCygwinBashShell,typestartxtostarttheXServeras shownbelow.OncetheXServerisstarted,leavethiswindowopenanddonotcloseit. 13.Xtermwindow:startxfromtheabovestepwillopenanewxtermwindowautomaticallyas shownbelow. 14.SSHtotheremoteLinuxhostfromtheXtermwindowasshownbelow.Pleasenotethatyou shouldpasstheYparametertossh.YparameterenablestrustedX11forwarding.
jsmith@windowslaptop~ $sshYljsmithremotehost<Thisisfromthextermonwindowslaptop> jsmith@remotehost'spassword: Warning:Noxauthdata;usingfakeauthenticationdataforX11forwarding. Lastlogin:ThuJun1222:36:042008from192.168.1.102 /usr/bin/xauth:creatingnewauthorityfile/home/jsmith/.Xauthority [remotehost]$xclock&<Notethatyouarestartingxclockonremotelinuxserver> [1]12593 [remotehost]$
HelpmespreadthenewsaboutTheGeekStuff.
10IPCSCommandExamples(WithIPC Introduction)
bySASIKALA onAUGUST12,2010
IPCstandsforInterprocessCommunication. Thistechniqueallowstheprocessestocommunicatewitheachanother. Sinceeachprocesshasitsownaddressspaceanduniqueuserspace,howdoestheprocesscommunicateeach other? TheanswerisKernel,theheartoftheLinuxoperatingsystemthathasaccesstothewholememory.Sowecan requestthekerneltoallocatethespacewhichcanbeusedtocommunicatebetweenprocesses. Theprocesscanalsocommunicatebyhavingafileaccessibletoboththeprocesses.Processescanopen,and read/writethefile,whichrequireslotofI/Ooperationthatconsumestime.
DifferentTypesofIPCS
TherearevariousIPCswhichallowsaprocesstocommunicatewithanotherprocesses,eitherinthesamecomputer ordifferentcomputerinthesamenetwork. PipesProvidesawayforprocessestocommunicatewitheachanotherbyexchangingmessages.Namedpipes provideawayforprocessesrunningondifferentcomputersystemstocommunicateoverthenetwork. SharedMemoryProcessescanexchangevaluesinthesharedmemory.Oneprocesswillcreateaportionof memorywhichotherprocesscanaccess. MessageQueueItisastructuredandorderedlistofmemorysegmentswhereprocessesstoreorretrievedata.
SemaphoresProvidesasynchronizingmechanismforprocessesthatareaccessingthesameresource.Nodatais
passedwithasemaphore;itsimplycoordinatesaccesstosharedresources.
10IPCSCommandExample
ipcsisaUNIX/Linuxcommand,whichisusedtolisttheinformationabouttheinterprocesscommunicationipcs commandprovidesareportonSystemVIPCS(Messagequeue,Semaphore,andSharedmemory).
IPCSExample1:ListalltheIPCfacility
ipcscommandwithaoptionlistsalltheIPCfacilitieswhichhasreadaccessforthecurrentprocess.Itprovides detailsaboutmessagequeue,semaphoreandsharedmemory. #ipcsa
SharedMemorySegments keyshmidownerpermsbytesnattchstatus 0xc616cc441056800768oracle66040960 0x0103f577323158020root6649661 0x0000270f325713925root66612
AlltheIPCfacilityhasuniquekeyandidentifier,whichisusedtoidentifyanIPCfacility.
IPCSExample2:ListalltheMessageQueue
ipcswithoptionq,listsonlymessagequeuesforwhichthecurrentprocesshasreadaccess. $ipcsq
MessageQueues keymsqidownerpermsusedbytesmessages 0x000005a432768root64400
IPCSExample3.ListalltheSemaphores
ipcssoptionisusedtolisttheaccessiblesemaphores. #ipcss
SemaphoreArrays keysemidownerpermsnsems 0x0103eefd0root6641 0x0103eefe32769root6641 0x4b0d45141094844418oracle660204
IPCSExample4.ListalltheSharedMemory
ipcsmoptionwithipcscommandliststhesharedmemories. #ipcsm
SharedMemorySegments keyshmidownerpermsbytesnattchstatus 0xc616cc441056800768oracle66040960 0x0103f577323158020root6649661 0x0000270f325713925root66612
IPCSExample5.DetailedinformationaboutanIPCfacility
ipcsioptionprovidesdetailedinformationaboutanipcfacility. #ipcsqi32768
MessageQueuemsqid=32768 uid=0gid=0cuid=0cgid=0mode=0644 cbytes=0qbytes=65536qnum=0lspid=0lrpid=0 send_time=Notset rcv_time=Notset change_time=ThuAug513:30:222010
Optioniwithqprovidesinformationaboutaparticularmessagequeue.Optioniwithsprovidessemaphore details.Optioniwithmprovidesdetailsaboutasharedmemory.
IPCSExample6.ListstheLimitsforIPCfacility
ipcsloptiongivesthesystemlimitsforeachipcfacility. #ipcsml
SharedMemoryLimits maxnumberofsegments=4096 maxsegsize(kbytes)=67108864 maxtotalsharedmemory(kbytes)=17179869184 minsegsize(bytes)=1
IPCSExample7.ListCreatorandOwnerDetailsforIPCFacility
ipcscoptionlistscreatoruseridandgroupidandowneruseridandgroupid.Thisoptioncanbecombinedwithm, sandqtoviewthecreatordetailsforspecificIPCfacility. #ipcsmc
SharedMemorySegmentCreators/Owners shmidpermscuidcgiduidgid 1056800768660oracleoinstalloracleoinstall 323158020664rootrootrootroot 325713925666rootrootrootroot
IPCSExample8.ProcessidsthataccessedIPCfacilityrecently
ipcspoptiondisplayscreatorid,andprocessidwhichaccessedthecorrespondingipcfacilityveryrecently. #ipcsmp
SharedMemoryCreator/Lastop shmidownercpidlpid 1056800768oracle167645389 323158020root23542354 325713925root2066620668
palsocanbecombinedwithm,sorq.
IPCSExample9.LastAccessedTime
ipcstoptiondisplayslastoperationtimeineachipcfacility.Thisoptioncanalsobecombinedwithm,sorqto printforspecifictypeofipcfacility.Formessagequeue,toptiondisplayslastsentandreceivetime,forshared memoryitdisplayslastattached(portionofmemory)anddetachedtimestampandforsemaphoreitdisplayslast operationandchangedtimedetails. #ipcsst
SemaphoreOperation/ChangeTimes semidownerlastoplastchanged 0rootThuAug512:46:522010TueJul1310:39:412010 32769rootThuAug511:59:102010TueJul1310:39:412010 1094844418oracleThuAug513:52:592010ThuAug513:52:592010
IPCSExample10.Statusofcurrentusage
ipcswithucommanddisplayscurrentusageforalltheIPCfacility.Thisoptioncanbecombinedwithaspecific
optiontodisplaythestatusforaparticularIPCfacility. #ipcsu
SharedMemoryStatus segmentsallocated30 pagesallocated102 pagesresident77 pagesswapped0 Swapperformance:0attempts0successes SemaphoreStatus usedarrays=49 allocatedsemaphores=252 Messages:Status allocatedqueues=1 usedheaders=0 usedspace=0bytes
SelectthePhysicalStorageDevicesforLVMUsepvcreate,pvscan,pvdisplay Commands
$sudopvcreate/dev/sda6/dev/sda7 Physicalvolume"/dev/sda6"successfullycreated Physicalvolume"/dev/sda7"successfullycreated
Inthisstep,weneedtochoosethephysicalvolumesthatwillbeusedtocreatetheLVM.Wecan createthephysicalvolumesusingpvcreatecommandasshownbelow.
Youcanviewthelistofphysicalvolumeswithattributeslikesize,physicalextentsize,totalphysical extentsize,thefreespace,etc.,usingpvdisplaycommandasshownbelow.
$sudopvdisplay Physicalvolume PVName/dev/sda6 VGName PVSize1.86GB/notusable2.12MB Allocatableyes PESize(KByte)4096 TotalPE476 FreePE456 AllocatedPE20 PVUUIDm67TXfEY6w6LuXNNB6kU4Lwnk8NjjZfv Physicalvolume PVName/dev/sda7 VGName PVSize1.86GB/notusable2.12MB Allocatableyes PESize(KByte)4096 TotalPE476 FreePE476 AllocatedPE0 PVUUIDb031x06rejBcBubE2CeCXGjObu0Boo0x
Note:PEPhysicalExtentsarenothingbutequalsizedchunks.Thedefaultsizeofextentis4MB.
CreatetheVolumeGroupUsevgcreate,vgdisplayCommands
MetadataSequenceNo1 VGAccessread/write VGStatusresizable MAXLV0 CurLV0 OpenLV0 MaxPV0 CurPV2 ActPV2 VGSize3.72GB PESize4.00MB TotalPE952 AllocPE/Size0/0 FreePE/Size952/3.72GB VGUUIDKk1ufBrT15bSWe5270KDfZshUXFUYBvR
LVMCreate:CreateLogicalVolumesUselvcreate,lvdisplaycommand
Now,everythingisreadytocreatethelogicalvolumesfromthevolumegroups.lvcreatecommand createsthelogicalvolumewiththesizeof80MB.
$sudolvcreatel20nlogical_vol1vol_grp1 Logicalvolume"logical_vol1"created
Uselvdisplaycommandasshownbelow,toviewtheavailablelogicalvolumeswithitsattributes.
