Monday, December 23, 2013

Adding new service to chkconfig

Adding new script to managed by chkconfig

We had a request to put a job to start at run level 3 but when we copied the script to the /etc/init.d directory ( which is a link from /etc/rc.d/init.d/ ) but chkconfig did not recognize.
# chkconfig --add  mlabpadm  # returned
Service does not support chkconfig
The script looks,
[root@hostlnx init.d]# more mlabpadm
#!/bin/sh
case $1 in
   "start") /opt/matlab/etc/lmstart 2>/dev/null;;
   "stop") /opt/matlab/etc/lmdown 2>/dev/null;;
esac

To add this script to run automatically to run level 3, I can create S script on rc3.d but it should be managed by chkconfig.
To make it work, we have to supply the chkconfig values, like what run level you want to display and what priority you want to start/shutdown.

[root@hostlnx init.d]# more mlabpadm
#!/bin/sh
# chkconfig: 345 98 15
# description: This script will stop and starts the metlab
# processname: It starts the lm process
case $1 in
   "start") /opt/matlab/etc/lmstart 2>/dev/null;;
   "stop") /opt/matlab/etc/lmdown 2>/dev/null;;
esac



# chkconfig --list | grep mlabpadm
mlabpadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off

# chkconfig --list mlabpadm
mlabpadm        0:off   1:off   2:off   3:on    4:on    5:on    6:off


To remove a service from chkconfig management
# chkconfig --del servicename


Source: http://linux.about.com/library/cmd/blcmdl8_chkconfig.htm
RUNLEVEL FILES
 Each service which should be manageable by chkconfig needs two or more commented lines added to its init.d script. The first line tells chkconfig what runlevels the service should be started in by default, as well as the start and stop priority levels. If the service should not, by default, be started in any runlevels, a - should be used in place of the runlevels list. The second line contains a description for the service, and may be extended across multiple lines with backslash continuation.

For example, random.init has these three lines:
# chkconfig: 2345 20 80
# description: Saves and restores system entropy pool for \
#              higher quality random number generation.
 This says that the random script should be started in levels 2, 3, 4, and 5, that its start priority should be 20, and that its stop priority should be 80. You should be able to figure out what the description says; the \ causes the line to be continued. The extra space in front of the line is ignored.

http://serverfault.com/questions/384556/whats-the-difference-between-chkconfig-on-vs-chkconfig-add
Posted by at No comments:

Wednesday, December 18, 2013

Set up LDAP client and autofs

 LDAP - Light Weight Directory Access Protocol

Package Name:  Directory Client and openldap-clients

a. It provides centralized authentication for user
b. It uses TCP/IP Port 389
c. Service it starts is: sssd

How to set up client
Note: Make sure to set up yum repo.

# yum groupinstall "Directory Client" -y
# yum install openldap-clients -y
# authconfig-gtk (GUI)
  ldap :// sama.expanor.local
  Certificate: http://sama.expanor.local/yum/CA/ca.crt
  Auth : LDAP Password
  Apply
# chkconf sssd on
# ldapsearch -x -ZZ        -    to search for LDAP users
# getent passwd ldapuser       - to get details of LDAP user
# su - ldapuser10            - Switch to LDAP user

Set up autofs

# yum install autofs -y
# vi /etc/auto.master
  Insert mode
  /lhome    /etc/auto.ldap       

Note: /lhome=predefined directory avilable in LDAP server

# vi /etc/auto.ldap
  ldapuser    -rw    host.domain.com:/lhome/ldapuser
        OR
  *        -rw   host.domain.com:/lhome/&          
Note: & at the end mean to share everything in /lhomedirectory

Restart the autofs
# service autofs stop
# service autofs start
# chkconf autofs on
Posted by at No comments:

LVM: how to know if a logical volume is striped, linear or mirrored


How do you find if a volume is linear , striped or mirrored?”
[root@centos ~]# lvs -a -o segtype,devices,lv_name,vg_name
Type Devices LV VG
linear /dev/sda2(0) rootvol rootvg
linear /dev/sda2(5825) swapvol rootvg
linear /dev/sdc1(128) alevol testvg
striped /dev/sdc1(0),/dev/sdb2(0) testvol testvg
Posted by at No comments:

Cron job and Crontab entry

Crontab.

- It is used for job Scheduling
- Service name - crond

To disable user using the crontab, add entry to /etc/cron.deny file.
# vi /etc/cron.deny
  username

# service crond restart

To test if user is denied, switch to that user
# su - user
$ crontab -e
 Error is displayed [Not allowed]


Run a job at cron. Schedule to run at 10 PM for user jay
Note: either become user jay or do as root.

$ crontab -e
or
# crontab -e -u jay
  [*=mm, *=hh, *=dd, *=mm, *=Week]
00 22 * * * /bin/echo "Hello World"  >>/var/tmp/mycron
01 22 * * * /bin/date  >>/var/tmp/mycron  
  :wq

Create a cron job that restarts the server at 11:58 PM

# crontab -e
  58 23 * * * /sbin/init 6
  :wq
# service crond restart (in case to verify)

Posted by at No comments:

Tuesday, December 10, 2013

Find active ip address on the networ..

