1. Password change and password policy on Linux
a. To change the user pw, at the prompt, use password command followed by user id.
# passwd bhusal # you have to enter password twice.
b. force password change upon first login,
# chage -d 0 bhusal # -d is for days, so 0 (zero) means today, right now.
c. Check the following files for passowrd policies.
# more /etc/login.defs # for Password aging info
# more /etc/pam.d/system-auth # for pw length, case info.
-------------------------------------
2. Password change and password policy on Solaris.
a. To change the pw, use the passwd command followed by userid
# passwd bhusal
b. Force the password upon first login.
# passwd -f bhusal # -f will force password to change upon first login.
c. For password policy, check the following two files,
/etc/default/login
/etc/default/passwd
d. If there is an issue with login, you can also check the following files,
/etc/passwd
/etc/shadow (account locked?)
e. Also check,
/etc/ssh/sshd-config
/etc/ssh/ssh-config
Thursday, December 29, 2011
Friday, December 23, 2011
What is YUM ? How to configure a yum repository?
What is YUM (Yellow dog Updater, Modified) Package Manager?
YUM (Yellow dog Updater, Modified") is an RPM-based package management application for Linux based operating systems. A package is
usually a software application. YUM normally comes bundled with many Linux distributions. YUM downloads software from repositories
over the network, either on the local network or over the Internet. The repositories are organized in such a way that they can be
found by the YUM client.YUM checks for package dependencies and downloads the packages and installs them.
Benefit of using YUM
- Automatic checks the software dependencies.
- it is available on command line as well on graphical interface program.
How Create a local YUM repository
Configure a yum local repository to be able to access via HTTP on Red Hat?
How do I configure a yum local repository to be able to access a DVD ISO via HTTP on Red Hat Enterprise Linux?
Setting up yum is very easy. Either server or client
Just use the following template.
Requirement, You will need repo location: /opt/RH6.3/Packages
For client, ip address and shared location (for nfs)
Note: create a file with extension .repo at /etc/yum.repos.d/
------------------------------------------------
[base] ==> just name anything you want
name=My Redhat Repo ==> just name the repo
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
gpgcheck=0
------------------------------------------------
Plan:
Package needed on server,
httpd
yum
createrepo
Package on client
yum
A. Copy the Red Hat DVD ISO image or DVD copy on the local Repository server.
a. Create a dir in the Document Root named yum/iso
# mkdir -p /var/www/html/yum/iso
b. mount the iso or cdrom and copy the content.
# mount -o loop /RHELX-DVD.iso /var/www/html/yum/iso
# cp -r /path_of_cdrom/Packages/* /var/www/html/yum/
# cd /var/www/html/yum
# which createrepo
/usr/bin/createrepo
or
# rpm –qa | grep createrepo
If you its not installed, install it.
# yum install createrepo
# createrepo .
or
# createrepo /var/www/html/yum/
# ls -l /var/www/html/yum/repodata/
# yum clean all
B. Create a file /etc/yum.repos.d/my.repo with following info.
# cat /etc/yum.repos.d/my.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
enabled=1
gpgcheck=0
3. Share with httpd by making sure you have lines like these in your /etc/httpd/conf/httpd.conf file:
ServerAdmin root@192.168.0.155
DocumentRoot /var/www/html
ServerName 192.168.0.155
(Where 192.168.0.155 is the local Repository server)
# httpd -t
# service httpd start or
# /etc/init.d/httpd start
[ ---------------------------
if http is not installed?
# yum install httpd
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start or
# service httpd start
---------------------------- ]
4. Client side configuration:
# vi /etc/yum.repos.d/my.repo
[RH51-Server]
name= RHEL5 repository
baseurl=http://192.168.0.155/yum
# baseurl=file:///var/www/html/yum
enabled=1
gpgcheck=0
Note: If the repository is not needed to update the repository server itself, file_name.repo is not required on the local repository server.
5. Verify from client:
# yum list
OR
# yum update
# yum search httpd - search
# yum install httpd - install
# yum remove httpd - remove
YUM (Yellow dog Updater, Modified") is an RPM-based package management application for Linux based operating systems. A package is
usually a software application. YUM normally comes bundled with many Linux distributions. YUM downloads software from repositories
over the network, either on the local network or over the Internet. The repositories are organized in such a way that they can be
found by the YUM client.YUM checks for package dependencies and downloads the packages and installs them.
Benefit of using YUM
- Automatic checks the software dependencies.
- it is available on command line as well on graphical interface program.
How Create a local YUM repository
Configure a yum local repository to be able to access via HTTP on Red Hat?
How do I configure a yum local repository to be able to access a DVD ISO via HTTP on Red Hat Enterprise Linux?
Setting up yum is very easy. Either server or client
Just use the following template.
Requirement, You will need repo location: /opt/RH6.3/Packages
For client, ip address and shared location (for nfs)
Note: create a file with extension .repo at /etc/yum.repos.d/
------------------------------------------------
[base] ==> just name anything you want
name=My Redhat Repo ==> just name the repo
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
gpgcheck=0
------------------------------------------------
Plan:
Package needed on server,
httpd
yum
createrepo
Package on client
yum
A. Copy the Red Hat DVD ISO image or DVD copy on the local Repository server.
a. Create a dir in the Document Root named yum/iso
# mkdir -p /var/www/html/yum/iso
b. mount the iso or cdrom and copy the content.
# mount -o loop /RHELX-DVD.iso /var/www/html/yum/iso
# cp -r /path_of_cdrom/Packages/* /var/www/html/yum/
# cd /var/www/html/yum
# which createrepo
/usr/bin/createrepo
or
# rpm –qa | grep createrepo
If you its not installed, install it.
# yum install createrepo
# createrepo .
or
# createrepo /var/www/html/yum/
# ls -l /var/www/html/yum/repodata/
# yum clean all
B. Create a file /etc/yum.repos.d/my.repo with following info.
# cat /etc/yum.repos.d/my.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
enabled=1
gpgcheck=0
3. Share with httpd by making sure you have lines like these in your /etc/httpd/conf/httpd.conf file:
ServerAdmin root@192.168.0.155
DocumentRoot /var/www/html
ServerName 192.168.0.155
(Where 192.168.0.155 is the local Repository server)
# httpd -t
# service httpd start or
# /etc/init.d/httpd start
[ ---------------------------
if http is not installed?
# yum install httpd
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start or
# service httpd start
---------------------------- ]
4. Client side configuration:
# vi /etc/yum.repos.d/my.repo
[RH51-Server]
name= RHEL5 repository
baseurl=http://192.168.0.155/yum
# baseurl=file:///var/www/html/yum
enabled=1
gpgcheck=0
Note: If the repository is not needed to update the repository server itself, file_name.repo is not required on the local repository server.
5. Verify from client:
# yum list
OR
# yum update
# yum search httpd - search
# yum install httpd - install
# yum remove httpd - remove
Monday, December 19, 2011
How to reset Locked user account password on RedH
If user tries multiple attempt to login to the server, account will be locked. Using password command will not work. So you can use pam_tally2 command to see the failed attempts.
# pam_tally2 --reset --user clanty
Login Failures Latest failure From
clanty 50 12/19/11 14:24:53 166.155.22.55
# passwd -u clanty
# passwd clanty
# chage -d 0 clanty # force user to change pw.
# pam_tally2 --reset --user clanty
Login Failures Latest failure From
clanty 50 12/19/11 14:24:53 166.155.22.55
# passwd -u clanty
# passwd clanty
# chage -d 0 clanty # force user to change pw.
Friday, December 16, 2011
Adding more space to linux (Redhat) with lvm
Adding more space to linux (Redhat) with lvm
Scan for new Luns.
echo "- - -" > /sys/class/scsi_host/host0/scan
Create partition as usual for the new disk discovered.
$ fdisk /dev/sdb
Create physical volume.
$ pvcreate /dev/sdb1
Create volume group using the physical volume if a volume group doesn’t already exist.
$ vgcreate pool0 /dev/sdb1
If adding space to an already existing volume group, add the physical volume to it.
$ vgextend pool0 /dev/sdb1
Activate the volume group if it isn’t already.
$ vgchange –a y pool0
Create a logical volume in the volume group.
$ lvcreate –L 60g –n opt pool0
Create a filesystem on the logical volume as normally done.
$ mkfs.ext3 –L /opt /dev/pool0/opt
Mount the new filesystem.
$ mount /dev/pool0/opt /opt
Scan for new Luns.
echo "- - -" > /sys/class/scsi_host/host0/scan
Create partition as usual for the new disk discovered.
$ fdisk /dev/sdb
Create physical volume.
$ pvcreate /dev/sdb1
Create volume group using the physical volume if a volume group doesn’t already exist.
$ vgcreate pool0 /dev/sdb1
If adding space to an already existing volume group, add the physical volume to it.
$ vgextend pool0 /dev/sdb1
Activate the volume group if it isn’t already.
$ vgchange –a y pool0
Create a logical volume in the volume group.
$ lvcreate –L 60g –n opt pool0
Create a filesystem on the logical volume as normally done.
$ mkfs.ext3 –L /opt /dev/pool0/opt
Mount the new filesystem.
$ mount /dev/pool0/opt /opt
Friday, December 9, 2011
Setting up data and time on Redhat
Now, Lets talk about the class requirement,
Pre-requisites:
1. Laptop with 4 GB or 6 GB of memory and at least 250 GB of disk space.
2. VMware or Virtual Box already installed on the system
a. Download from
- vmware.com
- virtualbox.org
3. Go to Centos.org and download latest version of centos.
4. If you can't install it, at least complete registration part and download the software before come to class.
5. All readings and LAB exercise are due before start of the class.
6. Feel free to ask question at the beginning of the class or at the end of the class. Please respect other folks while asking questions.
7. Please turn off your phone while in class. If you are expecting a call, let the class know.
Date and Time Configuration
A. Using tools
1. Using Date/Time Properties Tool
To open the tool:-
Click on System --> Administration --> Date & Time from the top panel
or
type system-config-date command at a shell prompt
# system-config-date
2. Using Network Time Protocol
If you are using the tool, on the date and time properties windows,
check the box "Synchronize date and time over the network and add the ntp servers on the box.
To set up time zone, click on time zone tab and select your time zone info.
B. Using Commands
# date +%D -s YYYY-MM-DD
# date +%D -s 2011-11-25
eg: YYYY is a four-digit year, MM a two-digit month, and DD a two-digit day of the month
# date +%T -s HH:MM:SS
# date +%T -s 22:11:00 # Sets the time 10:11 PM.
Here, HH stands for an hour, MM-minute, and SS-second, all in a two-digit form.(24 hour time)
If your system clock is set to use UTC (Coordinated Universal Time)
# date +%T -s HH:MM:SS -u
to set the system clock to 10:11 PM using the UTC,
# date +%T -s 22:11:00 -u
Just to display the current date and time,
# date
C. Setting up Network Time Protocol
ntp helps you to synchronize the system clock with the remote host over the network.
1. Find out if ntp server you selected is available/accessible to use .
# ntpdate -q server_address
# ntpdate -q 0.north-america.pool.ntp.org
2. Sync your time with ntp server
# ntpdate server_address
# ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org
3. To enable it across the reboot.
# chkconfig ntpdate on
4. If sync is keep failing on boot, add an entry to /etc/sysconfig/network
NETWORKWAIT=1
hOW TO SET UP NTP USING /ETC/NTP.CONF FILE
1. Edit the file /etc/ntp.conf and the ntp server entry.
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
For the initial sync, add iburst directive at the end of the each server line
eg:
server 0.north-america.pool.ntp.org iburst
2. Add the following entry on /etcntp.conf file,
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
This gives unrestricted access to localhost only.
3. Now restart the ntp
# service ntpd restart
4. Enable ntpd daemon @boot time
# chkconfig ntpd on
============================================
Adding date and time on history command in linux
The out put of history command is :
632 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 ls -l /export/home/kbhusal/mytar.tar
634 tar -tvf /export/home/kbhusal/mytar.tar
635 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 ls -l /export/home/kbhusal/mytar.tar
637 tar -tvf /export/home/kbhusal/mytar.tar
638 pwd
639 cd ..
640 ./scripts.ksh
If you want to know when that command was run, add the value for one environment variable, you are good to see out put with time stamp.
# export HISTTIMEFORMAT='%F %T ' or
# export HISTTIMEFORMAT='%F %T '
Where,
%F - sets year/month/day
%T - sets the time
Note: Add extra space after T to have a more white space between time and command field.
632 2011-12-02 15:42:09 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 2011-12-02 15:42:29 ls -l /export/home/kbhusal/mytar.tar
634 2011-12-02 15:43:56 tar -tvf /export/home/kbhusal/mytar.tar
635 2011-12-02 15:44:18 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 2011-12-02 15:44:22 ls -l /export/home/kbhusal/mytar.tar
637 2011-12-02 15:44:32 tar -tvf /export/home/kbhusal/mytar.tar
638 2011-12-02 15:44:34 pwd
639 2011-12-02 15:44:35 cd ..
640 2011-12-02 15:44:37 ./scripts.ksh
to make it permanent across the reboot, add the entry to the profile file or the user specific profile file.
Append the variable to .bash_profile on users home directory.
# echo "export HISTTIMEFORMAT='%F %T '" >> ~kbhusal/.bash_profile
To make it effective to all users, add it to the profile file..
# echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile
Pre-requisites:
1. Laptop with 4 GB or 6 GB of memory and at least 250 GB of disk space.
2. VMware or Virtual Box already installed on the system
a. Download from
- vmware.com
- virtualbox.org
3. Go to Centos.org and download latest version of centos.
4. If you can't install it, at least complete registration part and download the software before come to class.
5. All readings and LAB exercise are due before start of the class.
6. Feel free to ask question at the beginning of the class or at the end of the class. Please respect other folks while asking questions.
7. Please turn off your phone while in class. If you are expecting a call, let the class know.
Date and Time Configuration
A. Using tools
1. Using Date/Time Properties Tool
To open the tool:-
Click on System --> Administration --> Date & Time from the top panel
or
type system-config-date command at a shell prompt
# system-config-date
2. Using Network Time Protocol
If you are using the tool, on the date and time properties windows,
check the box "Synchronize date and time over the network and add the ntp servers on the box.
To set up time zone, click on time zone tab and select your time zone info.
B. Using Commands
# date +%D -s YYYY-MM-DD
# date +%D -s 2011-11-25
eg: YYYY is a four-digit year, MM a two-digit month, and DD a two-digit day of the month
# date +%T -s HH:MM:SS
# date +%T -s 22:11:00 # Sets the time 10:11 PM.
Here, HH stands for an hour, MM-minute, and SS-second, all in a two-digit form.(24 hour time)
If your system clock is set to use UTC (Coordinated Universal Time)
# date +%T -s HH:MM:SS -u
to set the system clock to 10:11 PM using the UTC,
# date +%T -s 22:11:00 -u
Just to display the current date and time,
# date
C. Setting up Network Time Protocol
ntp helps you to synchronize the system clock with the remote host over the network.
1. Find out if ntp server you selected is available/accessible to use .
# ntpdate -q server_address
# ntpdate -q 0.north-america.pool.ntp.org
2. Sync your time with ntp server
# ntpdate server_address
# ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org
3. To enable it across the reboot.
# chkconfig ntpdate on
4. If sync is keep failing on boot, add an entry to /etc/sysconfig/network
NETWORKWAIT=1
hOW TO SET UP NTP USING /ETC/NTP.CONF FILE
1. Edit the file /etc/ntp.conf and the ntp server entry.
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
For the initial sync, add iburst directive at the end of the each server line
eg:
server 0.north-america.pool.ntp.org iburst
2. Add the following entry on /etcntp.conf file,
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
This gives unrestricted access to localhost only.
3. Now restart the ntp
# service ntpd restart
4. Enable ntpd daemon @boot time
# chkconfig ntpd on
============================================
Adding date and time on history command in linux
The out put of history command is :
632 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 ls -l /export/home/kbhusal/mytar.tar
634 tar -tvf /export/home/kbhusal/mytar.tar
635 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 ls -l /export/home/kbhusal/mytar.tar
637 tar -tvf /export/home/kbhusal/mytar.tar
638 pwd
639 cd ..
640 ./scripts.ksh
If you want to know when that command was run, add the value for one environment variable, you are good to see out put with time stamp.
# export HISTTIMEFORMAT='%F %T ' or
# export HISTTIMEFORMAT='%F %T '
Where,
%F - sets year/month/day
%T - sets the time
Note: Add extra space after T to have a more white space between time and command field.
632 2011-12-02 15:42:09 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 2011-12-02 15:42:29 ls -l /export/home/kbhusal/mytar.tar
634 2011-12-02 15:43:56 tar -tvf /export/home/kbhusal/mytar.tar
635 2011-12-02 15:44:18 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 2011-12-02 15:44:22 ls -l /export/home/kbhusal/mytar.tar
637 2011-12-02 15:44:32 tar -tvf /export/home/kbhusal/mytar.tar
638 2011-12-02 15:44:34 pwd
639 2011-12-02 15:44:35 cd ..
640 2011-12-02 15:44:37 ./scripts.ksh
to make it permanent across the reboot, add the entry to the profile file or the user specific profile file.
Append the variable to .bash_profile on users home directory.
# echo "export HISTTIMEFORMAT='%F %T '" >> ~kbhusal/.bash_profile
To make it effective to all users, add it to the profile file..
# echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile
Friday, November 25, 2011
Creating Archives using tar command (tape archive)
tar command is useful to combine 1 or more files/directories into a single file. It is good for restore/backup purpose. There are some compress utilities which compress the files to save space on the filesystem.
1. Create a tar file from your current directory ..
# tar -cvf /var/tmp/mytar.tar mytar/ # Relative path
[ # tar -cvf /var/tmp/mytar.tar /home/mytar/ #Absolute path. ]
2. View the content of the tar file.
# tar -tvf mytar.tar
3. Extract the content of the tar file.
# tar -xvf mytar.tar
If you want to compress,
# bzip2 -c mytar.tar > mytar.tar.bz2 ==>> creates a new file mytar.tar.bz2
# bzip2 mytar.tar ==>> Compress the original file and renames with .bz2
# gzip -c mytar.tar > mytar.tar.gz ==>> creates a new file mytar.tar.gz
# gzip myfile ==>> Compress the original file and renames with .gz
# compress myfile # Compresses the file with .Z extension.
4. To extract the tar file
# bzip2 -d mytar.tar.bz2
# gzip -d mytar.tar.gz
# gunzip mytar.tar.gz
# uncompress mytar.tar.Z
and
# tar -xvf mytar.tar
5. Reading/viewing the Compress file.
# bzcat mytar.tar.bz2
# zcat mytar.tar.gz
# tar -tvf mytar.tar
1. Create a tar file from your current directory ..
# tar -cvf /var/tmp/mytar.tar mytar/ # Relative path
[ # tar -cvf /var/tmp/mytar.tar /home/mytar/ #Absolute path. ]
2. View the content of the tar file.
# tar -tvf mytar.tar
3. Extract the content of the tar file.
# tar -xvf mytar.tar
If you want to compress,
# bzip2 -c mytar.tar > mytar.tar.bz2 ==>> creates a new file mytar.tar.bz2
# bzip2 mytar.tar ==>> Compress the original file and renames with .bz2
# gzip -c mytar.tar > mytar.tar.gz ==>> creates a new file mytar.tar.gz
# gzip myfile ==>> Compress the original file and renames with .gz
# compress myfile # Compresses the file with .Z extension.
4. To extract the tar file
# bzip2 -d mytar.tar.bz2
# gzip -d mytar.tar.gz
# gunzip mytar.tar.gz
# uncompress mytar.tar.Z
and
# tar -xvf mytar.tar
5. Reading/viewing the Compress file.
# bzcat mytar.tar.bz2
# zcat mytar.tar.gz
# tar -tvf mytar.tar
setuid and setgid and sticky bit on Unix/Linux
setuid and setgid and sticky bit on Unix/Linux
When a file had setuid permission set, a user can executes a file or a program being (effective user id of the owner) owner of the file.
When a file has setgid permission set, a user can executes a file or a program being (effective group id of ) the group owner of the program.
You can use setgid on directories as well. When a user creates files on a setgid directory, the group ownership to set to the group owner of the directory. (Note the owner permission for S and s for execute bit)
1. Working with setuid files.
$ ls -l
-rw-r--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
a. myfile does not have setuid set up. To enable setuid
$ chmod u+s myfile
$ ls -l
-rwSr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$ chmod u+x myfile # Note: adding execute bit to the owner.
$ ls -l
-rwsr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
or
$ chmod 4754 myfile
$ ls -l
-rwsr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
Note: You can use 4 instead to u+s with chmod command but you have to use other permission as well.
b. To disable,
$ chmod u-s myfile
$ ls -l
-rwxr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
---------------------------------------------
2. Working with setgid (Note the group ownership on execute bit for s and S, why?)
a. To enable setgid,
$ chmod g+s myfile
$ ls -l
-rwxr-Sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$ chmod g+x myfile # Adding execute permission to the group.
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
b. To disable,
$ chmod g-s myfile
$ ls -l
-rwxr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$
or use number 2 instead to g+s.
$ chmod 2754 myfile
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
Note: You can use 2 with chmod command to set GID but remember other permissions as well.
---------------------------------------------
3. Working with sticky bit. (Note the execute permission on others for T and t).
Sticky bit is set to the shared directories where public need to have read, write permission such as /tmp, /var/tmp. If you give permissions without sticky bit set on, any user can edit/remove any files created by any user. So, with sticky bit set on the publicly writable directory, user can create file and also execute other files created by other users as well but they can not remove or change it. Only the owner or the root can make changes or delete the file or directories inside sticky bit set directories.
If you encounter any issues with the application failed to load, please make sure that you have proper permission set on /var/tmp and /tmp directories.
# ls -ld /tmp /var/tmp
drwxrwxrwt 19 root root 159288 Dec 1 08:32 /tmp
drwxrwxrwt 12 root sys 1536 Nov 30 19:01 /var/tmp
Note the execute permission for others, you will see t value. If you see upper case T that means execute permission on the directory for others is not enabled. lower case t states that execute permission is placed for the directory.
To set sticky bit
# chmod o+t /tmp
if there is not execute bit set for others then there will be S on execute bit place.
To add execute bit to the directory,
# chmod o+x /tmp
You will see s (lower case now) on others execute permission on the directory.
or
# chmod o=rwxt /tmp
or
# chmod 1777 /tmp
---------------------------------------------
4. setuid/setgid/sticky bit setting together.
# chmod 4755 myfile.sh # always execute the script as the user or owner.
# chmod 2755 /mydir # When created a file, it will inherit the group permission.
# chmod 1777 /tmp # setting sticky bit on the directory.
Note: If you want to apply set uid + gid + sticky bit, you can add the numeric value together. such as,
#chmod 3777 /tmp
here, note the first numeric value of 3 (2+1) which comes off gid + sticky bit set on the directory.
When a file had setuid permission set, a user can executes a file or a program being (effective user id of the owner) owner of the file.
When a file has setgid permission set, a user can executes a file or a program being (effective group id of ) the group owner of the program.
You can use setgid on directories as well. When a user creates files on a setgid directory, the group ownership to set to the group owner of the directory. (Note the owner permission for S and s for execute bit)
1. Working with setuid files.
$ ls -l
-rw-r--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
a. myfile does not have setuid set up. To enable setuid
$ chmod u+s myfile
$ ls -l
-rwSr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$ chmod u+x myfile # Note: adding execute bit to the owner.
$ ls -l
-rwsr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
or
$ chmod 4754 myfile
$ ls -l
-rwsr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
Note: You can use 4 instead to u+s with chmod command but you have to use other permission as well.
b. To disable,
$ chmod u-s myfile
$ ls -l
-rwxr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
---------------------------------------------
2. Working with setgid (Note the group ownership on execute bit for s and S, why?)
a. To enable setgid,
$ chmod g+s myfile
$ ls -l
-rwxr-Sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$ chmod g+x myfile # Adding execute permission to the group.
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
b. To disable,
$ chmod g-s myfile
$ ls -l
-rwxr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$
or use number 2 instead to g+s.
$ chmod 2754 myfile
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
Note: You can use 2 with chmod command to set GID but remember other permissions as well.
---------------------------------------------
3. Working with sticky bit. (Note the execute permission on others for T and t).
Sticky bit is set to the shared directories where public need to have read, write permission such as /tmp, /var/tmp. If you give permissions without sticky bit set on, any user can edit/remove any files created by any user. So, with sticky bit set on the publicly writable directory, user can create file and also execute other files created by other users as well but they can not remove or change it. Only the owner or the root can make changes or delete the file or directories inside sticky bit set directories.
If you encounter any issues with the application failed to load, please make sure that you have proper permission set on /var/tmp and /tmp directories.
# ls -ld /tmp /var/tmp
drwxrwxrwt 19 root root 159288 Dec 1 08:32 /tmp
drwxrwxrwt 12 root sys 1536 Nov 30 19:01 /var/tmp
Note the execute permission for others, you will see t value. If you see upper case T that means execute permission on the directory for others is not enabled. lower case t states that execute permission is placed for the directory.
To set sticky bit
# chmod o+t /tmp
if there is not execute bit set for others then there will be S on execute bit place.
To add execute bit to the directory,
# chmod o+x /tmp
You will see s (lower case now) on others execute permission on the directory.
or
# chmod o=rwxt /tmp
or
# chmod 1777 /tmp
---------------------------------------------
4. setuid/setgid/sticky bit setting together.
# chmod 4755 myfile.sh # always execute the script as the user or owner.
# chmod 2755 /mydir # When created a file, it will inherit the group permission.
# chmod 1777 /tmp # setting sticky bit on the directory.
Note: If you want to apply set uid + gid + sticky bit, you can add the numeric value together. such as,
#chmod 3777 /tmp
here, note the first numeric value of 3 (2+1) which comes off gid + sticky bit set on the directory.
How to limit unauthorized access to grub.conf file.
If you want to protect illegal access to grub.conf file and unauthorized password change or reboot, you can protect the grub.conf file with encrypted password. Use the encrypted password generated by grub-md5-crypt.
1. Generate md5 password.
# /sbin/grub-md5-crypt
Password:
Retype password:
$1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
[root@durava ~]#
2. Add md5 password just generated to the grub.conf file right after splashimage entry.
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
==========================================
# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
title Red Hat Enterprise Linux Server (2.6.18-238.9.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.9.1.el5 ro root=LABEL=/ elevator=deadline audit=1
initrd /initrd-2.6.18-238.9.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-238.5.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.5.1.el5 ro root=LABEL=/ audit=1
initrd /initrd-2.6.18-238.5.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ audit=1
initrd /boot/initrd-2.6.18-194.26.1.el5.img
#
1. Generate md5 password.
# /sbin/grub-md5-crypt
Password:
Retype password:
$1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
[root@durava ~]#
2. Add md5 password just generated to the grub.conf file right after splashimage entry.
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
==========================================
# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
title Red Hat Enterprise Linux Server (2.6.18-238.9.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.9.1.el5 ro root=LABEL=/ elevator=deadline audit=1
initrd /initrd-2.6.18-238.9.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-238.5.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.5.1.el5 ro root=LABEL=/ audit=1
initrd /initrd-2.6.18-238.5.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ audit=1
initrd /boot/initrd-2.6.18-194.26.1.el5.img
#
Tuesday, November 22, 2011
Find if the kernel is 32 or 64 bit.
Find whether the kernel is 32 or 64 bit.
On Redhat run the following commands.
$getconf LONG_BIT
64
$ uname -m
x86_64
$ uname -m
i686
$ file /bin/ls
/bin/ls: ELF 32-bit
The command below gives you if you are running 64 or 32 bit platform.
$ cat /proc/cpuinfo
32
On Solaris
$ isainfo -v
On Redhat run the following commands.
$getconf LONG_BIT
64
$ uname -m
x86_64
$ uname -m
i686
$ file /bin/ls
/bin/ls: ELF 32-bit
The command below gives you if you are running 64 or 32 bit platform.
$ cat /proc/cpuinfo
32
On Solaris
$ isainfo -v
Wednesday, November 16, 2011
step by step guide to Redhat KickStart Installation
step by step guide to Redhat KickStart Installation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kick start is a hand free installation of Redhat server on multiple machine.