$sudolvdisplay Logicalvolume LVName/dev/vol_grp1/logical_vol1 VGNamevol_grp1 LVUUIDap8sZ2WqE16401KupmDbnO2P7gx1HwtQ LVWriteAccessread/write LVStatusavailable #open0 LVSize80.00MB CurrentLE20 Segments1 Allocationinherit Readaheadsectorsauto currentlysetto256 Blockdevice252:0
Aftercreatingtheappropriatefilesystemonthelogicalvolumes,itbecomesreadytouseforthe storagepurpose.
$sudomkfs.ext3/dev/vol_grp1/logical_vol1
LVMresize:ChangethesizeofthelogicalvolumesUselvextendCommand
Wecanextendthesizeofthelogicalvolumesaftercreatingitbyusinglvextendutilityasshown below.Thechangesthesizeofthelogicalvolumefrom80MBto100MB.
$sudolvextendL100/dev/vol_grp1/logical_vol1 Extendinglogicalvolumelogical_vol1to100.00MB Logicalvolumelogical_vol1successfullyresized
Wecanalsoaddadditionalsizetoaspecificlogicalvolumeasshownbelow.
$sudolvextendL+100/dev/vol_grp1/logical_vol1 Extendinglogicalvolumelogical_vol1to200.00MB
Logicalvolumelogical_vol1successfullyresized
1.Capturepacketsfromaparticularethernetinterfaceusingtcpdumpi
2.CaptureonlyNnumberofpacketsusingtcpdumpc
Whenyouexecutetcpdumpcommanditgivespacketsuntilyoucancelthetcpdumpcommand.Using coptionyoucanspecifythenumberofpacketstocapture.
$tcpdumpc2ieth0 listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 14:38:38.184913IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P1457255642:1457255758(116)ack 1561463966win63652 14:38:38.690919IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P116:232(116)ack1win63652 2packetscaptured 13packetsreceivedbyfilter 0packetsdroppedbykernel
3.DisplayCapturedPacketsinASCIIusingtcpdumpA
ThefollowingtcpdumpsyntaxprintsthepacketinASCII.
$tcpdumpAieth0
tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 14:34:50.913995IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P1457239478:1457239594(116)ack 1561461262win63652 E.....@.@..]..i...9...*.V ...]...P ....h....E...>{..U=...g. ......G..7\+KA....A...L. 14:34:51.423640IPvalh4.lell.net.ssh>yy.domain.innetbcp.net.11006:P116:232(116)ack1win63652 E.....@.@..\..i...9...*.V ..*]...P ....h....7......X..!....Im.S.g.u:*..O&....^#Ba... E..(R.@.|.....9...i.*...]...V ..*P ..OWp........
Note:Ifconfigcommandisusedtoconfigurenetworkinterfaces
4.DisplayCapturedPacketsinHEXandASCIIusingtcpdumpXX
Someusersmightwanttoanalysethepacketsinhexvalues.tcpdumpprovidesawaytoprintpackets inbothASCIIandHEXformat.
$tcpdumpXXieth0 18:52:54.859697IPzz.domain.innetbcp.net.63897>valh4.lell.net.ssh:.ack232win16511 0x0000:0050569c35a30019bb1c0c0008004500.PV .5.........E. 0x0010:0028042a40007906c89c10b5aaf60f9a.(.*@.y......... 0x0020:69c4f999001657db6e08c712ea2e5010i.....W.n.....P . 0x0030:407fc9760000000000000000@..v........ 18:52:54.877713IP10.0.0.0>allsystems.mcast.net:igmpqueryv3[maxresptime1s] 0x0000:0050569c35a300000000000008004600.PV .5.........F. 0x0010:00240000000001023ad30a000000e000.$......:....... 0x0020:0001940400001101ebfe000000000300................ 0x0030:000000000000000000000000............
5.Capturethepacketsandwriteintoafileusingtcpdumpw
tcpdumpallowsyoutosavethepacketstoafile,andlateryoucanusethepacketfileforfurther analysis.
$tcpdumpw08232010.pcapieth0 tcpdump:listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 32packetscaptured 32packetsreceivedbyfilter 0packetsdroppedbykernel
6.Readingthepacketsfromasavedfileusingtcpdumpr
Youcanreadthecapturedpcapfileandviewthepacketsforanalysis,asshownbelow.
$tcpdumpttttrdata.pcap 2010082221:35:26.57179300:50:56:9c:69:38(ouiUnknown)>Broadcast,ethertypeUnknown(0xcafe),length74: 0x0000:0200000affff0000ffff0c003c000000............<... 0x0010:00000000010000803e9e290000000000........>.)..... 0x0020:00000000ffffffffad00996b06000050...........k...P 0x0030:569c6938000000008e070000V .i8........ 2010082221:35:26.571797IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.50570:P800464396:800464448(52)ack 203316566win71 2010082221:35:26.571800IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.50570:P52:168(116)ack1win71 2010082221:35:26.584865IPvalh5.lell.net.ssh>11.154.12.255.netbiosns:NBTUDPPACKET(137):QUERY; REQUEST;BROADC
7.CapturepacketswithIPaddressusingtcpdumpn
Inalltheaboveexamples,itprintspacketswiththeDNSaddress,butnottheipaddress.The followingexamplecapturesthepacketsanditwilldisplaytheIPaddressofthemachinesinvolved.
