Thursday, December 29, 2011

How to change user password on Linux/Solaris and also see password policy

1. Password change and password policy on Linux

a. To change the user pw, at the prompt, use password command followed by user id.
# passwd bhusal # you have to enter password twice.

b. force password change upon first login,
# chage -d 0 bhusal # -d is for days, so 0 (zero) means today, right now.

c. Check the following files for passowrd policies.

# more /etc/login.defs # for Password aging info
# more /etc/pam.d/system-auth # for pw length, case info.

-------------------------------------


2. Password change and password policy on Solaris.

a. To change the pw, use the passwd command followed by userid
# passwd bhusal

b. Force the password upon first login.
# passwd -f bhusal # -f will force password to change upon first login.

c. For password policy, check the following two files,

/etc/default/login
/etc/default/passwd

d. If there is an issue with login, you can also check the following files,

/etc/passwd
/etc/shadow (account locked?)

e. Also check,
/etc/ssh/sshd-config
/etc/ssh/ssh-config

Friday, December 23, 2011

What is YUM ? How to configure a yum repository?

What is YUM (Yellow dog Updater, Modified) Package Manager?


YUM (Yellow dog Updater, Modified") is an RPM-based package management application for Linux based operating systems. A package is

usually a software application. YUM normally comes bundled with many Linux distributions. YUM downloads software from repositories

over the network, either on the local network or over the Internet. The repositories are organized in such a way that they can be

found by the YUM client.YUM checks for package dependencies and downloads the packages and installs them.

Benefit of using YUM

- Automatic checks the software dependencies.
- it is available on command line as well on graphical interface program.


How Create a local YUM repository


Configure a yum local repository to be able to access via HTTP on Red Hat?

How do I configure a yum local repository to be able to access a DVD ISO via HTTP on Red Hat Enterprise Linux?

Setting up yum is very easy. Either server or client
Just use the following template.

Requirement, You will need repo location: /opt/RH6.3/Packages
For client, ip address and shared location (for nfs)
Note: create a file with extension .repo at /etc/yum.repos.d/
------------------------------------------------
[base]  ==> just name anything you want
name=My Redhat Repo  ==> just name the repo
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
gpgcheck=0
------------------------------------------------

Plan:
Package needed on server,

httpd
yum
createrepo

Package on client
yum

A. Copy the Red Hat DVD ISO image or DVD copy on the local Repository server.

a. Create a dir in the Document Root named yum/iso
# mkdir -p /var/www/html/yum/iso

b. mount the iso or cdrom and copy the content.
# mount -o loop /RHELX-DVD.iso /var/www/html/yum/iso
# cp -r /path_of_cdrom/Packages/* /var/www/html/yum/

# cd /var/www/html/yum
# which createrepo
/usr/bin/createrepo
or
# rpm –qa | grep createrepo

If you its not installed, install it.
# yum install createrepo

# createrepo .
or
# createrepo /var/www/html/yum/
# ls -l /var/www/html/yum/repodata/
# yum clean all

B. Create a file /etc/yum.repos.d/my.repo with following info.
# cat /etc/yum.repos.d/my.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
enabled=1
gpgcheck=0


3. Share with httpd by making sure you have lines like these in your /etc/httpd/conf/httpd.conf file:

ServerAdmin root@192.168.0.155
DocumentRoot /var/www/html
ServerName 192.168.0.155

(Where 192.168.0.155 is the local Repository server)

# httpd -t
# service httpd start or
# /etc/init.d/httpd start

[ ---------------------------
if http is not installed?

# yum install httpd
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start or
# service httpd start
---------------------------- ]

4. Client side configuration:
# vi /etc/yum.repos.d/my.repo

[RH51-Server]
name= RHEL5 repository
baseurl=http://192.168.0.155/yum
# baseurl=file:///var/www/html/yum
enabled=1
gpgcheck=0

Note: If the repository is not needed to update the repository server itself, file_name.repo is not required on the local repository server.

5. Verify from client:
# yum list
OR
# yum update

# yum search httpd - search
# yum install httpd - install
# yum remove httpd - remove

Monday, December 19, 2011

How to reset Locked user account password on RedH

If user tries multiple attempt to login to the server, account will be locked. Using password command will not work. So you can use pam_tally2 command to see the failed attempts.


# pam_tally2 --reset --user clanty
Login Failures Latest failure From
clanty 50 12/19/11 14:24:53 166.155.22.55


# passwd -u clanty
# passwd clanty
# chage -d 0 clanty # force user to change pw.

Friday, December 16, 2011

Adding more space to linux (Redhat) with lvm

Adding more space to linux (Redhat) with lvm


Scan for new Luns.


echo "- - -" > /sys/class/scsi_host/host0/scan

Create partition as usual for the new disk discovered.
$ fdisk /dev/sdb

Create physical volume.
$ pvcreate /dev/sdb1

Create volume group using the physical volume if a volume group doesn’t already exist.
$ vgcreate pool0 /dev/sdb1

If adding space to an already existing volume group, add the physical volume to it.
$ vgextend pool0 /dev/sdb1

Activate the volume group if it isn’t already.
$ vgchange –a y pool0

Create a logical volume in the volume group.
$ lvcreate –L 60g –n opt pool0

Create a filesystem on the logical volume as normally done.