 I thought nmap will give you all the active hosts on the network but it was not working. I tried it but finally found it that the host I was working was natted.. lol...


[devi@localhost ~]$ for i in `seq 0  256`
> do
> ping 192.168.10. $i
> done







[devi@localhost ~]$ for i in `seq 2 256`; do ping 192.168.10.$i ; done
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
64 bytes from 192.168.10.2: icmp_seq=1 ttl=128 time=7.40 ms
64 bytes from 192.168.10.2: icmp_seq=2 ttl=128 time=0.800 ms
64 bytes from 192.168.10.2: icmp_seq=3 ttl=128 time=0.903 ms






[devi@localhost ~]$ for i in `seq 1 256`
> do
> echo $i
> done
1
2
3
4



[root@localhost ~]# nmap
-bash: nmap: command not found
[root@localhost ~]# yum search nmap
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel-repository                        

[root@localhost ~]# yum install nmap
Loaded plugins: product-id,


Resolving Dependencies
--> Running transaction check
---> Package nmap.i686 2:5.51-2.el6 will be installed
--> Finished Dependency Resolution

[root@localhost ~]# more /etc/yum.repos.d/file.repo
##!/bin/bash
[rhel-repository]
name=rhel.myrepo
#baseurl=http://192.168.10.32/yum
baseurl=file:///opt/OS_Image
enabled=1
gpgcheck=0

[root@localhost ~]# nmap -sP 192.168.10.1/24

Starting Nmap 5.51 ( http://nmap.org ) at 2013-12-10 19:52 PST
Nmap scan report for 192.168.10.0
Host is up (0.013s latency).
Nmap scan report for 192.168.10.1
Host is up (0.0023s latency).
Nmap scan report for 192.168.10.2


[root@localhost ~]# arp -an
? (192.168.179.254) at 00:50:56:f8:39:53 [ether] on eth0
? (192.168.179.1) at 00:50:56:c0:00:08 [ether] on eth0
? (192.168.179.2) at 00:50:56:f9:55:21 [ether] on eth0
[root@localhost ~]#
Posted by at No comments:

Thursday, December 5, 2013

Checking the HBA card on the server if it is communicating with storage device.


Q. Following complain got from storage team.
HBA cards on the Hosts dcapplx202 is not logged in to the switch dc2sansw55. Looks like either cable or card has a problem.
The WWN of the HBA card that's not logged in is 10000000c99eab1c.

Solution,
Run the systool command and see if the link shows down. If it is down, go to datacenter if you can easily access or ask someone on remote site to check it for you.
Check the value of port_state, if you see port_state = "Linkdown" then cable might be loose or might not be connected correctly.

[root@dcapplx202 ~]# systool -c fc_host -v
Class = "fc_host"
  Class Device = "host3"
  Class Device path = "/sys/class/fc_host/host3"
    active_fc4s         = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 "
    fabric_name         = "0x0"
    issue_lip           = <store method only>
    maxframe_size       = "2048 bytes"
    node_name           = "0x20000000c99eab1c"
    port_id             = "0x019000"
    port_name           = "0x10000000c99eab1c"
    port_state          = "Linkdown"
    port_type           = "Unknown"
    speed               = "unknown"
    supported_classes   = "Class 3"
    supported_fc4s      = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 "
    supported_speeds    = "2 Gbit, 4 Gbit, 8 Gbit"
    tgtid_bind_type     = "wwpn (World Wide Port Name)"
    uevent              = <store method only>
    Device = "host3"
    Device path = "/sys/devices/pci0000:00/0000:00:04.0/0000:17:00.0/0000:18:02.                                                                                                                     0/0000:22:00.0/host3"
      uevent              = <store method only>

  Class Device = "host4"
  Class Device path = "/sys/class/fc_host/host4"
    active_fc4s         = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 "
    fabric_name         = "0x100000051eb60f80"
    issue_lip           = <store method only>
    maxframe_size       = "2048 bytes"
    node_name           = "0x20000000c99e1c96"
    port_id             = "0x019000"
    port_name           = "0x10000000c99e1c96"
    port_state          = "Online"
    port_type           = "NPort (fabric via point-to-point)"
    speed               = "8 Gbit"
    supported_classes   = "Class 3"
    supported_fc4s      = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x0                                                                                                                     0 0x00 0x00 0x00 0x00 0x00 "
    supported_speeds    = "2 Gbit, 4 Gbit, 8 Gbit"
    tgtid_bind_type     = "wwpn (World Wide Port Name)"
    uevent              = <store method only>
    Device = "host4"
    Device path = "/sys/devices/pci0000:00/0000:00:04.0/0000:17:00.0/0000:18:01.                                                                                                                     0/0000:25:00.0/host4"
      uevent              = <store method only>

[root@dcapplx202 ~]#
Posted by at No comments:

Thursday, October 3, 2013

Configure network service on your system.

Configure network service on your system.
You can configure your network setting using DHCP or Static.

A. DHCP Configuration

# vi  /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="dhcp"
HWADDR="C8:60:00:DD:B8:E6"
NM_CONTROLLED="yes"
ONBOOT="yes"

or for wireless set up,

[root@my32GB ~]# vi /etc/sysconfig/network-scripts/ifcfg-wlan0
DEVICE="wlan0"
BOOTPROTO="dhcp"
HWADDR="94:DB:C9:B4:D9:7B"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="58c295da-67d8-4a85-8b0b-ee126775e3a9"


B. Assigning Static IP address
DEVICE="eth0"
IPADDR=192.168.10.125
NETMASK=255.255.255.0
HWADDR="C8:60:00:DD:B8:E6"
NM_CONTROLLED="yes"
ONBOOT="yes"
DNS1=192.168.10.1

# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sama.expanor.com
GATEWAY=192.168.10.1

Restart network service.
# service network restart
Posted by at No comments:

LUKS partition on Redhat 6.4

Configure a LUKS Encrypted Partition Redhat 6.4

1. Check to see if dm_crypt module is loaded on the system.
[root@my32GB ~]# lsmod | grep crypt
[root@my32GB ~]#

No value is returned so crypt module is not installed.

2. Load the module
[root@my32GB ~]# modprobe dm_crypt
[root@my32GB ~]# lsmod | grep crypt
dm_crypt               13022  0
dm_mod                 81692  3 dm_crypt,dm_mirror,dm_log
[root@my32GB ~]#

Configure to load the module across the reboot, create a simple script.

# vi /etc/sysconfig/modules/dm_crypt.modules

#!/bin/sh
modprobe dm_crypt

wq !
save the file at /etc/sysconfig/modules/dm_crypt.modules

# chmod 755 /etc/sysconfig/modules/dm_crypt.modules


3. Create a new partition
/dev/sdc ==>> /dev/sdc1

# dd if=/dev/zero of=/dev/sdc1 bc=512 count=10

Note: You don't have to use this option

4. Now, format the partition with encription
# cryptsetup luksFormat /dev/sdc1

Enter the pw:

Note: Please remember the pw.

5. Open the just formated partition
# cryptsetup luksOpen /dev/sdc1 myLuksFS

Enter your pw, you just created

6. device link is created to /dev/mapper as /dev/mapper/myLuksFS

Now, get the UUID of the device.
# cryptsetup luksUUID /dev/sdc1
ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC

You will see the return value. Note the value.

Now create a FS with type of your choice.
# mkfs.ext4 /dev/mapper/myLuksFS

7. Create a mount point and mount it.
# mkdir /myLuksFS
# mount /dev/mapper/myLuksFS /myLuksFS

8. To make it persistent across the reboot,  add entry to /etc/crypttab

# vi /etc/crupttab

myLuksFS    UUID=ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC

or
myLuksFS    /dev/sdc1

wq!

Note: Remember, you have to enter your password each time you reboot the system.
Make sure to have console connection while rebooting the system.

To open the encrypted volume enter the command,
# cryptsetup luksOpen /dev/sdc1 myLuksFS

9. Add entry to /etc/fstab
# vi /etc/fstab

/dev/mapper/myLuksFS    /myLuksFS    ext4    defaults    1    2

This will make sure that it mounts on reboot.



http://www.linuxexplorers.com/2012/03/how-to-configure-a-luks-encrypted-partition-in-red-hat-enterprise-linux-rhel-rhcsa-objective/

Posted by at No comments:

Tuesday, September 24, 2013

Install and configure VNC server on Redhat/CEntOS 6.x

Install and configure VNC server on Redhat/CEntOS 6.x

1. Install VNC server (Make sure your yum repo is set up).
# yum groupinstall Desktop
# yum install tigervnc-server
# yum install xorg-x11-fonts-Type1
# chkconfig vncserver on

2. Configure VNC access for each user.
# vi /etc/sysconfig/vncservers

VNCSERVERS="2:jay 3:dev 4:sam"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"

VNCSERVERARGS[3]="-geometry 800x600 -nolisten tcp -localhost"

VNCSERVERARGS[4]="-geometry 1024x600"

........ so on...

or

VNCSERVERS="2:jay"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
VNCSERVERS="3:dev"
VNCSERVERARGS[3]="-geometry 800x600 -nolisten tcp -localhost"
VNCSERVERS="4:sam"
VNCSERVERARGS[4]="-geometry 1024x600"



Note:
- session 2 for Jay and session 3 for dev user is configured with screen size 800x600.
- If you don't specify nolisten and localhost option, you have to open a VNC port on firewall.
- With the use of these options, you will be using secure ssh port 22 with ssh tunel.

3. Create VNC password for users who want to access VNC server.
# su - jay
$ vncpasswd
Password:
Verify:
$
Now, set up vncpassword for rest of the users.

4. Restart VNC server.
# service vncserver status/start/restart

5. Connect to the VNC server.

$ vncviewer sama:2  (sama is a server name; hostname)

Enter your pw, and you should be able to login and session should start.

5.a. Enable firewall

# iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5903,6001:6003 -j ACCEPT
# service iptables save
# service iptables restart
# service vncserver restart

if fails,
kill the vnc server
$ vncserver -kill :2

$ vi .vnc/xstartup

Commentout the entry
#twn &
exec gnome-session &

Restart the VNC server
# service vncserver restart


Note: If the connection to the VNC server is without secure ssh tunnel, you have to configure your firewall to allow this vnc client connection.

If you are connecting VNC server through ssh tunnel

$ vncviewer -via jay@sama localhost:2

Enter your pw, your vnc session will start.

Connecting through your desktop

1. Download and install VNCViewer

http://www.realvnc.com/download/viewer/
http://sourceforge.net/projects/tigervnc/

2. Open the viewer and enter the server name: sama:4
Encription: Prefer off

and connect, it will prompt you for pw, enter your user name and the pw that you created using vncpasswd

3. To kill the VNCServer session,
$ vncserver -kill :4  (kill the session with whatever session that theuser belongs to )
Posted by at No comments:

Tuesday, September 3, 2013

Removing LVM disk


How to remove physical disk from the system and add new LUN
1. List Volume group
# vgs; pvs
2. Remove the device
# vgreduce dbdatavg DB004p1
3. Remove physical device
# pvremove DB004p1
4.



[root@mylnx200 mapper]# vgs
  VG       #PV #LV #SN Attr   VSize   VFree
  dbdatavg   5   2   0 wz--n- 809.17G 304.17G
  dblogvg    5   4   0 wz--n- 505.72G  65.72G
  system     1   3   0 wz--n-  84.44G  52.44G
[root@mylnx200 mapper]# pvs
  PV                 VG       Fmt  Attr PSize   PFree
  /dev/cciss/c0d0p5  system   lvm2 a--   84.44G  52.44G
  /dev/mpath/DB001p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB002p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB003p1 dbdatavg lvm2 a--  202.29G 101.88G
  /dev/mpath/LOG01p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG02p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG03p1 dblogvg  lvm2 a--  101.14G      0
  /dev/mpath/LOG04p1 dblogvg  lvm2 a--  101.14G  63.43G
  /dev/mpath/LOG05p1 dblogvg  lvm2 a--  101.14G      0
  DB004p1            dbdatavg lvm2 a--  101.14G 101.14G
  DB005p1            dbdatavg lvm2 a--  101.14G 101.14G
  DB006p1                     lvm2 a--  101.15G 101.15G
  DB007p1                     lvm2 a--  101.15G 101.15G
  DB008p1                     lvm2 a--  101.15G 101.15G

[root@mylnx200 mapper]# vgreduce  dbdatavg DB004p1
  Removed "DB004p1" from volume group "dbdatavg"
[root@mylnx200 mapper]# vgreduce dbdatavg DB005p1
  Removed "DB005p1" from volume group "dbdatavg"
[root@mylnx200 mapper]# pvremove DB004p1
  Labels on physical volume "DB004p1" successfully wiped
[root@mylnx200 mapper]# pvremove DB005p1
  Labels on physical volume "DB005p1" successfully wiped
[root@mylnx200 mapper]# pvremove DB006p1
  Labels on physical volume "DB006p1" successfully wiped
[root@mylnx200 mapper]# pvremove DB007p1
  Labels on physical volume "DB007p1" successfully wiped
[root@mylnx200 mapper]# pvremove DB008p1
  Labels on physical volume "DB008p1" successfully wiped
[root@mylnx200 mapper]# pvs
  PV                 VG       Fmt  Attr PSize   PFree
  /dev/cciss/c0d0p5  system   lvm2 a--   84.44G  52.44G
  /dev/mpath/DB001p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB002p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB003p1 dbdatavg lvm2 a--  202.29G 101.88G
  /dev/mpath/LOG01p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG02p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG03p1 dblogvg  lvm2 a--  101.14G      0
  /dev/mpath/LOG04p1 dblogvg  lvm2 a--  101.14G  63.43G
  /dev/mpath/LOG05p1 dblogvg  lvm2 a--  101.14G      0

[root@mylnx200 mapper]# pvcreate /dev/mapper/DB004p1
  Writing physical volume data to disk "DB004p1"
  Physical volume "DB004p1" successfully created
[root@mylnx200 mapper]# pvcreate /dev/mapper/DB005p1
  Writing physical volume data to disk "DB005p1"
  Physical volume "DB005p1" successfully created
[root@mylnx200 mapper]# pvcreate /dev/mapper/DB006p1
  Writing physical volume data to disk "DB006p1"
  Physical volume "DB006p1" successfully created
[root@mylnx200 mapper]# pvs
  PV                 VG       Fmt  Attr PSize   PFree
  /dev/cciss/c0d0p5  system   lvm2 a--   84.44G  52.44G
  /dev/mpath/DB001p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB002p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB003p1 dbdatavg lvm2 a--  202.29G 101.88G
  /dev/mpath/LOG01p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG02p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG03p1 dblogvg  lvm2 a--  101.14G      0
  /dev/mpath/LOG04p1 dblogvg  lvm2 a--  101.14G  63.43G
  /dev/mpath/LOG05p1 dblogvg  lvm2 a--  101.14G      0
  DB004p1                     lvm2 a--  101.15G 101.15G
  DB005p1                     lvm2 a--  101.15G 101.15G
  DB006p1                     lvm2 a--  101.15G 101.15G
[root@mylnx200 mapper]# pvcreate /dev/mapper/DB007p1
  Writing physical volume data to disk "DB007p1"
  Physical volume "DB007p1" successfully created
[root@mylnx200 mapper]# pvcreate /dev/mapper/DB008p1
  Writing physical volume data to disk "DB008p1"
  Physical volume "DB008p1" successfully created
[root@mylnx200 mapper]# pvs
  PV                 VG       Fmt  Attr PSize   PFree
  /dev/cciss/c0d0p5  system   lvm2 a--   84.44G  52.44G
  /dev/mpath/DB001p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB002p1 dbdatavg lvm2 a--  202.29G      0
  /dev/mpath/DB003p1 dbdatavg lvm2 a--  202.29G 101.88G
  /dev/mpath/LOG01p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG02p1 dblogvg  lvm2 a--  101.14G   1.14G
  /dev/mpath/LOG03p1 dblogvg  lvm2 a--  101.14G      0
  /dev/mpath/LOG04p1 dblogvg  lvm2 a--  101.14G  63.43G
  /dev/mpath/LOG05p1 dblogvg  lvm2 a--  101.14G      0
  DB004p1                     lvm2 a--  101.15G 101.15G
  DB005p1                     lvm2 a--  101.15G 101.15G
  DB006p1                     lvm2 a--  101.15G 101.15G
  DB007p1                     lvm2 a--  101.15G 101.15G
  DB008p1                     lvm2 a--  101.15G 101.15G
[root@mylnx200 mapper]#
Posted by at No comments:

Friday, May 24, 2013

List open files

List open files on linux

[root@he3lxvd596 /]# lsof | grep "/opt/dev" | more
startWebL  6310     appdata    1w      appdata              253,3      8467     310344 /opt/dev/mf/MSIRR/MSIRRDevDomain/startAServer.log (deleted)
startWebL  6310     appdata    2w      appdata              253,3      8467     310344 /opt/dev/mf/MSIRR/MSIRRDevDomain/startAServer.log (deleted)
startWebL  6349  mfstmgr2    1w      appdata              253,3     18025     310345 /opt/dev/mf/MarsIL/MarsILPerfDomain/startAServer.log (deleted)
startWebL  6349  mfstmgr2    2w      appdata              253,3     18025     310345 /opt/dev/mf/MarsIL/MarsILPerfDomain/startAServer.log (deleted)
java       6485     appdata    1w      appdata              253,3      8467     310344 /opt/dev/mf/MSIRR/MSIRRDevDomain/startAServer.log (deleted)
java       6485     appdata    2w      appdata              253,3      8467     310344 /opt/dev/mf/MSIRR/MSIRRDevDomain/startAServer.log (deleted)
java       6485     appdata  268w      appdata              253,3    349683     310505 /opt/dev/mf/MSIRR/MSIRRDevDomain/MSIRRDevAServer/MSIRRDevAServer.log
java       6485     appdata  281w      appdata              253,3         0     310346 /opt/dev/mf/MSIRR/MSIRRDevDomain/MSIRRDevAServer/access.log (deleted)
java       6486  mfstmgr2    1w      appdata              253,3     18025     310345 /opt/dev/mf/MarsIL/MarsILPerfDomain/startAServer.log (deleted)
java       6486  mfstmgr2    2w      appdata              253,3     18025     310345 /opt/dev/mf/MarsIL/MarsILPerfDomain/startAServer.log (deleted)
java       6486  mfstmgr2  264w      appdata              253,3    647581     326406 /opt/dev/mf/MarsIL/MarsILPerfDomain/MarsILPerfAServer/MarsILPerfAServer.log
java       6486  mfstmgr2  288w      appdata              253,3         0     326414 /opt/dev/mf/MarsIL/MarsILPerfDomain/MarsILPerfAServer/access.log (deleted)
startMana  7214     appdata    1w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
startMana  7214     appdata    2w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
startWebL  7220     appdata    1w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
startWebL  7220     appdata    2w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
java       7272     appdata    1w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
java       7272     appdata    2w      appdata              253,3     40554     310347 /opt/dev/mf/MSIRR/MSIRRDevDomain/startMSIRRDevMServer1.log (deleted)
java       7272     appdata  270w      appdata              253,3    339779     310594 /opt/dev/mf/MSIRR/MSIRRDevDomain/MSIRRDevMServer1/MSIRRDevMServer1.log
java       7272     appdata  287w      appdata              253,3         0     310349 /opt/dev/mf/MSIRR/MSIRRDevDomain/MSIRRDevMServer1/access.log (deleted)
java       7272     appdata  290r      appdata              253,3     78395     310223 /opt/dev/mf/MSIRR/MSIRRDevDomain/log4j_invrpt.log
startMana 11820  mfstmgr2    1w      appdata              253,3   5156320     310272 /opt/dev/mf/MarsIL/MarsILPerfDomain/startMarsILPerfMServer1.log
startMana 11820  mfstmgr2    2w      appdata              253,3   5156320     310272 /opt/dev/mf/MarsIL/MarsILPerfDomain/startMarsILPerfMServer1.log
--More--
Posted by at No comments:

Thursday, April 25, 2013

Rsync:- sing rsync for migration


rsync on the same server,
tested on Linux
-n, --dry-run - perform a trial run with no changes made

rsync --avx --dry-run --exclude=/lost+found/ /opt/satle/ /opt/satle/ 2>&1>/var/tmp/myrsynclog.out &
/usr/bin/rsync -avx --exclude=/lost+found/ /opt/satle/ /opt/satle/ 2>&1 >/var/tmp/rsync_oracle1.out &

To different host
tested on solaris,
#!/bin/ksh
/usr/bin/rsync -logtprz --exclude-from=/var/tmp/rsync.exclude --progress --rsync-path="sudo rsync" --rsh='ssh -l jay' /opt/satle/ jay@sama:/opt/satle/
/usr/bin/rsync -logtprz --exclude-from=/var/tmp/rsync.exclude --progress --rsync-path="sudo rsync" --rsh='ssh -l jay' /opt/satle/ jay@sama:/opt/satle/
Include the directories that you don't want to rsync.
# cat var/tmp/rsync.exclude
/myexcldir/
/myedir/
Posted by at No comments:

Friday, March 22, 2013

File Encryption with GPG

File Encryption with GPG

1. Installation and generating public/private key pair
Encription method:
It uses asysmmetric encription, what that mean is encription is using a matched pair of encripted
private and public keys. They are mathmetically created algorithm at the same time. The public
key is given to the end user who wants to have a secure transfer of information with the creator
of the public key. End user encript the information with the public key and sends over the
network on the other end where ower of the key will decript the information using his/her private
key. Sometimes, owner can use symetric key (kind of password) to create a public key where end
user has to use it while encripting the messag/file.
Package need to install
crypto-util
Create users and install packages

a. login as a root and create three accounts.
# useradd jay; useradd surya;useradd chandra

b. Install crypto-util paclage
# yum install crypt* -y

c. Now, log out and login as jay and generate a key using pgp -gen-key command.
$ gpg --gen-key
Note: gpg can create different types of keypairs.
just go through and select the default options for practice.

d. List your keys
$ gpg -list-keys

e. Export your public key
$ pgp -armor -export >/var/tmp/jay.key
Note: public key extention should be .key
f. Now, login as a user surya and import the public key generated by Jay.
$ gpg -import /tmp/jay.key; gpg -list-keys

2. Encripting/decripting a file.
Plan: now, surya will encript a file using jay's public key and jay will decript the message that surya sends to jay using the private key.
a. Encript your file.
$ tail -2000 /var/log/messages >/var/tmp/myfile.txt
b. Now, encript the file myfile.txt with jay's public key.
$ gpg -encript -armor -recipient jay@sama.expanor.local myfile.txt

just follow the prompt and your message is encripted.the extenstion is now myfile.txt.asc.
now, copy the message file with proper permission so that jay can access it.

c. login as user jay and decript the message. It will prompt you for password.
$ gpg -decrypt myfile.txt.asc
d. Now, login as chandra and see if you can read the message.
Of course you can't read it because you are now the owner of the private key and you don't have it. to encript the message, you should be owner or should have private key to decript the key.
 
Posted by at No comments:

Sunday, March 17, 2013

Route add on Linux (Redhat)

Route add on Linux

1. Adding route the network.
# route add -net network/mask gw default_gateway

# route add -net 192.168.10.0/24 gw 192.168.10.1

2. Using default gateway
# route add default gw default_gateway

# route add default gw 192.168.0.1

3. Add a route to a specific host
# route add -host hostname gw default_gateway

# rotue add -host 192.168.0.8 gw 192.168.0.1

4. Delete a route
# route del -network network/subnet default-gateway

# route del -net 192.168.10.0/24 gw 192.168.10.1

5. Delete the default gateway
# route del default gw default-gatway

# route del default gw 192.168.0.1

6. Remove a specific host from routing table
#route del -host ip-add gw default-gateway

# route del -host 192.168.0.8 gw 192.168.0.1

7. Print your routing table
# netstat -rn
# ip route

Note: Use -p flag on your route command to make the route permanent or add entry to /etc/sysconfig/static-routes.

-----------------------------------------------------------

Configuring a Network Interface Using ifcfg Files

Interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-name, where the suffix name refers to the name of the device that the configuration file controls. By convention, the ifcfg file's suffix is the same as the string given by the DEVICE directive in the configuration file itself.

Static Network Settings

To configure an interface with static network settings using ifcfg files, for an interface with the nameeth0, create a file with name ifcfg-eth0 in the /etc/sysconfig/network-scripts/ directory as follows:
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
PREFIX=24
IPADDR=10.0.1.27
Optionally specify the hardware or MAC address using the HWADDR directive. Note that this may influence the device naming procedure as explained in Chapter 8, Consistent Network Device Naming. You do not need to specify the network or broadcast address as this is calculated automatically byipcalc.