$tcpdumpnieth0 15:01:35.170763IP10.0.19.121.52497>11.154.12.121.ssh:P105:157(52)ack18060win16549 15:01:35.170776IP11.154.12.121.ssh>10.0.19.121.52497:P23988:24136(148)ack157win113 15:01:35.170894IP11.154.12.121.ssh>10.0.19.121.52497:P24136:24380(244)ack157win113
8.Capturepacketswithproperreadabletimestampusingtcpdumptttt
$tcpdumpnttttieth0 2010082215:10:39.162830IP10.0.19.121.52497>11.154.12.121.ssh:.ack49800win16390 2010082215:10:39.162833IP10.0.19.121.52497>11.154.12.121.ssh:.ack50288win16660 2010082215:10:39.162867IP10.0.19.121.52497>11.154.12.121.ssh:.ack50584win16586
9.ReadpacketslongerthanNbytes
Youcanreceiveonlythepacketsgreaterthannnumberofbytesusingafiltergreaterthrough tcpdumpcommand
$tcpdumpwg_1024.pcapgreater1024
10.Receiveonlythepacketsofaspecificprotocoltype
Youcanreceivethepacketsbasedontheprotocoltype.Youcanspecifyoneoftheseprotocols fddi,tr,wlan,ip,ip6,arp,rarp,decnet,tcpandudp.Thefollowingexamplecapturesonlyarppackets flowingthroughtheeth0interface.
$tcpdumpieth0arp tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode listeningoneth0,linktypeEN10MB(Ethernet),capturesize96bytes 19:41:52.809642arpwhohasvalh5.lell.nettellvalh9.lell.net 19:41:52.863689arpwhohas11.154.12.1tellvalh6.lell.net 19:41:53.024769arpwhohas11.154.12.1tellvalh7.lell.net
11.ReadpacketslesserthanNbytes
Youcanreceiveonlythepacketslesserthannnumberofbytesusingafilterlessthroughtcpdump command
$tcpdumpwl_1024.pcapless1024
12.Receivepacketsflowsonaparticularportusingtcpdumpport
Ifyouwanttoknowallthepacketsreceivedbyaparticularportonamachine,youcanusetcpdump commandasshownbelow.
$tcpdumpieth0port22 19:44:44.934459IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P18932:19096(164)ack105win71 19:44:44.934533IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P19096:19260(164)ack105win71 19:44:44.934612IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P19260:19424(164)ack105win71
13.CapturepacketsforparticulardestinationIPandPort
ThepacketswillhavesourceanddestinationIPandportnumbers.Usingtcpdumpwecanapply filtersonsourceordestinationIPandportnumber.Thefollowingcommandcapturespacketsflows ineth0,withaparticulardestinationipandportnumber22.
$tcpdumpwxpackets.pcapieth0dst10.181.140.216andport22
14.CaptureTCPcommunicationpacketsbetweentwohosts
Iftwodifferentprocessfromtwodifferentmachinesarecommunicatingthroughtcpprotocol,wecan capturethosepacketsusingtcpdumpasshownbelow.
$tcpdumpwcomm.pcapieth0dst16.181.170.246andport22
Youcanopenthefilecomm.pcapusinganynetworkprotocolanalyzertooltodebuganypotential issues.
15.tcpdumpFilterPacketsCaptureallthepacketsotherthanarpandrarp
Intcpdumpcommand,youcangiveand,orandnotconditiontofilterthepacketsaccordingly.
$tcpdumpieth0notarpandnotrarp 20:33:15.479278IPresolver.lell.net.domain>valh4.lell.net.64639:269291/0/0(73) 20:33:15.479890IPvalh4.lell.net.16053>resolver.lell.net.domain:56556+PTR?255.107.154.15.inaddr.arpa.(45) 20:33:15.480197IPvalh4.lell.net.ssh>zz.domain.innetbcp.net.63897:P540:1504(964)ack1win96 20:33:15.487118IPzz.domain.innetbcp.net.63897>valh4.lell.net.ssh:.ack540win16486 20:33:15.668599IP10.0.0.0>allsystems.mcast.net:igmpqueryv3[maxresptime1s]
OnLinuxdistributions,fdiskisthebesttoolto managediskpartitions.fdiskisatextbasedutility. Usingfdiskyoucancreateanewpartition,deleteanexisting partition,orchangeexistingpartition. Usingfidskyouareallowedtocreateamaximumoffourprimary partition,andanynumberoflogicalpartitions,basedonthesizeof thedisk. Keepinmindthatanysinglepartitionrequiresaminimumsizeof 40MB. Inthisarticle,letusreviewhowtousefdiskcommandusing practicalexamples. Warning:Dontdelete,modify,oraddpartition,ifyoudontknow whatyouaredoing.Youwillloseyourdata!