$ mkfs.ext3 –L /opt /dev/pool0/opt

Mount the new filesystem.

$ mount /dev/pool0/opt /opt

Friday, December 9, 2011

Setting up data and time on Redhat

Now, Lets talk about the class requirement,
Pre-requisites:
1. Laptop with 4 GB or 6 GB of memory and at least 250 GB of disk space.
2. VMware or Virtual Box already installed on the system
   a. Download from
 - vmware.com
 - virtualbox.org
3. Go to Centos.org and download latest version of centos.
4. If you can't install it, at least complete registration part and download the software before come to class.
5. All readings and LAB exercise are due before start of the class.
6. Feel free to ask question at the beginning of the class or at the end of the class. Please respect other folks while asking questions.
7. Please turn off your phone while in class. If you are expecting a call, let the class know.




Date and Time Configuration

A. Using tools

1. Using Date/Time Properties Tool

To open the tool:-
Click on System --> Administration --> Date & Time from the top panel

or
type system-config-date command at a shell prompt
# system-config-date

2. Using Network Time Protocol

If you are using the tool, on the date and time properties windows,
check the box "Synchronize date and time over the network and add the ntp servers on the box.

To set up time zone, click on time zone tab and select your time zone info.


B. Using Commands

# date +%D -s YYYY-MM-DD
# date +%D -s 2011-11-25
eg: YYYY is a four-digit year, MM a two-digit month, and DD a two-digit day of the month


# date +%T -s HH:MM:SS
# date +%T -s 22:11:00 # Sets the time 10:11 PM.
Here, HH stands for an hour, MM-minute, and SS-second, all in a two-digit form.(24 hour time)

If your system clock is set to use UTC (Coordinated Universal Time)
# date +%T -s HH:MM:SS -u

to set the system clock to 10:11 PM using the UTC,

# date +%T -s 22:11:00 -u


Just to display the current date and time,
# date


C. Setting up Network Time Protocol

ntp helps you to synchronize the system clock with the remote host over the network.

1. Find out if ntp server you selected is available/accessible to use .
# ntpdate -q server_address
# ntpdate -q 0.north-america.pool.ntp.org

2. Sync your time with ntp server
# ntpdate server_address
# ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org

3. To enable it across the reboot.
# chkconfig ntpdate on

4. If sync is keep failing on boot, add an entry to /etc/sysconfig/network
NETWORKWAIT=1


hOW TO SET UP NTP USING /ETC/NTP.CONF FILE

1. Edit the file /etc/ntp.conf and the ntp server entry.

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org


For the initial sync, add iburst directive at the end of the each server line
eg:
server 0.north-america.pool.ntp.org iburst

2. Add the following entry on /etcntp.conf file,

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1

This gives unrestricted access to localhost only.

3. Now restart the ntp
# service ntpd restart

4. Enable ntpd daemon @boot time
# chkconfig ntpd on


============================================

Adding date and time on history command in linux

The out put of history command is :

632 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 ls -l /export/home/kbhusal/mytar.tar
634 tar -tvf /export/home/kbhusal/mytar.tar
635 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 ls -l /export/home/kbhusal/mytar.tar
637 tar -tvf /export/home/kbhusal/mytar.tar
638 pwd
639 cd ..
640 ./scripts.ksh

If you want to know when that command was run, add the value for one environment variable, you are good to see out put with time stamp.

# export HISTTIMEFORMAT='%F %T ' or
# export HISTTIMEFORMAT='%F %T '
Where,
%F - sets year/month/day
%T - sets the time
Note: Add extra space after T to have a more white space between time and command field.

632 2011-12-02 15:42:09 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 2011-12-02 15:42:29 ls -l /export/home/kbhusal/mytar.tar
634 2011-12-02 15:43:56 tar -tvf /export/home/kbhusal/mytar.tar
635 2011-12-02 15:44:18 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 2011-12-02 15:44:22 ls -l /export/home/kbhusal/mytar.tar
637 2011-12-02 15:44:32 tar -tvf /export/home/kbhusal/mytar.tar
638 2011-12-02 15:44:34 pwd
639 2011-12-02 15:44:35 cd ..
640 2011-12-02 15:44:37 ./scripts.ksh


to make it permanent across the reboot, add the entry to the profile file or the user specific profile file.

Append the variable to .bash_profile on users home directory.
# echo "export HISTTIMEFORMAT='%F %T '" >> ~kbhusal/.bash_profile

To make it effective to all users, add it to the profile file..

# echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile