1. Password change and password policy on Linux
a. To change the user pw, at the prompt, use password command followed by user id.
# passwd bhusal # you have to enter password twice.
b. force password change upon first login,
# chage -d 0 bhusal # -d is for days, so 0 (zero) means today, right now.
c. Check the following files for passowrd policies.
# more /etc/login.defs # for Password aging info
# more /etc/pam.d/system-auth # for pw length, case info.
-------------------------------------
2. Password change and password policy on Solaris.
a. To change the pw, use the passwd command followed by userid
# passwd bhusal
b. Force the password upon first login.
# passwd -f bhusal # -f will force password to change upon first login.
c. For password policy, check the following two files,
/etc/default/login
/etc/default/passwd
d. If there is an issue with login, you can also check the following files,
/etc/passwd
/etc/shadow (account locked?)
e. Also check,
/etc/ssh/sshd-config
/etc/ssh/ssh-config
Thursday, December 29, 2011
Friday, December 23, 2011
What is YUM ? How to configure a yum repository?
What is YUM (Yellow dog Updater, Modified) Package Manager?
YUM (Yellow dog Updater, Modified") is an RPM-based package management application for Linux based operating systems. A package is
usually a software application. YUM normally comes bundled with many Linux distributions. YUM downloads software from repositories
over the network, either on the local network or over the Internet. The repositories are organized in such a way that they can be
found by the YUM client.YUM checks for package dependencies and downloads the packages and installs them.
Benefit of using YUM
- Automatic checks the software dependencies.
- it is available on command line as well on graphical interface program.
How Create a local YUM repository
Configure a yum local repository to be able to access via HTTP on Red Hat?
How do I configure a yum local repository to be able to access a DVD ISO via HTTP on Red Hat Enterprise Linux?
Setting up yum is very easy. Either server or client
Just use the following template.
Requirement, You will need repo location: /opt/RH6.3/Packages
For client, ip address and shared location (for nfs)
Note: create a file with extension .repo at /etc/yum.repos.d/
------------------------------------------------
[base] ==> just name anything you want
name=My Redhat Repo ==> just name the repo
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
gpgcheck=0
------------------------------------------------
Plan:
Package needed on server,
httpd
yum
createrepo
Package on client
yum
A. Copy the Red Hat DVD ISO image or DVD copy on the local Repository server.
a. Create a dir in the Document Root named yum/iso
# mkdir -p /var/www/html/yum/iso
b. mount the iso or cdrom and copy the content.
# mount -o loop /RHELX-DVD.iso /var/www/html/yum/iso
# cp -r /path_of_cdrom/Packages/* /var/www/html/yum/
# cd /var/www/html/yum
# which createrepo
/usr/bin/createrepo
or
# rpm –qa | grep createrepo
If you its not installed, install it.
# yum install createrepo
# createrepo .
or
# createrepo /var/www/html/yum/
# ls -l /var/www/html/yum/repodata/
# yum clean all
B. Create a file /etc/yum.repos.d/my.repo with following info.
# cat /etc/yum.repos.d/my.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
enabled=1
gpgcheck=0
3. Share with httpd by making sure you have lines like these in your /etc/httpd/conf/httpd.conf file:
ServerAdmin root@192.168.0.155
DocumentRoot /var/www/html
ServerName 192.168.0.155
(Where 192.168.0.155 is the local Repository server)
# httpd -t
# service httpd start or
# /etc/init.d/httpd start
[ ---------------------------
if http is not installed?
# yum install httpd
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start or
# service httpd start
---------------------------- ]
4. Client side configuration:
# vi /etc/yum.repos.d/my.repo
[RH51-Server]
name= RHEL5 repository
baseurl=http://192.168.0.155/yum
# baseurl=file:///var/www/html/yum
enabled=1
gpgcheck=0
Note: If the repository is not needed to update the repository server itself, file_name.repo is not required on the local repository server.
5. Verify from client:
# yum list
OR
# yum update
# yum search httpd - search
# yum install httpd - install
# yum remove httpd - remove
YUM (Yellow dog Updater, Modified") is an RPM-based package management application for Linux based operating systems. A package is
usually a software application. YUM normally comes bundled with many Linux distributions. YUM downloads software from repositories
over the network, either on the local network or over the Internet. The repositories are organized in such a way that they can be
found by the YUM client.YUM checks for package dependencies and downloads the packages and installs them.
Benefit of using YUM
- Automatic checks the software dependencies.
- it is available on command line as well on graphical interface program.
How Create a local YUM repository
Configure a yum local repository to be able to access via HTTP on Red Hat?