1.ViewAllExistingDiskPartitionsUsingfdiskl
2.ViewPartitionsofaSpecificHardDiskusingfdiskl/dev/sd{a}
Toviewallpartitionsofthe/dev/sdaharddisk,dothefollowing.
#fdiskl/dev/sda
ViewallfdiskCommandsUsingfdiskCommandm
Usefdiskcommandm,toviewallavailablefdiskcommandsasshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):m Commandaction atoggleabootableflag beditbsddisklabel ctogglethedoscompatibilityflag ddeleteapartition llistknownpartitiontypes mprintthismenu naddanewpartition ocreateanewemptyDOSpartitiontable pprintthepartitiontable qquitwithoutsavingchanges screateanewemptySundisklabel tchangeapartition'ssystemid uchangedisplay/entryunits vverifythepartitiontable wwritetabletodiskandexit xextrafunctionality(expertsonly)
3.DeleteaHardDiskPartitionUsingfdiskCommandd
Letusassumethatyouliketocombineseveralpartitions(forexample,/dev/sda6,/dev/sda7and /dev/sda8)intoasinglediskpartition.Todothis,youshouldfirstdeleteallthoseindividual partitions,asshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024,
andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda626622904195186683Linux /dev/sda729053147195186683Linux /dev/sda83148326493977182Linuxswap/Solaris /dev/sda93265528316217586bW95FAT32 Command(mforhelp):d Partitionnumber(19):8 Command(mforhelp):d Partitionnumber(18):7 Command(mforhelp):d Partitionnumber(17):6 Command(mforhelp):w Thepartitiontablehasbeenaltered! Callingioctl()torereadpartitiontable. WARNING:Rereadingthepartitiontablefailedwitherror16:Deviceorresourcebusy. Thekernelstillusestheoldtable.Thenewtablewillbeusedat thenextrebootorafteryourunpartprobe(8)orkpartx(8) Syncingdisks.
4.CreateaNewDiskPartitionwithSpecificSizeUsingfdiskCommandn
Onceyouvedeletedalltheexistingpartitions,youcancreateanewpartitionusingallavailable spaceasshownbelow.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs
5.ViewtheSizeofanexistingPartitionUsingfdisks
Asshownbelow,fdisksdisplaysthesizeofthepartitioninblocks.
#fdisks/dev/sda7 4843566
Theaboveoutputcorrespondstoabout4900MB.
6.ToggletheBootFlagofaPartitionUsingfdiskCommanda
Fdiskcommanddisplaysthebootflagofeachpartition.Whenyouwanttodisableorenabletheboot flagonthecorrespondingpartition,dothefollowing. Ifyoudontknowwhyareyouaredoingthis,youllmessupyoursystem.
#fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK) Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem
/dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):a Partitionnumber(17):5 Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda519602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):
Asseenabove,thebootflagisdisabledonthepartition/dev/sda5.
7.FixPartitionTableOrderUsingfdiskExpertCommandf
Whenyoudeletealogicalpartition,andrecreateitagain,youmightseethepartitionoutoforder issue.i.ePartitiontableentriesarenotindiskordererrormessage. Forexample,whenyoudeletethreelogicalpartitions(sda6,sda7andsda8),andcreateanew partition,youmightexpectthenewpartitionnametobesda6.But,thesystemmightvecreatedthe newpartitionassda7.Thisisbecause,afterthepartitionsaredeleted,sda9partitionhasbeenmoved assda6andthefreespaceismovedtotheend. Tofixthispartitionorderissue,andassignsda6tothenewlycreatedpartition,executetheexpert commandfasshownbelow.
$fdisk/dev/sda Thenumberofcylindersforthisdiskissetto9729. Thereisnothingwrongwiththat,butthisislargerthan1024, andcouldincertainsetupscauseproblemswith: 1)softwarethatrunsatboottime(e.g.,oldversionsofLILO) 2)bootingandpartitioningsoftwarefromotherOSs (e.g.,DOSFDISK,OS/2FDISK)
Command(mforhelp):p Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda63265528316217586bW95FAT32 /dev/sda726623264484356683Linux Partitiontableentriesarenotindiskorder Command(mforhelp):x Expertcommand(mforhelp):f Done. Expertcommand(mforhelp):w Thepartitiontablehasbeenaltered! Callingioctl()torereadpartitiontable. WARNING:Rereadingthepartitiontablefailedwitherror16:Deviceorresourcebusy. Thekernelstillusestheoldtable.Thenewtablewillbeusedat thenextrebootorafteryourunpartprobe(8)orkpartx(8) Syncingdisks.
Oncethepartitiontableorderisfixed,youllnotgetthePartitiontableentriesarenotindiskorder errormessageanymore.
#fdiskl Disk/dev/sda:80.0GB,80026361856bytes 255heads,63sectors/track,9729cylinders Units=cylindersof16065*512=8225280bytes Diskidentifier:0xf6edf6ed DeviceBootStartEndBlocksIdSystem /dev/sda11195915735636cW95FAT32(LBA) /dev/sda21960528326700030fW95Ext'd(LBA) /dev/sda35284652810000462+7HPFS/NTFS /dev/sda46529972925712032+cW95FAT32(LBA) /dev/sda5*19602661563875283Linux /dev/sda626623264484356683Linux /dev/sda73265528316217586bW95FAT32
WearestartinganewseriesofarticlesonVMwarethatwillhelpyouinstall,configure andmaintainVMwareenvironments. InthisfirstpartoftheVMwareseries,letusdiscussthefundamentalconceptsofvirtualizationand reviewtheVMwarevirtualizationimplementationoptions. Followingarefewreasonswhyyoumightwanttothinkaboutvirtualizationforyourenvironment. Runmultipleoperationsystemsononeserver.Forexample,insteadofhavingdevelopmentserver andQAserver,youcanrunbothdevelopmentandQAonasingleserver. YoucanhavemultipleflavoursofOSononeserver.Forexample,youcanrun2LinuxOS,1Windows OSonasingleserver. MultipleOSrunningontheserversharesthehardwareresourcesamongthem.Forexample,CPU, RAM,networkdevicesaresharedamongdevelopmentserverandQAserverrunningonthesame hardware. Allocatehardwareresourcestodifferentapplicationsbasedontheutilization.Forexample,ifyou have8GBofRAMontheserver,youcanassignlessRAMtoonevirtualmachine(2GBto developmentserver)andmoreRAM(6GBtoQAserver)toanothervirtualmachinethatisrunning onthatserver Highavailabilityandbusinesscontinuity.IfVMwareisimplementedproperly,youcanmigratea virtualmachinefromoneservertoanotherserverquicklywithoutanydowntime. Thisreducestheoperationalcostandpowerconsumption.Forexample,insteadofbuyingand runningtwoservers,youwillbeusingonlyoneserverandrunbothdevelopmentandQAonit. Onahighlevel,therearetwowaysforyoutogetstartedonthevirtualizationusingVMware products.BothoftheseareavailableforfreefromVMware.
1.VMwareServer
VMwareServerrunsontopofanexistinghostoperatingsystem(eitherLinuxorWindows).Thisisa goodoptiontogetstarted,asyoucanuseanyoftheexistinghardwarealongwithitsOS.VMware serveralsosupport64bithostandguestoperatingsystem.YoualsogetVMwareInfrastructureweb accessmanagementinterfaceandVirtualMachineconsole. Fig:VirtualMachinerunningontopofVMwareServer VMwareESXiisbasedonthehypervisorarchitecture.VMwareESXirunsdirectlyonthehardware withouttheneedofanyhostoperatingsystem,whichmakesisextremelyeffectiveintermsof performance.ThisisthebestoptiontoimplementVMwareforproductionusage. Fig:VirtualMachinerunningontopofVMwareESXi FollowingaresomeofthekeyfeaturesofVMwareESXi: Memorycompression,overcommitmentanddeduplication. builtinhighavailablewithNICteamingandHBAmultipathing. IntelligentCPUvirtualization
2.VMwareESXi
Highlycompatiblewithvariousservershardware,storageandOS. AdvancedsecuritywithVMSafe,VMKernelprotectionandencryption. Easymanagementusingvsphereclient,vCenterserverandcommandlineinterface 49. Rotate the logs automatically :Manginglogfilesisanimportatpartofsysadminlife.logrotate makeiteasybyallowingyoutosetupautomaticalogrotationbasedonseveralconfigurations.Using logrotateyoucanalsoconfigureittoexecutecustomshellscriptsimmediatelyafterlogrotation.