Plan:
- Any successfully installed redhat system creates /root/anaconda-ks.cfg file. Based on this file you can add or remove packages.
- Or use the command System-Config-Kickstart to create a new ks file based on your requirement.
- Define your OS location either using ftp, nfs, or http
- Start the kickstart installation.
================================================
detail to follow,
===============================================
Before setting up your kickstart environment, first you better set up yum repo so that you can install all required softwares.
A. a. To set up your yum, just create the following file with the info below.
# createrepo /opt/RHL6.1/Packages
[jay@sama ~]$ cat /etc/yum.repos.d/file.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///opt/RHL6.1/Packages
enabled=1
gpgcheck=0
b. Set up nfs server.
[root@sama ~]# yum install nfs*
[jay@sama ~]$ cat /etc/exports
#/opt/RHL6.1/Packages *(rw,sync)
/opt/RHL6.1 *(rw,sync)
[root@sama ~]# service nfs reload
c. set up web server.
[root@sama ~]# yum -y install httpd
[root@sama ~]# service httpd start
[root@sama html]# vi index.html
<html>
<title>This is a test page</title>
<body>
This is a test page
</body>
</html>
confirm that you can access your website,
type http://192.168.10.110/ on your browser and press enter, you should be able to see "This is a test page page".
B. Now, you can copy your OS DVD copy on your web server.
# mkdir /OS; mount -o loop OS_Image.iso /OS; cd /OS
# cp -a * /var/www/html/yum/
verify that you can access http://192.168.10.110/yum
make sure that you can access the site from other systems on the network. if it failed, disable firewall (iptables).
# /etc/init.d/iptables stop
C. Now, real fun begins, Create a kickstart file
a. you can use anaconda-ks.cfg file as a template that is created during the first time installation of the Linux OS. Modify the values based on your requirement or
the environment.
b. Create kickstart config file using the system-config-kickstart command utility and select different parameters based on your environment. Note: make sure to instal
kickstart config package to use this feature.
here is the sample file,
[root@sama html]# cat /var/www/html/ks.cfg
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
#cdrom
nfs --server=192.168.10.110 --dir=/opt/RHL6.1
lang en_US.UTF-8
keyboard us
#network --onboot no --device eth0 --noipv4 --noipv6
network --device eth0 --bootproto static --ip 192.168.10.150 --netmask 255.255.255.0 --gateway 192.168.10.110 --hostname kickRH6.1.local
rootpw --iscrypted $6$dsXNrQw2LZLmKFLZ$55Pxwi.6bJhI3QCxembF5lRD9hrjd15b5wx3caJZVcxQC8yTEc0cz2GyVeR5s9Ao4ZxnDvFyDLWBVy9Oi2SGC0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux --drives=sda
#part --onpart=sda1 --format
part /boot --fstype=ext4 --size=500
part pv.008003 --grow --size=1
volgroup vg_kickRH6.1 --pesize=4096 pv.008003
logvol / --fstype=ext4 --name=lv_root --vgname=vg_kickRH6.1 --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=vg_kickRH6.1 --grow --size=2032 --maxsize=4064
repo --name="Red Hat Enterprise Linux" --baseurl=http://192.168.10.110/yum --cost=100
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@basic-desktop
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@hardware-monitoring
@internet-browser
@java-platform
@kde-desktop
@large-systems
@mysql-client
@mysql
@nepali-support
@network-file-system-client
@performance
@perl-runtime
@postgresql-client
@postgresql
@remote-desktop-clients
@server-platform
@server-policy
@system-admin-tools
@web-server
@x11
mtools
pax
python-dmidecode
oddjob
sgpio
genisoimage
wodim
qt-mysql
certmonger
pam_krb5
krb5-workstation
perl-DBD-MySQL
perl-DBD-SQLite
rdesktop
crypto-utils
certmonger
perl-CGI
%end
%post
(
# Disable some services and create normal user with encripted password.
chkconfig --level 3 ip6tables off
useradd -p '$6$OY1GbBYr
$MJI1dgQK23CBRzNyAEWGupxMRd2Hhwovr0cID6CtSgX7TSnLpPTR0rYNJ.AgshZzyK6QhPSWQZ0ifP9ky8HFl.' jay
) 2>&1 | tee /root/post-install.log
echo "Installation completed !!"
echo "All unauthorized activities will be monitored">>/etc/issue
%end
D. validate the kickstart configuration file with ksvalidator command
# ksvalidator /var/www/html/ks.cfg
Note: If there is an mistake or typos, you will get an error.
E. Confirm the configuration file is available form the browser.
Either type the full path on the browser or use elinks to verify.
[root@sama html]# elinks 192.168.10.110/ks.cfg
*Make sure ks.cfg file has at least 644 permission.
Now you kickstart configuration is available for installer using the web.
Now, use your installer, if you are using redhat use boot.iso, centos-->> CentOS*netinstall.iso, sciencefic linux SL*boot.iso file to install. You can use any iso file
to install any OS type but make sure to use right 32 or 64 bit image.
F. When you boot the system using any boot image, at the grub menu list, press the tab and type the following values at the prompt
linux ks=http://192.168.10.110/ks.cfg
press enter and you are good to go. You should have system installed with a normal user which you can use to login.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The kickstart file has 4 sections:
pre, configuration, packages and post.
The pre section is generally used to
check for certain hardware types or configurations and act upon that data. The
pre is not used in this scenario.
The configuration, sets up the network,
video, hard disk, locale, etc.
The packages lists which packages to
install or (with a ‘-‘) not install.
The post is how all the third party
software is added, the system is customized, and environment is setup.
The post section executes immediately
after loading the OS packages, but is finished before the OS reboots for the
first time. Because there are some
things which do not load properly until the full OS is booted, a finishing
script is placed on the system to run on first boot.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Kick start is a hand free installation of Redhat server on multiple machine.
Plan:
- Any successfully installed redhat system creates /root/anaconda-ks.cfg file. Based on this file you can add or remove packages.
- Or use the command System-Config-Kickstart to create a new ks file based on your requirement.
- Define your OS location either using ftp, nfs, or http
- Start the kickstart installation.
================================================
detail to follow,
===============================================
Before setting up your kickstart environment, first you better set up yum repo so that you can install all required softwares.
A. a. To set up your yum, just create the following file with the info below.
# createrepo /opt/RHL6.1/Packages
[jay@sama ~]$ cat /etc/yum.repos.d/file.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///opt/RHL6.1/Packages
enabled=1
gpgcheck=0
b. Set up nfs server.
[root@sama ~]# yum install nfs*
[jay@sama ~]$ cat /etc/exports
#/opt/RHL6.1/Packages *(rw,sync)
/opt/RHL6.1 *(rw,sync)
[root@sama ~]# service nfs reload
c. set up web server.
[root@sama ~]# yum -y install httpd
[root@sama ~]# service httpd start
[root@sama html]# vi index.html
<html>
<title>This is a test page</title>
<body>
This is a test page
</body>
</html>
confirm that you can access your website,
type http://192.168.10.110/ on your browser and press enter, you should be able to see "This is a test page page".
B. Now, you can copy your OS DVD copy on your web server.
# mkdir /OS; mount -o loop OS_Image.iso /OS; cd /OS
# cp -a * /var/www/html/yum/
verify that you can access http://192.168.10.110/yum
make sure that you can access the site from other systems on the network. if it failed, disable firewall (iptables).
# /etc/init.d/iptables stop
C. Now, real fun begins, Create a kickstart file
a. you can use anaconda-ks.cfg file as a template that is created during the first time installation of the Linux OS. Modify the values based on your requirement or
the environment.
b. Create kickstart config file using the system-config-kickstart command utility and select different parameters based on your environment. Note: make sure to instal
kickstart config package to use this feature.
here is the sample file,
[root@sama html]# cat /var/www/html/ks.cfg
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
#cdrom
nfs --server=192.168.10.110 --dir=/opt/RHL6.1
lang en_US.UTF-8
keyboard us
#network --onboot no --device eth0 --noipv4 --noipv6
network --device eth0 --bootproto static --ip 192.168.10.150 --netmask 255.255.255.0 --gateway 192.168.10.110 --hostname kickRH6.1.local
rootpw --iscrypted $6$dsXNrQw2LZLmKFLZ$55Pxwi.6bJhI3QCxembF5lRD9hrjd15b5wx3caJZVcxQC8yTEc0cz2GyVeR5s9Ao4ZxnDvFyDLWBVy9Oi2SGC0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux --drives=sda
#part --onpart=sda1 --format
part /boot --fstype=ext4 --size=500
part pv.008003 --grow --size=1
volgroup vg_kickRH6.1 --pesize=4096 pv.008003
logvol / --fstype=ext4 --name=lv_root --vgname=vg_kickRH6.1 --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=vg_kickRH6.1 --grow --size=2032 --maxsize=4064
repo --name="Red Hat Enterprise Linux" --baseurl=http://192.168.10.110/yum --cost=100
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@basic-desktop
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@hardware-monitoring
@internet-browser
@java-platform
@kde-desktop
@large-systems
@mysql-client
@mysql
@nepali-support
@network-file-system-client
@performance
@perl-runtime
@postgresql-client
@postgresql
@remote-desktop-clients
@server-platform
@server-policy
@system-admin-tools
@web-server
@x11
mtools
pax
python-dmidecode
oddjob
sgpio
genisoimage
wodim
qt-mysql
certmonger
pam_krb5
krb5-workstation
perl-DBD-MySQL
perl-DBD-SQLite
rdesktop
crypto-utils
certmonger
perl-CGI
%end
%post
(
# Disable some services and create normal user with encripted password.
chkconfig --level 3 ip6tables off
useradd -p '$6$OY1GbBYr
$MJI1dgQK23CBRzNyAEWGupxMRd2Hhwovr0cID6CtSgX7TSnLpPTR0rYNJ.AgshZzyK6QhPSWQZ0ifP9ky8HFl.' jay
) 2>&1 | tee /root/post-install.log
echo "Installation completed !!"
echo "All unauthorized activities will be monitored">>/etc/issue
%end
D. validate the kickstart configuration file with ksvalidator command
# ksvalidator /var/www/html/ks.cfg
Note: If there is an mistake or typos, you will get an error.