How do I configure a yum local repository to be able to access a DVD ISO via HTTP on Red Hat Enterprise Linux?
Setting up yum is very easy. Either server or client
Just use the following template.
Requirement, You will need repo location: /opt/RH6.3/Packages
For client, ip address and shared location (for nfs)
Note: create a file with extension .repo at /etc/yum.repos.d/
------------------------------------------------
[base] ==> just name anything you want
name=My Redhat Repo ==> just name the repo
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
gpgcheck=0
------------------------------------------------
Plan:
Package needed on server,
httpd
yum
createrepo
Package on client
yum
A. Copy the Red Hat DVD ISO image or DVD copy on the local Repository server.
a. Create a dir in the Document Root named yum/iso
# mkdir -p /var/www/html/yum/iso
b. mount the iso or cdrom and copy the content.
# mount -o loop /RHELX-DVD.iso /var/www/html/yum/iso
# cp -r /path_of_cdrom/Packages/* /var/www/html/yum/
# cd /var/www/html/yum
# which createrepo
/usr/bin/createrepo
or
# rpm –qa | grep createrepo
If you its not installed, install it.
# yum install createrepo
# createrepo .
or
# createrepo /var/www/html/yum/
# ls -l /var/www/html/yum/repodata/
# yum clean all
B. Create a file /etc/yum.repos.d/my.repo with following info.
# cat /etc/yum.repos.d/my.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///path_to_repo_Location
# baseurl=http://IP_Address/yum
enabled=1
gpgcheck=0
3. Share with httpd by making sure you have lines like these in your /etc/httpd/conf/httpd.conf file:
ServerAdmin root@192.168.0.155
DocumentRoot /var/www/html
ServerName 192.168.0.155
(Where 192.168.0.155 is the local Repository server)
# httpd -t
# service httpd start or
# /etc/init.d/httpd start
[ ---------------------------
if http is not installed?
# yum install httpd
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start or
# service httpd start
---------------------------- ]
4. Client side configuration:
# vi /etc/yum.repos.d/my.repo
[RH51-Server]
name= RHEL5 repository
baseurl=http://192.168.0.155/yum
# baseurl=file:///var/www/html/yum
enabled=1
gpgcheck=0
Note: If the repository is not needed to update the repository server itself, file_name.repo is not required on the local repository server.
5. Verify from client:
# yum list
OR
# yum update
# yum search httpd - search
# yum install httpd - install
# yum remove httpd - remove
Monday, December 19, 2011
How to reset Locked user account password on RedH
If user tries multiple attempt to login to the server, account will be locked. Using password command will not work. So you can use pam_tally2 command to see the failed attempts.
# pam_tally2 --reset --user clanty
Login Failures Latest failure From
clanty 50 12/19/11 14:24:53 166.155.22.55
# passwd -u clanty
# passwd clanty
# chage -d 0 clanty # force user to change pw.
# pam_tally2 --reset --user clanty
Login Failures Latest failure From
clanty 50 12/19/11 14:24:53 166.155.22.55
# passwd -u clanty
# passwd clanty
# chage -d 0 clanty # force user to change pw.
Friday, December 16, 2011
Adding more space to linux (Redhat) with lvm
Adding more space to linux (Redhat) with lvm
Scan for new Luns.
echo "- - -" > /sys/class/scsi_host/host0/scan
Create partition as usual for the new disk discovered.
$ fdisk /dev/sdb
Create physical volume.
$ pvcreate /dev/sdb1
Create volume group using the physical volume if a volume group doesn’t already exist.
$ vgcreate pool0 /dev/sdb1
If adding space to an already existing volume group, add the physical volume to it.
$ vgextend pool0 /dev/sdb1
Activate the volume group if it isn’t already.
$ vgchange –a y pool0
Create a logical volume in the volume group.
$ lvcreate –L 60g –n opt pool0
Create a filesystem on the logical volume as normally done.
$ mkfs.ext3 –L /opt /dev/pool0/opt
Mount the new filesystem.
$ mount /dev/pool0/opt /opt
Scan for new Luns.
echo "- - -" > /sys/class/scsi_host/host0/scan
Create partition as usual for the new disk discovered.
$ fdisk /dev/sdb
Create physical volume.
$ pvcreate /dev/sdb1
Create volume group using the physical volume if a volume group doesn’t already exist.
$ vgcreate pool0 /dev/sdb1
If adding space to an already existing volume group, add the physical volume to it.
$ vgextend pool0 /dev/sdb1
Activate the volume group if it isn’t already.
$ vgchange –a y pool0
Create a logical volume in the volume group.
$ lvcreate –L 60g –n opt pool0
Create a filesystem on the logical volume as normally done.
$ mkfs.ext3 –L /opt /dev/pool0/opt
Mount the new filesystem.
$ mount /dev/pool0/opt /opt
Friday, December 9, 2011
Setting up data and time on Redhat
Now, Lets talk about the class requirement,
Pre-requisites:
1. Laptop with 4 GB or 6 GB of memory and at least 250 GB of disk space.
2. VMware or Virtual Box already installed on the system
a. Download from
- vmware.com
- virtualbox.org
3. Go to Centos.org and download latest version of centos.
4. If you can't install it, at least complete registration part and download the software before come to class.
5. All readings and LAB exercise are due before start of the class.
6. Feel free to ask question at the beginning of the class or at the end of the class. Please respect other folks while asking questions.
7. Please turn off your phone while in class. If you are expecting a call, let the class know.
Date and Time Configuration
A. Using tools
1. Using Date/Time Properties Tool
To open the tool:-
Click on System --> Administration --> Date & Time from the top panel
or
type system-config-date command at a shell prompt
# system-config-date
2. Using Network Time Protocol
If you are using the tool, on the date and time properties windows,
check the box "Synchronize date and time over the network and add the ntp servers on the box.
To set up time zone, click on time zone tab and select your time zone info.
B. Using Commands
# date +%D -s YYYY-MM-DD
# date +%D -s 2011-11-25
eg: YYYY is a four-digit year, MM a two-digit month, and DD a two-digit day of the month
# date +%T -s HH:MM:SS
# date +%T -s 22:11:00 # Sets the time 10:11 PM.
Here, HH stands for an hour, MM-minute, and SS-second, all in a two-digit form.(24 hour time)
If your system clock is set to use UTC (Coordinated Universal Time)
# date +%T -s HH:MM:SS -u
to set the system clock to 10:11 PM using the UTC,
# date +%T -s 22:11:00 -u
Just to display the current date and time,
# date
C. Setting up Network Time Protocol
ntp helps you to synchronize the system clock with the remote host over the network.
1. Find out if ntp server you selected is available/accessible to use .
# ntpdate -q server_address
# ntpdate -q 0.north-america.pool.ntp.org
2. Sync your time with ntp server
# ntpdate server_address
# ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org
3. To enable it across the reboot.
# chkconfig ntpdate on
4. If sync is keep failing on boot, add an entry to /etc/sysconfig/network
NETWORKWAIT=1
hOW TO SET UP NTP USING /ETC/NTP.CONF FILE
1. Edit the file /etc/ntp.conf and the ntp server entry.
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
For the initial sync, add iburst directive at the end of the each server line
eg:
server 0.north-america.pool.ntp.org iburst
2. Add the following entry on /etcntp.conf file,
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
This gives unrestricted access to localhost only.
3. Now restart the ntp
# service ntpd restart
4. Enable ntpd daemon @boot time
# chkconfig ntpd on
============================================
Adding date and time on history command in linux
The out put of history command is :
632 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 ls -l /export/home/kbhusal/mytar.tar
634 tar -tvf /export/home/kbhusal/mytar.tar
635 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 ls -l /export/home/kbhusal/mytar.tar
637 tar -tvf /export/home/kbhusal/mytar.tar
638 pwd
639 cd ..
640 ./scripts.ksh
If you want to know when that command was run, add the value for one environment variable, you are good to see out put with time stamp.
# export HISTTIMEFORMAT='%F %T ' or
# export HISTTIMEFORMAT='%F %T '
Where,
%F - sets year/month/day
%T - sets the time
Note: Add extra space after T to have a more white space between time and command field.
632 2011-12-02 15:42:09 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 2011-12-02 15:42:29 ls -l /export/home/kbhusal/mytar.tar
634 2011-12-02 15:43:56 tar -tvf /export/home/kbhusal/mytar.tar
635 2011-12-02 15:44:18 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 2011-12-02 15:44:22 ls -l /export/home/kbhusal/mytar.tar
637 2011-12-02 15:44:32 tar -tvf /export/home/kbhusal/mytar.tar
638 2011-12-02 15:44:34 pwd
639 2011-12-02 15:44:35 cd ..
640 2011-12-02 15:44:37 ./scripts.ksh
to make it permanent across the reboot, add the entry to the profile file or the user specific profile file.
Append the variable to .bash_profile on users home directory.
# echo "export HISTTIMEFORMAT='%F %T '" >> ~kbhusal/.bash_profile
To make it effective to all users, add it to the profile file..
# echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile
Pre-requisites:
1. Laptop with 4 GB or 6 GB of memory and at least 250 GB of disk space.
2. VMware or Virtual Box already installed on the system
a. Download from
- vmware.com
- virtualbox.org
3. Go to Centos.org and download latest version of centos.
4. If you can't install it, at least complete registration part and download the software before come to class.
5. All readings and LAB exercise are due before start of the class.
6. Feel free to ask question at the beginning of the class or at the end of the class. Please respect other folks while asking questions.
7. Please turn off your phone while in class. If you are expecting a call, let the class know.
Date and Time Configuration
A. Using tools
1. Using Date/Time Properties Tool
To open the tool:-
Click on System --> Administration --> Date & Time from the top panel
or
type system-config-date command at a shell prompt
# system-config-date
2. Using Network Time Protocol
If you are using the tool, on the date and time properties windows,
check the box "Synchronize date and time over the network and add the ntp servers on the box.
To set up time zone, click on time zone tab and select your time zone info.
B. Using Commands
# date +%D -s YYYY-MM-DD
# date +%D -s 2011-11-25
eg: YYYY is a four-digit year, MM a two-digit month, and DD a two-digit day of the month
# date +%T -s HH:MM:SS
# date +%T -s 22:11:00 # Sets the time 10:11 PM.
Here, HH stands for an hour, MM-minute, and SS-second, all in a two-digit form.(24 hour time)
If your system clock is set to use UTC (Coordinated Universal Time)
# date +%T -s HH:MM:SS -u
to set the system clock to 10:11 PM using the UTC,
# date +%T -s 22:11:00 -u
Just to display the current date and time,
# date
C. Setting up Network Time Protocol
ntp helps you to synchronize the system clock with the remote host over the network.
1. Find out if ntp server you selected is available/accessible to use .
# ntpdate -q server_address
# ntpdate -q 0.north-america.pool.ntp.org
2. Sync your time with ntp server
# ntpdate server_address
# ntpdate 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org
3. To enable it across the reboot.
# chkconfig ntpdate on
4. If sync is keep failing on boot, add an entry to /etc/sysconfig/network
NETWORKWAIT=1
hOW TO SET UP NTP USING /ETC/NTP.CONF FILE
1. Edit the file /etc/ntp.conf and the ntp server entry.
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
For the initial sync, add iburst directive at the end of the each server line
eg:
server 0.north-america.pool.ntp.org iburst
2. Add the following entry on /etcntp.conf file,
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
This gives unrestricted access to localhost only.
3. Now restart the ntp
# service ntpd restart
4. Enable ntpd daemon @boot time
# chkconfig ntpd on
============================================
Adding date and time on history command in linux
The out put of history command is :
632 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 ls -l /export/home/kbhusal/mytar.tar
634 tar -tvf /export/home/kbhusal/mytar.tar
635 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 ls -l /export/home/kbhusal/mytar.tar
637 tar -tvf /export/home/kbhusal/mytar.tar
638 pwd
639 cd ..
640 ./scripts.ksh
If you want to know when that command was run, add the value for one environment variable, you are good to see out put with time stamp.
# export HISTTIMEFORMAT='%F %T ' or
# export HISTTIMEFORMAT='%F %T '
Where,
%F - sets year/month/day
%T - sets the time
Note: Add extra space after T to have a more white space between time and command field.
632 2011-12-02 15:42:09 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" -exec tar -cvf /export/home/kbhusal/mytar.tar {} \;
633 2011-12-02 15:42:29 ls -l /export/home/kbhusal/mytar.tar
634 2011-12-02 15:43:56 tar -tvf /export/home/kbhusal/mytar.tar
635 2011-12-02 15:44:18 find ./ -type f -mtime -15 -mtime +7 -name "logs.*" | xargs tar -cvf /export/home/kbhusal/mytar.tar
636 2011-12-02 15:44:22 ls -l /export/home/kbhusal/mytar.tar
637 2011-12-02 15:44:32 tar -tvf /export/home/kbhusal/mytar.tar
638 2011-12-02 15:44:34 pwd
639 2011-12-02 15:44:35 cd ..
640 2011-12-02 15:44:37 ./scripts.ksh
to make it permanent across the reboot, add the entry to the profile file or the user specific profile file.
Append the variable to .bash_profile on users home directory.
# echo "export HISTTIMEFORMAT='%F %T '" >> ~kbhusal/.bash_profile
To make it effective to all users, add it to the profile file..
# echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile
Subscribe to:
Posts (Atom)