HowTo:TheUltimateLogrotateCommand Tutorialwith10Examples
byBALAKRISHNANMARIYAPPAN onJULY14,2010
ManaginglogfileseffectivelyisanessentialtaskforLinuxsysadmin. Inthisarticle,letusdiscusshowtoperformfollowinglogfileoperationsusingUNIXlogrotateutility. Rotatethelogfilewhenfilesizereachesaspecificsize Continuetowritetheloginformationtothenewlycreatedfileafterrotatingtheoldlogfile Compresstherotatedlogfiles Specifycompressionoptionfortherotatedlogfiles Rotatetheoldlogfileswiththedateinthefilename Executecustomshellscriptsimmediatelyafterlogrotation Removeolderrotatedlogfiles
1.LogrotateConfigurationfiles
Followingarethekeyfilesthatyoushouldbeawareofforlogrotatetoworkproperly. /usr/sbin/logrotateThelogrotatecommanditself. /etc/cron.daily/logrotateThisshellscriptexecutesthelogrotatecommandeveryday. $cat/etc/cron.daily/logrotate #!/bin/sh
/usr/sbin/logrotate/etc/logrotate.conf EXITVALUE=$? if[$EXITVALUE!=0];then /usr/bin/loggertlogrotate"ALERTexitedabnormallywith[$EXITVALUE]" fi exit0
create0664rootutmp rotate1 }
2.Logrotatesizeoption:Rotatethelogfilewhenfilesizereachesaspecificlimit
Ifyouwanttorotatealogfile(forexample,/tmp/output.log)forevery1KB,createthelogrotate.confasshown below. $catlogrotate.conf /tmp/output.log{ size1k create700balabala rotate4 } Thislogrotateconfigurationhasfollowingthreeoptions: size1klogrotaterunsonlyifthefilesizeisequalto(orgreaterthan)thissize. createrotatetheoriginalfileandcreatethenewfilewithspecifiedpermission,userandgroup. rotatelimitsthenumberoflogfilerotation.So,thiswouldkeeponlytherecent4rotatedlogfiles. Beforethelogrotation,followingisthesizeoftheoutput.log: $lsl/tmp/output.log rwrr1balabala258682010060921:19/tmp/output.log Now,runthelogrotatecommandasshownbelow.Optionsspecifiesthefilenametowritethelogrotatestatus. $logrotates/var/log/logstatuslogrotate.conf Note:wheneveryouneedoflogrotationforsomefiles,preparethelogrotateconfigurationandrunthelogroate commandmanually. Afterthelogrotation,followingisthesizeoftheoutput.log: $lsl/tmp/output* rwrr1balabala258682010060921:20output.log.1 rwx1balabala02010060921:20output.log Eventuallythiswillkeepfollowingsetupofrotatedlogfiles. output.log.4. output.log.3 output.log.2 output.log.1 output.log Pleaserememberthatafterthelogrotation,thelogfilecorrespondstotheservicewouldstillpointtorotatedfile (output.log.1)andkeepsonwritinginit.Youcanusetheabovemethod,ifyouwanttorotate theapacheaccess_logorerror_logevery5MB.
Ideally,youshouldmodifythe/etc/logrotate.conftospecifythelogrotateinformationforaspecificlogfile. Also,ifyouarehavinghugelogfiles,youcanuse:10 Awesome Examples for Viewing Huge Log Files in Unix
3.Logrotatecopytruncateoption:Continuetowritetheloginformationinthenewly createdfileafterrotatingtheoldlogfile.
$catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 }
4.Logrotatecompressoption:Compresstherotatedlogfiles
Ifyouusethecompressoptionasshownbelow,therotatedfileswillbecompressedwithgziputility. $catlogrotate.conf /tmp/output.log{ size1k copytruncate create700balabala rotate4 compress } Outputofcompressedlogfile: $ls/tmp/output* output.log.1.gzoutput.log
5.Logrotatedateextoption:Rotatetheoldlogfilewithdateinthelogfilename
$catlogrotate.conf /tmp/output.log{ size1k copytruncate create700balabala dateext rotate4 compress }
Aftertheaboveconfiguration,youllnoticethedateintherotatedlogfileasshownbelow. $lslrt/tmp/output* rwrr1balabala89802010060922:10output.log20100609.gz rwxrwxrwx1balabala02010060922:11output.log Thiswouldworkonlyonceinaday.Becausewhenittriestorotatenexttimeonthesameday,earlierrotatedfile willbehavingthesamefilename.So,thelogrotatewontbesuccessfulafterthefirstrunonthesameday. Typicallyyoumightusetailftoviewtheoutputofthelogfileinrealtime.Youcanevencombine multiple tail f outputanddisplayitonsingleterminal.
6.Logrotatemonthly,daily,weeklyoption:Rotatethelogfileweekly/daily/monthly
Fordoingtherotationmonthlyonce,
Addtheweeklykeywordasshownbelowforweeklylogrotation. $catlogrotate.conf /tmp/output.log{ weekly copytruncate rotate4 compress } Addthedailykeywordasshownbelowforeverydaylogrotation.Youcanalsorotatelogshourly. $catlogrotate.conf /tmp/output.log{ daily copytruncate rotate4 compress }
7.Logrotatepostrotateendscriptoption:Runcustomshellscriptsimmediatelyafter logrotation
Logrotateallowsyoutorunyourowncustomshellscriptsafteritcompletesthelogfilerotation.Thefollowing configurationindicatesthatitwillexecutemyscript.shafterthelogrotation. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress postrotate /home/bala/myscript.sh endscript }
8.Logrotatemaxageoption:Removeolderrotatedlogfiles
Logrotateautomaticallyremovestherotatedfilesafteraspecificnumberofdays.Thefollowingexampleindicates thattherotatedlogfileswouldberemovedafter100days. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress maxage100 }
9.Logrotatemissingokoption:Dontreturnerrorifthelogfileismissing
Youcanignoretheerrormessagewhentheactualfileisnotavailablebyusingthisoptionasshownbelow. $catlogrotate.conf /tmp/output.log{ size1k copytruncate rotate4 compress missingok }
10.Logrotatecompresscmdandcompressextoption:Sspecifycompressioncommand forthelogfilerotation
$catlogrotate.conf /tmp/output.log{ size1k copytruncate create compress compresscmd/bin/bzip2 compressext.bz2 rotate4 }
withsshagent.
Step1:Createpublicandprivatekeysusingsshkeygenonlocalhost
jsmith@localhost$[Note:Youareonlocalhosthere] jsmith@localhost$sshkeygen Generatingpublic/privatersakeypair. Enterfileinwhichtosavethekey(/home/jsmith/.ssh/id_rsa):[Enterkey] Enterpassphrase(emptyfornopassphrase):[Pressenterkey] Entersamepassphraseagain:[Pessenterkey] Youridentificationhasbeensavedin/home/jsmith/.ssh/id_rsa. Yourpublickeyhasbeensavedin/home/jsmith/.ssh/id_rsa.pub. Thekeyfingerprintis: 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9jsmith@localhost
Step2:Copythepublickeytoremotehostusingsshcopyid
jsmith@localhost$sshcopyidi~/.ssh/id_rsa.pubremotehost jsmith@remotehost'spassword: Nowtryloggingintothemachine,with"ssh'remotehost'",andcheckin: .ssh/authorized_keys tomakesurewehaven'taddedextrakeysthatyouweren'texpecting.
Note:sshcopyidappendsthekeystotheremotehosts.ssh/authorized_key.
Step3:Logintoremotehostwithoutenteringthepassword
jsmith@localhost$sshremotehost Lastlogin:SunNov1617:22:332008from192.168.1.2 [Note:SSHdidnotaskforpassword.] jsmith@remotehost$[Note:Youareonremotehosthere]
Theabove3simplestepsshouldgetthejobdoneinmostcases. WealsodiscussedearlierindetailaboutperformingSSHandSCPfromopenSSH to openSSH without enteringpassword. IfyouareusingSSH2,wediscussedearlieraboutperformingSSHandSCPwithoutpassword fromSSH2 to SSH2 ,fromOpenSSH to SSH2 andfromSSH2 to OpenSSH .
Usingsshcopyidalongwiththesshadd/sshagent
jsmith@localhost$sshcopyidiremotehost /usr/bin/sshcopyid:ERROR:Noidentitiesfound
WhennovalueispassedfortheoptioniandIf~/.ssh/identity.pubisnotavailable,sshcopyidwill displaythefollowingerrormessage.
jsmith@localhost$sshadd Identityadded:/home/jsmith/.ssh/id_rsa(/home/jsmith/.ssh/id_rsa) jsmith@localhost$sshaddL sshrsaAAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow==/home/jsmith/.ssh/id_rsa jsmith@localhost$sshcopyidiremotehost jsmith@remotehost'spassword: Nowtryloggingintothemachine,with"ssh'remotehost'",andcheckin: .ssh/authorized_keys tomakesurewehaven'taddedextrakeysthatyouweren'texpecting. [Note:ThishasaddedthekeydisplayedbysshaddL]
ThreeMinorAnnoyancesofsshcopyid
Followingarefewminorannoyancesofthesshcopyid. 1. Defaultpublickey:sshcopyiduses~/.ssh/identity.pubasthedefaultpublickeyfile(i.ewhenno valueispassedtooptioni).Instead,Iwishitusesid_dsa.pub,orid_rsa.pub,oridentity.pubas defaultkeys.i.eIfanyoneofthemexist,itshouldcopythattotheremotehost.Iftwoorthreeof themexist,itshouldcopyidentity.pubasdefault. 2. Theagenthasnoidentities:WhenthesshagentisrunningandthesshaddLreturnsTheagent hasnoidentities(i.enokeysareaddedtothesshagent),thesshcopyidwillstillcopythemessage Theagenthasnoidentitiestotheremotehostsauthorized_keysentry. 3. Duplicateentryinauthorized_keys:Iwishsshcopyidvalidatesduplicateentryontheremote hostsauthorized_keys.Ifyouexecutesshcopyidmultipletimesonthelocalhost,itwillkeep appendingthesamekeyontheremotehostsauthorized_keysfilewithoutcheckingforduplicates. Evenwithduplicateentrieseverythingworksasexpected.But,Iwouldliketohavemy authorized_keysfileclutterfree. Ifyoulikethisarticle,pleasebookmarkitonDeliciousandStumbleit.