E. Confirm the configuration file is available form the browser.
Either type the full path on the browser or use elinks to verify.
[root@sama html]# elinks 192.168.10.110/ks.cfg
*Make sure ks.cfg file has at least 644 permission.
Now you kickstart configuration is available for installer using the web.
Now, use your installer, if you are using redhat use boot.iso, centos-->> CentOS*netinstall.iso, sciencefic linux SL*boot.iso file to install. You can use any iso file
to install any OS type but make sure to use right 32 or 64 bit image.
F. When you boot the system using any boot image, at the grub menu list, press the tab and type the following values at the prompt
linux ks=http://192.168.10.110/ks.cfg
press enter and you are good to go. You should have system installed with a normal user which you can use to login.
boot options linux ks=ftp://myserver.com/ks.conf linux ks=http://domain.com/path/ks.conf linux ks=nfs:servername:/path/ks.conf
================================
for the post installation entry
--------------------------------
%post --nochroot ###### NFS mounts ###### mkdir /mnt/sysimage/opt/users mkdir /mnt/sysimage/home echo "192.168.10.110 sama sama.expanor.local >>/mnt/sysimage/etc/hosts" echo "sama:/home/users /opt/users nfs rw,bg,intr,soft 1 2" >> /mnt/sysimage/etc/fstab ##echo "d2:/vol/root/home /home nfs rw,bg,intr,soft 0 0" >> /mnt/sysimage/etc/fstab
some selinux info
======================================
List and identify SELinux file and process context.
View SELinux contexts of processes:
# ps -eZ, ps -axZ, ps -Zc <process name>, etc.
View SELinux contexts of files and directories:
# ls -Zd /path/to/dir/, ls -Z /path/to/file, etc.
View SELinux contexts of users:
id -Z
Policy context rules are stored in
/etc/selinux/targeted/context/files/file_contexts and
/etc/selinux/targeted/context/files/file_contexts.local
# semanage fcontext -[a|d|m] -f <ftype> -t <context> ‘<regex>’
e.g.: semanage fcontext -a -t virt_image_t “/virtstorage(/.*)?”
Restore default file contexts.
# restorecon -R -v /dir/ : note the last slash. -R = recursive (all child files and directories) -v = verbose.
Use boolean settings to modify system SELinux settings.
- Booleans are plain text files located in /selinux/booleans
- semanage boolean -l : List booleans with basic descriptions (very useful with grep)
- setsebool [-P] <boolean_name> : set SE boolean, -P to make permanent (survive reboot)
- Use the graphical tool: system-config-selinux
- Diagnose and address routine SELinux policy violations.
Many targeted services have specialised man pages dealing with SELinux configuration.
Display these pages with:
# man -k ‘_selinux’
Installing setroubleshoot-server sends SELinux error messages to /var/log/messages. These can be further parsed with sealert.
audit2why and audit2allow can be used to parse the messages in /var/log/audit/audit.log and explain why access was denied, and how to modify your configuration to allow it.
# semanage port -l : list SELinux port settings.
SELinux Packages and utilities
coreutils : Always installed. Provides some default elements of SELinux.
policycoreutils : Provides restorecon, secon, setfiles, et al.
libselinux-utils : Provides getenforce, setenforce, getsebool, setsebool, et al.
policycoreutils-gui : Provides system-config-selinux and sepolgen, et al.
policycoreutils-python : Provides semanage, audit2allow, audit2why, et al.
setroubleshoot : Provides seapplet
setroubleshoot-server : Provides sealert, sedispatch, setroubleshootd, et al.
==========================
SET ENFORCING AND PERMISSIVE MODES FOR SELINUX
Persistent change:
/etc/selinux/config:
SELINUX=enforcing|permissiveCurrent session:
Non persistent change:
setenforce 1|0|enforcing|permissive
VIEW SELINUX STATUS:
Sestatus
LIST AND IDENTIFY SELINUX FILE AND PROCESS CONTEXT
ls -lZ
ps -efZ
RESTORE DEFAULT FILE CONTEXTS
restorecon -R*file
USE BOOLEAN SETTINGS TO MODIFY SYSTEM SELINUX SETTINGS
View booleans:
getsebool -a | grep keyword
OR*semanage boolean -l | grep keyword
Change booleans:
setsebool -P boolean on|off
DIAGNOSE AND ADDRESS ROUTINE SELINUX POLICY VIOLATIONS
Diagnose:
/var/log/audit/audit.log
/var/log/messages
view service logs
sealert
Fix:
audit2allow
setsebool -P boolean on|off
========================
List and identify SELinux file and process context.
View SELinux contexts of processes:
# ps -eZ, ps -axZ, ps -Zc <process name>, etc.
View SELinux contexts of files and directories:
# ls -Zd /path/to/dir/, ls -Z /path/to/file, etc.
View SELinux contexts of users:
id -Z
Policy context rules are stored in
/etc/selinux/targeted/context/files/file_contexts and
/etc/selinux/targeted/context/files/file_contexts.local
# semanage fcontext -[a|d|m] -f <ftype> -t <context> ‘<regex>’
e.g.: semanage fcontext -a -t virt_image_t “/virtstorage(/.*)?”
Restore default file contexts.
# restorecon -R -v /dir/ : note the last slash. -R = recursive (all child files and directories) -v = verbose.
Use boolean settings to modify system SELinux settings.
- Booleans are plain text files located in /selinux/booleans
- semanage boolean -l : List booleans with basic descriptions (very useful with grep)
- setsebool [-P] <boolean_name> : set SE boolean, -P to make permanent (survive reboot)
- Use the graphical tool: system-config-selinux
- Diagnose and address routine SELinux policy violations.
Many targeted services have specialised man pages dealing with SELinux configuration.
Display these pages with:
# man -k ‘_selinux’
Installing setroubleshoot-server sends SELinux error messages to /var/log/messages. These can be further parsed with sealert.
audit2why and audit2allow can be used to parse the messages in /var/log/audit/audit.log and explain why access was denied, and how to modify your configuration to allow it.
# semanage port -l : list SELinux port settings.
SELinux Packages and utilities
coreutils : Always installed. Provides some default elements of SELinux.
policycoreutils : Provides restorecon, secon, setfiles, et al.
libselinux-utils : Provides getenforce, setenforce, getsebool, setsebool, et al.
policycoreutils-gui : Provides system-config-selinux and sepolgen, et al.
policycoreutils-python : Provides semanage, audit2allow, audit2why, et al.
setroubleshoot : Provides seapplet
setroubleshoot-server : Provides sealert, sedispatch, setroubleshootd, et al.
==========================
SET ENFORCING AND PERMISSIVE MODES FOR SELINUX
Persistent change:
/etc/selinux/config:
SELINUX=enforcing|permissiveCurrent session:
Non persistent change:
setenforce 1|0|enforcing|permissive
VIEW SELINUX STATUS:
Sestatus
LIST AND IDENTIFY SELINUX FILE AND PROCESS CONTEXT
ls -lZ
ps -efZ
RESTORE DEFAULT FILE CONTEXTS
restorecon -R*file
USE BOOLEAN SETTINGS TO MODIFY SYSTEM SELINUX SETTINGS
View booleans:
getsebool -a | grep keyword
OR*semanage boolean -l | grep keyword
Change booleans:
setsebool -P boolean on|off
DIAGNOSE AND ADDRESS ROUTINE SELINUX POLICY VIOLATIONS
Diagnose:
/var/log/audit/audit.log
/var/log/messages
view service logs
sealert
Fix:
audit2allow
setsebool -P boolean on|off
========================
Step by Step guide to Create and manage Logical Volume Manager in Redhat .
Step by Step guide to Create and manage Logical Volume Manager in Redhat Linux.
1. Creating an LVM Logical Volume on Three Disks (or more if you have available).
2. Creating a Striped Logical Volume
3. Splitting a Volume Group
4. Removing a Disk from a Logical Volume
1. Creating an LVM Logical Volume on Three Disks.
Plan:
logical volume name: new_logical_volume
Disks: /dev/sda1, /dev/sdb1, and /dev/sdc1
partition type: Linux LVM which is 8e.
Warning: Verify that disks does not contain any important data.
a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1
# pvdisplay # command to display physical volume detail.
Note: Each physical volume has a UUID.
b. Creating the Volume Group
# vgcreate new_vol_group /dev/sda1 /dev/sdb1 /dev/sdc1
# vgs or # Displays new volume group attributes
# vgdisplay volume_name
Note: volume group name is new_vol_group
c. Creating the Logical Volume
# lvcreate -L 2G -n new_logical_volume new_vol_group # Creates 2 GB Logical volume
# lvcreate -L 3GB -n mylvvol new_vol_group # Creates 3 GB Logical volume
# lvdisplay # Displays Logical Volume attributes.
Here, L flag is sued to size while n flag is for new logical volume name.
Note: creates 2gb of logical volume new_logical_volume from the volume group new_vol_group.
You can create multiple logical volumes on a single volume group.
d. Creating the File System using mkfs command.
# mkfs.gfs2 -p lock_nolock -j 1 /dev/new_vol_group/new_logical_volume or
# mkfs.ext4 /dev/new_vol_group/new_logical_volume
Note: You can use mke2fs, mkfs.ext3, mkfs.ext4 commands with different options.
e. mount the logical volume
# mount /dev/new_vol_group/new_logical_volume /mnt
f. Add entry to /etc/fstab to be mounted across the reboot.
g. Resize the logical volume to expand or shrink the filesystem.
# lvresize -L 5GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 5G
# lvresize -L 3GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 3G
Note: To shrink you have to unmount the filesystem. To resize with new storage space added, use resize2fs command. The filessytem must be ext3 and up to resize the volume.
# resize2fs /dev/new_vol_group/new_logical_volume 5G
h. Remove the logical volume
# lvremove /dev/new_vol_group/new_logical_volume
i. Rename Logical Volume
# lvrename new_vol_group new_logical_volume my_logical_volume
# lvresize -L 10GB /dev/new_vol_group/my_logical_volume
Note: Only renames logical Volume not the volume group.
j. Rename Volume Group.
# vgrename new_vol_group my_vol_group
Note: Once you rename Logical volume or the volume group, make sure to change your mount point and the /etc/fstab entry.
=================================================================
2. Creating a Striped Logical Volume
Plan:
LVM striped logical volume: striped_logical_volume
Disk for stripping: /dev/sda1, /dev/sdb1, and /dev/sdc1
Warning: Any data on the disk will be lost.
a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1
b. Creating the Volume Group
# vgcreate volgroup01 /dev/sda1 /dev/sdb1 /dev/sdc1
Verify the volume group attributes,
# vgs
c. Creating the Logical Volume
# lvcreate -i3 -I4 -L2G -n striped_logical_volume volgroup01
The command creates striped logical volume striped_logical_volume with 2 gigabytes in size, with three
stripes and a stripe size of 4 kilobytes from the volume group volgroup01.
d. Creating the File System
# mkfs.gfs2 -plock_nolock -j 1 /dev/volgroup01/striped_logical_volume
e. Mount the filesystem.
# mount /dev/volgroup01/striped_logical_volume /mnt
# df -h /mnt
3. Splitting a Volume Group
Plan:
modify ?? below...
If there is enough unused space on the physical volumes, a new volume group can be created without adding
new disks.
In the initial set up, the logical volume mylv is carved from the volume group myvol, which in turn
consists of the three physical volumes, /dev/sda1, /dev/sdb1, and /dev/sdc1.
After completing this procedure, the volume group myvg will consist of /dev/sda1 and /dev/sdb1. A second
volume group, yourvg, will consist of /dev/sdc1.
a. Determining Free Space
determine how much free space is currently available in the volume group using pvscan
# pvscan - change the output. ..
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 12.15 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 15.80 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]
b. Moving the Data
You can move all the used physical extents in /dev/sdc1 to /dev/sdb1 with the pvmove command. The pvmove
command can take a long time to execute.
# pvmove /dev/sdc1 /dev/sdb1
Verify that the space on /dev/sdc1 is free using the pvscan command.
# pvscan
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 10.80 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 17.15 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]
c. Splitting the Volume Group
Using vfsplit command you can create new volume group yourvg, to split the volume group myvg.
Make sure your logical volume is inactive. If there are any mounts, unmount before deactiviting the logical
volume.
Use lvchange or vgchange command to deactivate the logical volume.
# lvchange -a n /dev/myvg/mylv
# vgsplit myvg yourvg /dev/sdc1
The above command deactivates the logical volume mylv and splits the volume group yourvg from volume group
myvg, moving physical volume /etc/sdc1 into new volume group yourvg.
Verify the volume group attributes.
# vgs
d. Creating the New Logical Volume
Now, create new logical volume yourlv after creating the new volume group.
# lvcreate -L5G -n yourlv yourvg
e. Create a File System and mount the New Logical Volume
# mkfs.gfs2 -plock_nolock -j 1 /dev/yourvg/yourlv
f. Activating and Mounting the Original Logical Volume
# lvchange -a y mylv
# mount /dev/myvg/mylv /mnt
# df
4. Removing a Disk from a Logical Volume
You can remove a disk from existing logical volume to use the disk for other volume or to replace the
failed disk. To process, you must have to move the extents on the LVM physical volume to a different disk
or the set of disks.
A. Moving Extents to Existing Physical Volumes
Plan:
We have a logical volume that is distributed across four physical volumes in the volume group myvg.
a.
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdb1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdc1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdd1 myvg lvm2 a- 17.15G 2.15G 15.00G
We want to move the extents off of /dev/sdb1 so that we can remove it from the volume group.
You need to have free extents on other physical volumes in volume group. The extents will be distributed to
the other devices.
# pvmove /dev/sdb1
/dev/sdb1: Moved: 2.0%
...
/dev/sdb1: Moved: 79.2%
...
/dev/sdb1: Moved: 100.0%
Check the distribution of extents using pvs command.
# pvs -o+pv_used
b. Remove the physical volume /dev/sdb1 from the volume group using vgreduce command.
# vgreduce myvg /dev/sdb1
# pvs
Now, disk can be physically remove or use for other purpose.
B. Moving Extents to a New Disk
Plan:
The logical volume is distributed across three physical volumes in the volume group myvg as follows:
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 7.15G 10.00G
/dev/sdb1 myvg lvm2 a- 17.15G 15.15G 2.00G
/dev/sdc1 myvg lvm2 a- 17.15G 15.15G 2.00G
We want to move the extents of /dev/sdb1 to a new device, /dev/sdd1.
a. Creating the New Physical Volume
scenario: Create a new physical volume from /dev/sdd1.
# pvcreate /dev/sdd1
b. Adding the New Physical Volume to the Volume Group
# vgextend myvg /dev/sdd1
# pvs -o+pv_used
c. Moving the Data
Use the pvmove command to move the data from /dev/sdb1 to /dev/sdd1.
# pvmove /dev/sdb1 /dev/sdd1
# pvs -o+pv_used
d. Removing the Old Physical Volume from the Volume Group
After you have moved the data off /dev/sdb1, you can remove it from the volume group.
# vgreduce myvg /dev/sdb1
Creating and using snapshop for backup
1. Create a new snapshot volume called snaplvname of /dev/vgname/lvname that is 20 mb in size
# lvcreate -s -n snaplv -L 20M /dev/vgname/lvname
2. If backup software requires it, mount the snapshot and point that back program to the new mountpoint.
# mkdir /snapmount
# mount -o ro /dev/vgname/snaplv /snapmount
3. Verify the status of the snapshot logical volume
# lvs /dev/vgname/snaplv
4. When done with snapshot, unmount and remove it.
# umount /snapmount
# lvremove /dev/vgname/snaplv
Based on the online doc @redhat....
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Logical_Volume_Manager_Administration/index.html#troubleshooting
1. Creating an LVM Logical Volume on Three Disks (or more if you have available).
2. Creating a Striped Logical Volume
3. Splitting a Volume Group
4. Removing a Disk from a Logical Volume
1. Creating an LVM Logical Volume on Three Disks.
Plan:
logical volume name: new_logical_volume
Disks: /dev/sda1, /dev/sdb1, and /dev/sdc1
partition type: Linux LVM which is 8e.
Warning: Verify that disks does not contain any important data.
a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1
# pvdisplay # command to display physical volume detail.
Note: Each physical volume has a UUID.
b. Creating the Volume Group
# vgcreate new_vol_group /dev/sda1 /dev/sdb1 /dev/sdc1
# vgs or # Displays new volume group attributes
# vgdisplay volume_name
Note: volume group name is new_vol_group
c. Creating the Logical Volume
# lvcreate -L 2G -n new_logical_volume new_vol_group # Creates 2 GB Logical volume
# lvcreate -L 3GB -n mylvvol new_vol_group # Creates 3 GB Logical volume
# lvdisplay # Displays Logical Volume attributes.
Here, L flag is sued to size while n flag is for new logical volume name.
Note: creates 2gb of logical volume new_logical_volume from the volume group new_vol_group.
You can create multiple logical volumes on a single volume group.
d. Creating the File System using mkfs command.
# mkfs.gfs2 -p lock_nolock -j 1 /dev/new_vol_group/new_logical_volume or
# mkfs.ext4 /dev/new_vol_group/new_logical_volume
Note: You can use mke2fs, mkfs.ext3, mkfs.ext4 commands with different options.
e. mount the logical volume
# mount /dev/new_vol_group/new_logical_volume /mnt
f. Add entry to /etc/fstab to be mounted across the reboot.
g. Resize the logical volume to expand or shrink the filesystem.
# lvresize -L 5GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 5G
# lvresize -L 3GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 3G
Note: To shrink you have to unmount the filesystem. To resize with new storage space added, use resize2fs command. The filessytem must be ext3 and up to resize the volume.
# resize2fs /dev/new_vol_group/new_logical_volume 5G
h. Remove the logical volume
# lvremove /dev/new_vol_group/new_logical_volume
i. Rename Logical Volume
# lvrename new_vol_group new_logical_volume my_logical_volume
# lvresize -L 10GB /dev/new_vol_group/my_logical_volume
Note: Only renames logical Volume not the volume group.
j. Rename Volume Group.
# vgrename new_vol_group my_vol_group
Note: Once you rename Logical volume or the volume group, make sure to change your mount point and the /etc/fstab entry.