Dynamic Network Settings

To configure an interface with dynamic network settings using ifcfg files, for an interface with nameem1, create a file with name ifcfg-em1 in the /etc/sysconfig/network-scripts/ directory as follows:
DEVICE=em1
BOOTPROTO=dhcp
ONBOOT=yes
Optionally specify the hardware or MAC address using the HWADDR directive. Note that this may influence the device naming procedure as explained in Chapter 8, Consistent Network Device Naming.
To configure an interface to send a different host name to the DHCP server, add the following line to the ifcfg file.
DHCP_HOSTNAME=hostname
To configure an interface to ignore routes sent by a DHCP server, add the following line to the ifcfg file.
PEERDNS=no
This will prevent network service from updating /etc/resolv.conf with the DNS servers received from a DHCP server.
To configure an interface to use particular DNS servers, set PEERDNS=no as described above and add lines as follows to the ifcfg file:
DNS1=ip-address
DNS2=ip-address
where ip-address is the address of a DNS server. This will cause the network service to update /etc/resolv.conf with the DNS servers specified.
NetworkManager will by default call the DHCP client, dhclient, when a profile has been set to obtain addresses automatically, or when an interface configuration file has BOOTPROTO set to dhcp. Where DHCP is required, an instance of dhclient is started for every Internet protocol, IPv4 and IPv6, on an interface. Where NetworkManager is not running, or not managing an interface, then the legacy network service will call instances of dhclient as required.

Configuring a DHCP Client

2.4.2. Configuring a Network Interface Using ip Commands

The ip utility can be used to assign IP addresses to an interface. The command takes the following form:
ip addr [ add | del ] address dev ifname

 Assigning a Static Address Using ip Commands

To assign an IP address to an interface, issue a command as root as follows:
~]# ip address add 10.0.0.3/24 dev eth0
The address assignment of a specific device can be viewed as follows:
~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/24 brd 10.0.0.255 scope global global eth0
       valid_lft 58682sec preferred_lft 58682sec
    inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link 
       valid_lft forever preferred_lft forever
Further examples and command options can be found in the ip-address(8) manual page.

 Configuring Multiple Addresses Using ip Commands

As the ip utility supports assigning multiple addresses to the same interface it is no longer necessary to use the alias interface method of binding multiple addresses to the same interface. The ip command to assign an address can be repeated multiple times in order to assign multiple address. For example:
~]# ip address add 192.168.2.223/24 dev eth1
~]# ip address add 192.168.4.223/24 dev eth1
~]# ip addr
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:fb:77:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.223/24 scope global eth1
    inet 192.168.4.223/24 scope global eth1
The commands for the ip utility are documented in the ip(8) manual page.
NOTE
ip commands given on the command line will not persist after a system restart.

2.4.3. Static Routes and the Default Gateway

Static routes are for traffic that must not, or should not, go through the default gateway. Routing is often handled by devices on the network dedicated to routing (although any device can be configured to perform routing). Therefore, it is often not necessary to configure static routes on Red Hat Enterprise Linux servers or clients. Exceptions include traffic that must pass through an encrypted VPN tunnel or traffic that should take a specific route for reasons of cost or security. The default gateway is for any and all traffic which is not destined for the local network and for which no preferred route is specified in the routing table. The default gateway is traditionally a dedicated network router.

 Configuring Static Routes Using the Command Line

If static routes are required, they can be added to the routing table by means of the ip route addcommand and removed using the ip route del command. The more frequently used ip routecommands take the following form:
ip route [ add | del | change | append | replace ] destination-address
See the ip-route(8) man page for more details on the options and formats.
Use the ip route command without options to display the IP routing table. For example:
~]$ ip route
default via 192.168.122.1 dev ens9  proto static  metric 1024
192.168.122.0/24 dev ens9  proto kernel  scope link  src 192.168.122.107
192.168.122.0/24 dev eth0  proto kernel  scope link  src 192.168.122.126
To add a static route to a host address, in other words to a single IP address, issue a command as root:
ip route add 192.0.2.1 via 10.0.0.1 [dev ifname]
Where 192.0.2.1 is the IP address of the host in dotted decimal notation, 10.0.0.1 is the next hop address and ifname is the exit interface leading to the next hop.
To add a static route to a network, in other words to an IP address representing a range of IPaddresses, issue the following command as root:
ip route add 192.0.2.0/24 via 10.0.0.1 [dev ifname]
where 192.0.2.0 is the IP address of the destination network in dotted decimal notation and /24 is the network prefix. The network prefix is the number of enabled bits in the subnet mask. This format of network address slash network prefix length is sometimes referred to as classless inter-domain routing(CIDR) notation.
Static route configuration can be stored per-interface in a /etc/sysconfig/network-scripts/route-interface file. For example, static routes for theeth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file. The route-interface file has two formats: ip command arguments and network/netmask directives. These are described below.
See the ip-route(8) man page for more information on the ip route command.

 Configuring The Default Gateway

The default gateway is determined by the network scripts which parse the /etc/sysconfig/networkfile first and then the network interface ifcfg files for interfaces that are up. The ifcfg files are parsed in numerically ascending order, and the last GATEWAY directive to be read is used to compose a default route in the routing table.
The default route can thus be indicated by means of the GATEWAY directive and can be specified either globally or in interface-specific configuration files. Specifying the gateway globally has certain advantages in static networking environments, especially if more than one network interface is present. It can make fault finding simpler if applied consistently.
In dynamic network environments, where mobile hosts are managed by NetworkManager, gateway information is likely to be interface specific and is best left to be assigned by DHCP. In special cases where it is necessary to influence NetworkManager's selection of the exit interface to be used to reach a gateway, make use of the DEFROUTE=no command in the ifcfg files for those interfaces which do not lead to the default gateway.
Global default gateway configuration is stored in the /etc/sysconfig/network file. This file specifies gateway and host information for all network interfaces. .

2.4.4. Configuring Static Routes in ifcfg files

Static routes set using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure static routes to be persistent after a system restart, they must be placed in per-interface configuration files in the /etc/sysconfig/network-scripts/ directory. The file name should be of the format route-ifname. There are two types of commands to use in the configuration files; ip commands as explained in Section 2.4.4.1, “Static Routes Using the IP Command Arguments Format” and the Network/Netmask format as explained in Section 2.4.4.2, “Network/Netmask Directives Format”.

2.4.4.1. Static Routes Using the IP Command Arguments Format

If required in a per-interface configuration file, for example /etc/sysconfig/network-scripts/route-eth0, define a route to a default gateway on the first line. This is only required if the gateway is not set via DHCP and is not set globally in the /etc/sysconfig/network file:
default via 192.168.1.1 dev interface
where 192.168.1.1 is the IP address of the default gateway. The interface is the interface that is connected to, or can reach, the default gateway. The dev option can be omitted, it is optional. Note that this setting takes precedence over a setting in the /etc/sysconfig/network file.
If a route to a remote network is required, a static route can be specified as follows. Each line is parsed as an individual route:
10.10.10.0/24 via 192.168.1.1 [dev interface]
where 10.10.10.0/24 is the network address and prefix length of the remote or destination network. The address 192.168.1.1 is the IP address leading to the remote network. It is preferably the next hop address but the address of the exit interface will work. The next hop means the remote end of a link, for example a gateway or router. The dev option can be used to specify the exit interface interface but it is not required. Add as many static routes as required.
The following is an example of a route-interface file using the ip command arguments format. The default gateway is 192.168.0.1, interface eth0 and a leased line or WAN connection is available at 192.168.0.10. The two static routes are for reaching the 10.10.10.0/24 network and the 172.16.1.10/32 host:
default via 192.168.0.1 dev eth0
10.10.10.0/24 via 192.168.0.10 dev eth0
172.16.1.10/32 via 192.168.0.10 dev eth0
In the above example, packets going to the local 192.168.0.0/24 network will be directed out the interface attached to that network. Packets going to the 10.10.10.0/24 network and 172.16.1.10/32 host will be directed to 192.168.0.10. Packets to unknown, remote, networks will use the default gateway therefore static routes should only be configured for remote networks or hosts if the default route is not suitable. Remote in this context means any networks or hosts that are not directly attached to the system.
Specifying an exit interface is optional. It can be useful if you want to force traffic out of a specific interface. For example, in the case of a VPN, you can force traffic to a remote network to pass through a tun0 interface even when the interface is in a different subnet to the destination network.
IMPORTANT
If the default gateway is already assigned by DHCP and if the same gateway with the same metric is specified in a configuration file, an error during start-up, or when bringing up an interface, will occur. The follow error message may be shown: "RTNETLINK answers: File exists". This error may be ignored.

2.4.4.2. Network/Netmask Directives Format

You can also use the network/netmask directives format for route-interface files. The following is a template for the network/netmask format, with instructions following afterwards:
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.1.1
  • ADDRESS0=10.10.10.0 is the network address of the remote network or host to be reached.
  • NETMASK0=255.255.255.0 is the netmask for the network address defined with ADDRESS0=10.10.10.0.
  • GATEWAY0=192.168.1.1 is the default gateway, or an IP address that can be used to reach ADDRESS0=10.10.10.0
The following is an example of a route-interface file using the network/netmask directives format. The default gateway is 192.168.0.1 but a leased line or WAN connection is available at 192.168.0.10. The two static routes are for reaching the 10.10.10.0/24 and 172.16.1.0/24networks:
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.10
ADDRESS1=172.16.1.10
NETMASK1=255.255.255.0
GATEWAY1=192.168.0.10
Subsequent static routes must be numbered sequentially, and must not skip any values. For example, ADDRESS0ADDRESS1ADDRESS2, and so on.

2.4.5. Configuring a VPN

IPsec, provided by Libreswan, is the preferred method for creating a VPN in Red Hat Enterprise Linux 7. Configuring an IPsec VPN using the command line is documented in the Red Hat Enterprise Linux 7 Security Guide.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Using_the_Command_Line_Interface.html
Posted by at No comments:
Subscribe to: Posts (Atom)