=================================================================
2. Creating a Striped Logical Volume
Plan:
LVM striped logical volume: striped_logical_volume
Disk for stripping: /dev/sda1, /dev/sdb1, and /dev/sdc1
Warning: Any data on the disk will be lost.
a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1
b. Creating the Volume Group
# vgcreate volgroup01 /dev/sda1 /dev/sdb1 /dev/sdc1
Verify the volume group attributes,
# vgs
c. Creating the Logical Volume
# lvcreate -i3 -I4 -L2G -n striped_logical_volume volgroup01
The command creates striped logical volume striped_logical_volume with 2 gigabytes in size, with three
stripes and a stripe size of 4 kilobytes from the volume group volgroup01.
d. Creating the File System
# mkfs.gfs2 -plock_nolock -j 1 /dev/volgroup01/striped_logical_volume
e. Mount the filesystem.
# mount /dev/volgroup01/striped_logical_volume /mnt
# df -h /mnt
3. Splitting a Volume Group
Plan:
modify ?? below...
If there is enough unused space on the physical volumes, a new volume group can be created without adding
new disks.
In the initial set up, the logical volume mylv is carved from the volume group myvol, which in turn
consists of the three physical volumes, /dev/sda1, /dev/sdb1, and /dev/sdc1.
After completing this procedure, the volume group myvg will consist of /dev/sda1 and /dev/sdb1. A second
volume group, yourvg, will consist of /dev/sdc1.
a. Determining Free Space
determine how much free space is currently available in the volume group using pvscan
# pvscan - change the output. ..
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 12.15 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 15.80 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]
b. Moving the Data
You can move all the used physical extents in /dev/sdc1 to /dev/sdb1 with the pvmove command. The pvmove
command can take a long time to execute.
# pvmove /dev/sdc1 /dev/sdb1
Verify that the space on /dev/sdc1 is free using the pvscan command.
# pvscan
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 10.80 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 17.15 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]
c. Splitting the Volume Group
Using vfsplit command you can create new volume group yourvg, to split the volume group myvg.
Make sure your logical volume is inactive. If there are any mounts, unmount before deactiviting the logical
volume.
Use lvchange or vgchange command to deactivate the logical volume.
# lvchange -a n /dev/myvg/mylv
# vgsplit myvg yourvg /dev/sdc1
The above command deactivates the logical volume mylv and splits the volume group yourvg from volume group
myvg, moving physical volume /etc/sdc1 into new volume group yourvg.
Verify the volume group attributes.
# vgs
d. Creating the New Logical Volume
Now, create new logical volume yourlv after creating the new volume group.
# lvcreate -L5G -n yourlv yourvg
e. Create a File System and mount the New Logical Volume
# mkfs.gfs2 -plock_nolock -j 1 /dev/yourvg/yourlv
f. Activating and Mounting the Original Logical Volume
# lvchange -a y mylv
# mount /dev/myvg/mylv /mnt
# df
4. Removing a Disk from a Logical Volume
You can remove a disk from existing logical volume to use the disk for other volume or to replace the
failed disk. To process, you must have to move the extents on the LVM physical volume to a different disk
or the set of disks.
A. Moving Extents to Existing Physical Volumes
Plan:
We have a logical volume that is distributed across four physical volumes in the volume group myvg.
a.
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdb1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdc1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdd1 myvg lvm2 a- 17.15G 2.15G 15.00G
We want to move the extents off of /dev/sdb1 so that we can remove it from the volume group.
You need to have free extents on other physical volumes in volume group. The extents will be distributed to
the other devices.
# pvmove /dev/sdb1
/dev/sdb1: Moved: 2.0%
...
/dev/sdb1: Moved: 79.2%
...
/dev/sdb1: Moved: 100.0%
Check the distribution of extents using pvs command.
# pvs -o+pv_used
b. Remove the physical volume /dev/sdb1 from the volume group using vgreduce command.
# vgreduce myvg /dev/sdb1
# pvs
Now, disk can be physically remove or use for other purpose.
B. Moving Extents to a New Disk
Plan:
The logical volume is distributed across three physical volumes in the volume group myvg as follows:
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 7.15G 10.00G
/dev/sdb1 myvg lvm2 a- 17.15G 15.15G 2.00G
/dev/sdc1 myvg lvm2 a- 17.15G 15.15G 2.00G
We want to move the extents of /dev/sdb1 to a new device, /dev/sdd1.
a. Creating the New Physical Volume
scenario: Create a new physical volume from /dev/sdd1.
# pvcreate /dev/sdd1
b. Adding the New Physical Volume to the Volume Group
# vgextend myvg /dev/sdd1
# pvs -o+pv_used
c. Moving the Data
Use the pvmove command to move the data from /dev/sdb1 to /dev/sdd1.
# pvmove /dev/sdb1 /dev/sdd1
# pvs -o+pv_used
d. Removing the Old Physical Volume from the Volume Group
After you have moved the data off /dev/sdb1, you can remove it from the volume group.
# vgreduce myvg /dev/sdb1
Creating and using snapshop for backup
1. Create a new snapshot volume called snaplvname of /dev/vgname/lvname that is 20 mb in size
# lvcreate -s -n snaplv -L 20M /dev/vgname/lvname
2. If backup software requires it, mount the snapshot and point that back program to the new mountpoint.
# mkdir /snapmount
# mount -o ro /dev/vgname/snaplv /snapmount
3. Verify the status of the snapshot logical volume
# lvs /dev/vgname/snaplv
4. When done with snapshot, unmount and remove it.
# umount /snapmount
# lvremove /dev/vgname/snaplv
Based on the online doc @redhat....
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Logical_Volume_Manager_Administration/index.html#troubleshooting
Tuesday, November 15, 2011
How to change the root password for root user on Redhat.
How to change the root password for root user on Redhat.
Plan:
Two steps to change root password on RedHat.
- You need to have physical access to the server or have a console access to the system.
- Boot the system to the single user mode and change the pw.
Steps:
1. Reboot/poweron the server.
2. On grub menu press e to go to edit mode.
3. Select the boot line from the list and press e again.
4. Insert an space and type the number 1 ( or type single)
5. Press ENTER and press 'b' and ENTER again.
6. You are in single user mode without a password.
--------------------------Detail-------------------------
1. Login to the console. Boot/reboot the system and and press F12 for boot menu.
# reboot or @ shutdown -r
or
CTRL+ALT+DELETE
or
power cycle [ be careful, you may have to run fsck)
2. Edit the grub menu
Select (High Light) the kernel you want to login to and change the pw.
Note: Use the arrow keys to move to different the kernel line and to disable the automatic boot counter timer.
3. Press the 'e' key on the keyboard to edit the entry.
For eg.:- kernel /boot/vmlinuz-............
4. Press the 'e' key to edit the line, and you will be at the end of the line.
5. Now, verify your cursor is on correct position. Press the space bar, and type single; and press the enter key.
kernel /boot/vmlinuz-x.x.x.x.x.abc ro root=/dev/sda1 single
6. Press the 'b' key to continue the boot process.
7. You will be on single user mode. Change the root pw. create other users if needed.
# passwd root
8. Reboot the system.
# shutdown -r now.
you done ..
Plan:
Two steps to change root password on RedHat.
- You need to have physical access to the server or have a console access to the system.
- Boot the system to the single user mode and change the pw.
Steps:
1. Reboot/poweron the server.
2. On grub menu press e to go to edit mode.
3. Select the boot line from the list and press e again.
4. Insert an space and type the number 1 ( or type single)
5. Press ENTER and press 'b' and ENTER again.
6. You are in single user mode without a password.
--------------------------Detail-------------------------
1. Login to the console. Boot/reboot the system and and press F12 for boot menu.
# reboot or @ shutdown -r
or
CTRL+ALT+DELETE
or
power cycle [ be careful, you may have to run fsck)
2. Edit the grub menu
Select (High Light) the kernel you want to login to and change the pw.
Note: Use the arrow keys to move to different the kernel line and to disable the automatic boot counter timer.
3. Press the 'e' key on the keyboard to edit the entry.
For eg.:- kernel /boot/vmlinuz-............
4. Press the 'e' key to edit the line, and you will be at the end of the line.
5. Now, verify your cursor is on correct position. Press the space bar, and type single; and press the enter key.
kernel /boot/vmlinuz-x.x.x.x.x.abc ro root=/dev/sda1 single
6. Press the 'b' key to continue the boot process.
7. You will be on single user mode. Change the root pw. create other users if needed.
# passwd root
8. Reboot the system.
# shutdown -r now.
you done ..
Tuesday, November 8, 2011
How to configure network interface on Redhat
Interface name starts with ethx on redhat. If you have nore than 1 interface it starts like eth0, eth1 and so on.h1 and so on.
1. List the plumbed interfaces.
# ifconfig
2. If IP is not assigned, use ifconfig command to assign.
# ifconfig eth0 192.168.0.155 up
3. To bring the interface down.
# ifconfig eth0 down
4. To configure the interface using GUI
# system-config-network
5. If you want to make it permanent, edit the interface file on /etc/sysconfig/network-scripts/ifcfg-eth0. i.e. interface instance is eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.0.155
PEERDNS=no
check_link_down() {
return 1;
}
GATEWAY=192.168.0.1
TYPE=Ethernet
HWADDR=00:00:00:00:00:00
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.0.155 Bcast:195.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:56aa:febe:7a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65734108 errors:0 dropped:0 overruns:0 frame:0
TX packets:29311081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26973738977 (25.1 GiB) TX bytes:24118414406 (22.4 GiB)
6. Check the entry on network file.
# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
IPV6INIT=no
HOSTNAME=devi.bhusal.com
NOZEROCONF=yes
7. If you want to restart network services use the following command. If you are changing the hostname on the server, you have to reboot the server.
# service network restart
8. Verify the ip address, routing information.
# ifconfig -a
# route -rn
9. If you want to use configuration window, run the following command at the prompt.
# system-config-network
10. If you want to set up a dns, you have to add entry on nsswitch.conf file..
1. vi /etc/nsswitch.conf
hosts: files dns
2. Add entry on /etc/resolv.conf file
NOTE: Starting Redhat 6 EP, you can use dns on interface file as follow,
DNS1=192.168.0.125
3. Use dig command to verify the dns information..
# dig devi.bhusal.com
if you get problem, ping the server.
# ping devi.
if you still get issue resolve your ip issue and dns issue second.
1. List the plumbed interfaces.
# ifconfig
2. If IP is not assigned, use ifconfig command to assign.
# ifconfig eth0 192.168.0.155 up
3. To bring the interface down.
# ifconfig eth0 down
4. To configure the interface using GUI
# system-config-network
5. If you want to make it permanent, edit the interface file on /etc/sysconfig/network-scripts/ifcfg-eth0. i.e. interface instance is eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.0.155
PEERDNS=no
check_link_down() {
return 1;
}
GATEWAY=192.168.0.1
TYPE=Ethernet
HWADDR=00:00:00:00:00:00
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.0.155 Bcast:195.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:56aa:febe:7a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65734108 errors:0 dropped:0 overruns:0 frame:0
TX packets:29311081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26973738977 (25.1 GiB) TX bytes:24118414406 (22.4 GiB)
6. Check the entry on network file.
# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
IPV6INIT=no
HOSTNAME=devi.bhusal.com
NOZEROCONF=yes
7. If you want to restart network services use the following command. If you are changing the hostname on the server, you have to reboot the server.
# service network restart
8. Verify the ip address, routing information.
# ifconfig -a
# route -rn
9. If you want to use configuration window, run the following command at the prompt.
# system-config-network
10. If you want to set up a dns, you have to add entry on nsswitch.conf file..
1. vi /etc/nsswitch.conf
hosts: files dns
2. Add entry on /etc/resolv.conf file
NOTE: Starting Redhat 6 EP, you can use dns on interface file as follow,
DNS1=192.168.0.125
3. Use dig command to verify the dns information..
# dig devi.bhusal.com
if you get problem, ping the server.
# ping devi.
if you still get issue resolve your ip issue and dns issue second.
How to add swap space on linux
What is swap space
Swap space is used when the amount of physical memory on the system is full. Paging is the process of moving of inactive pages in memory to the swap space. Swap help you to cope up with shortage of RAM but you better increase your physical memory (RAM) on the system. Swap space can be a dedicated swap partition or swap files. When you build the system you have to consider adding better chunk of dedicated swap partition. The size of the swap partition is calculated using the formula below.
Lets say:
M = Amount of RAM in GB, and
S = Amount of swap in GB, then
If M < 2 then
S = M *2
else
S = M + 2
so, if a system has 2 GB of physical RAM then the recommended swap on the system is 4 GB.
If the system with 3 GB of physical RAM would have 5 GB of swap space. Swap space is used when the amount of physical memory (RAM) is full and the pages are start transferring to the swap.
----------------------------------------------------
Sometime you need to add extra swap due to the application and other service need extra space। There are two ways you can add swap space on the system।
I. Add a swap device/file on the system.
1. Using the disk partition as a swap device
2. Using a file as a swap space.
1. Disk partition as a swap space.
If you are planning to use disk partition as a swap space, create a new partition (fdisk /dev/sdb) as a swap file system and add a device as a swap device.
a. Lets say you have a new partition called /dev/sdb1. It is as a swap partition.
# mkswap /dev/sdb1
b. enable your partition
# swapon /dev/sdb1
c. Verify your swap is added to the system.
# swapon -s
# free -k
# cat /proc/swaps
----------------------------------------------------
2. Using a file as a swap space.
a. Display the current swap space on the system using swapon -s or cat /proc/swaps. Out put display in KB in size.
# swapon -s
# cat /proc/swaps
b. Create a swap file using the dd command.
# dd if=/dev/zero of=/path_to_file/meroswap bs=1m count=1024
# dd if=/dev/zero of=/export/meroswap bs=1m count=1024
The above command creates 1GB of file. Note the bs and count values.
# dd of=/dev/zero of=/path_to_file/meroswap bs=1024 count=1048578
# dd of=/dev/zero of=/export/merofile bs=1024 count=1048578
The above command also creates 1gb of file. The block size is 1024 bytes
Note: If you want to have a size in block other then human readable format like mb then you can use the formula below.
If the 512 mb of space multiply by 1024 to make it in block (512*1024=524288)
if you want 1gb (1024mb) multiply by 1024 to get in block (1024*1024=1048576)
Note: bs=bytes and count=blocks (bs=block size)
- You cannot use the cp (copy) command to create a swap file because the swap file must be physically continuous on the hard drive.
- Verify you have enough space on your file system before creating swap file.
c. Make the file as a swap file using the mkswap command. Verify the permission to access by root only.
# mkswap /path_to_file/meroswap
# mkswap /export/meroswap
# chmod 600 /export/meroswap
d. Enable the swap file.
# swapon /export/meroswap
e. Verify your swap space is added successfully and available for use by usingcat /proc/swaps or free command.
# swapon -s
# cat /proc/swaps
# free -k
II. Make it permanent across the reboot.
To make this permanent across the reboot, add an entry to your /etf/fstab.
/dev/sda1 swap swap defaults 0 0
/export/meroswap swap swap defaults 0 0
III. Removing a Swap File
a. Disable the swap file.
# swapoff -v /export/meroswap
b. Remove the entry from /etc/fstab.
/export/meroswap swap swap defaults 0 0
c. Remove the file
# rm /export/meroswap
Note: The output of the swapon -s command under partition displace the swap area if that is a partition or a file.
Swap space is used when the amount of physical memory on the system is full. Paging is the process of moving of inactive pages in memory to the swap space. Swap help you to cope up with shortage of RAM but you better increase your physical memory (RAM) on the system. Swap space can be a dedicated swap partition or swap files. When you build the system you have to consider adding better chunk of dedicated swap partition. The size of the swap partition is calculated using the formula below.
Lets say:
M = Amount of RAM in GB, and
S = Amount of swap in GB, then
If M < 2 then
S = M *2
else
S = M + 2
so, if a system has 2 GB of physical RAM then the recommended swap on the system is 4 GB.
If the system with 3 GB of physical RAM would have 5 GB of swap space. Swap space is used when the amount of physical memory (RAM) is full and the pages are start transferring to the swap.
----------------------------------------------------
Sometime you need to add extra swap due to the application and other service need extra space। There are two ways you can add swap space on the system।
I. Add a swap device/file on the system.
1. Using the disk partition as a swap device
2. Using a file as a swap space.
1. Disk partition as a swap space.
If you are planning to use disk partition as a swap space, create a new partition (fdisk /dev/sdb) as a swap file system and add a device as a swap device.
a. Lets say you have a new partition called /dev/sdb1. It is as a swap partition.
# mkswap /dev/sdb1
b. enable your partition
# swapon /dev/sdb1
c. Verify your swap is added to the system.
# swapon -s
# free -k
# cat /proc/swaps
----------------------------------------------------
2. Using a file as a swap space.
a. Display the current swap space on the system using swapon -s or cat /proc/swaps. Out put display in KB in size.
# swapon -s
# cat /proc/swaps
b. Create a swap file using the dd command.
# dd if=/dev/zero of=/path_to_file/meroswap bs=1m count=1024
# dd if=/dev/zero of=/export/meroswap bs=1m count=1024
The above command creates 1GB of file. Note the bs and count values.
# dd of=/dev/zero of=/path_to_file/meroswap bs=1024 count=1048578
# dd of=/dev/zero of=/export/merofile bs=1024 count=1048578
The above command also creates 1gb of file. The block size is 1024 bytes
Note: If you want to have a size in block other then human readable format like mb then you can use the formula below.
If the 512 mb of space multiply by 1024 to make it in block (512*1024=524288)
if you want 1gb (1024mb) multiply by 1024 to get in block (1024*1024=1048576)
Note: bs=bytes and count=blocks (bs=block size)
- You cannot use the cp (copy) command to create a swap file because the swap file must be physically continuous on the hard drive.
- Verify you have enough space on your file system before creating swap file.
c. Make the file as a swap file using the mkswap command. Verify the permission to access by root only.
# mkswap /path_to_file/meroswap
# mkswap /export/meroswap
# chmod 600 /export/meroswap
d. Enable the swap file.
# swapon /export/meroswap
e. Verify your swap space is added successfully and available for use by usingcat /proc/swaps or free command.
# swapon -s
# cat /proc/swaps
# free -k
II. Make it permanent across the reboot.
To make this permanent across the reboot, add an entry to your /etf/fstab.
/dev/sda1 swap swap defaults 0 0
/export/meroswap swap swap defaults 0 0
III. Removing a Swap File
a. Disable the swap file.
# swapoff -v /export/meroswap
b. Remove the entry from /etc/fstab.
/export/meroswap swap swap defaults 0 0
c. Remove the file
# rm /export/meroswap
Note: The output of the swapon -s command under partition displace the swap area if that is a partition or a file.
Subscribe to:
Posts (Atom)