Friday, May 29, 2015

Service, serving the nation

Service, serving the nation

Relationship between co-worker

Relationship between co-worker

Working Environment

Working Environment

Mental strategy

Mental strategy

Business ideas

Business ideas

Process Flow

Process Flow

CyberArk - Account Creation

go to cyber ark web page
go to accounts
search the host and if no result, add account,

go through the requested doc and under device type operating system.
under address: pick accouring to the request


username: cyberark
also create other accounts based on requirement

enter the default pw and hit save

now click on verify

Once verified, go back to main page. search and click on account
click on change and click on change pw - the first option.
now cyber ark will take control of the password change stuffs

Wednesday, May 27, 2015

Copy files from remote server


$ echo arplnxsje25 | while read host; do echo $host; scp -q -o ConnectTimeout=3 $host:/etc/passwd /tmp/$host.pw;  scp -q -o ConnectTimeout=3  $host:/etc/group /tmp/$host.gp; done

ssh options
-q -o ConnectTimeout=3 -t

Security+:- md5 check sum

Checking file integrity with md5.

On Windows machine

1. Create a directory on your windows machine
C:\Users\sam\Desktop\md5>

2. Download the md5sum application from internet.eg,
https://www.microsoft.com/en-us/download/details.aspx?id=11533

3. Create a myhashFile.txt file and add the content "Testing md5 checksum with the utility!!!"
4. Now run the md5 application to genetate the hashing algorithm.

C:\Users\sam\Desktop\md5>dir

05/27/2015  11:40 AM    <DIR>          .
05/27/2015  11:40 AM    <DIR>          ..
05/13/2004  01:26 PM            84,784 fciv.exe
05/27/2015  11:44 AM                42 myhashFile.txt
05/13/2004  01:26 PM             3,627 ReadMe.txt
               3 File(s)         88,468 bytes
               2 Dir(s)  420,039,544,832 bytes free


C:\Users\sam\Desktop\md5>fciv.exe myhashFile.txt
0c4e7e7f69128d826092ed20d4fecf5a myhashfile.txt

You can run multiple time to compare the output but you will find the same result.

5. Now, edit a file and add some extra content say "I modify file"
type notepad myhashfile.txt and it will open notepad.

Re-run the md5 check command.

C:\Users\sam\Desktop\md5>fciv.exe myhashFile.txt
264e9b0f8e37ded3b39e38b6695b658c myhashfile.txt

Now, the output is different than the previous one.

This is tell you if file/data is modify somewhere while downloading ..

On Linux

Just run the md5 command followed by a file name
$ md5sum createUser.sh
4fca82ac747f49b968828087de061f20  createUser.sh

Tuesday, May 26, 2015

RHEL - How to generate a crash dump on Redhat

How to generate a crash dump on Redhat


1. Install following Packages
# rpm -qa | grep -i dump # kdump must be installed.
# yum install kexec-tools crash kernel-debuginfo kernel-debuginfo-common system-config-kdump

2. Edit the /boot/grub/grub.conf
on the kernel line on /boot/grub/grub.conf file, append crashkernel=512M@256M

kernel /vmlinuz-2.6.32-504.1.3.el6.x86_64 .....  crashkernel=512M@256M

or

If you are on GUI
Run the command system-config-kdumpIn and on target settings tab, select the appropriate path and the partition value
Click apply and reboot the system.

3. Modify the config file /etc/kdump.conf to specify the dump location.

# more /etc/kdump.conf
path /opt/crash
core_collector makedumpfile -c --message-level 1 -d 31
default reboot

4. Restart the kdump service
# chkconfig kdump on
# service kdump stop/start
It will create new kdump boot image..

5. Reboot the server
# reboot

6. Core will be generated but may take time to complete.

Locate the core
# echo c > /proc/sysrq-trigger

7. Analyze the core
# ls /var/crash
# ls -l /opt/crash/127.0.0.1-2015-05-08-09\:24\:46/vmcore
# crash ls -l /opt/crash/127.0.0.1-2015-05-08-09\:24\:46/vmcore /usr/lib/debug/lib/modules/`uname -r`/vmlinux

Available Commands:
crash> help
crash> sys
crash> bt -a
crash> mod
crash> log

do man crash for more info..
crash> sys

Starting a new project?

Starting a new job? prepare your questions


1. Network design and server segregation
2. Servers and applications and their functionality in brief?
3. task involvement, what are the repeated task we face on day to day basis
4. Collaboration between the teams. any other team we may work, if we do , what is the process…
5. Team meetings, training and guidance like discuss with issues and findings and new technologies …
6. visit co-worker and ask if you have any question about the environment since its little odd to get understand every aspect of the process on day one.

and things like that .. stuffs like that ..

RHEL - system crashed due to memory issue



Server had memory issue and /var fs is full.
/dev/mapper/VolGroup00-volvar   100% /var

Please expand on what you mean by memory issues?

It appears the server suffered a crash and the dump file is generated what caused the /var to fill up.  It appears the creation of the crash dump also caused the memory errors.

=========================================================

mcelog logs hardware related errors on Linux based x86 systems. Mostly this tool is used on physical server and start at boot time (used to be at cron) and runs as a daemon. it can detech hardware error such as system bus errors, CPU error (cache error on processor or hardware) and most importantly memory error (Error Correction code-ECC). Once it detech the error threshold, it can predictively offline memory pages and CPUs  based on the error. If you check the error frequently, you will find the problem before server panic and crash.


Install mcelog
# yum install mcelog

Verify the daemon is running
# mcelog --client
# /etc/init.d/mcelog status
#  service mcelogd status

Dependencies
- Make sure  /dev/mcelog does exists. If not create with mknod command
# mknod /dev/mcelog c 10 227


How to find the error?
- Login to console and run the meclog command which read message from the kernel. Make sure to send output to a file because you can't re-run it see the error.
# /usr/sbin/mcelog >/var/tmp/mymce.log

Check the log
# more /var/log/mcelog
# grep -i "hardware error" /var/log/mcelog
# more /var/log/mcelog
# tail -200 /var/log/mcelog

Put it on cron,
[ $(grep -c "hardware error" /var/log/mcelog) -gt 0 ] && echo "Hardware Error on $(hostname)" | mailx -s "Error on `hostname`" sam@domain.com




Most of the systems are by default set up to dump the log at /var/log/mcelog.

Some commands
mcelog
mcelog --k8
mcelog --k8 --ascii
mcelog --k8 /dev/mcelog
mcelog --ascii /dev/mcelog
mcelog --ascii > changelog.txt
dmesg | grep ADMA
dmesg | grep ata5
vmstat -d


Note: If mcelog running as a daemon, you get the /dev/mcelog output when the MCE actually happens..

More on http://www.mcelog.org/

Fixing Readonly filesystem issue


1. Login to the console
2. On console window, click on Device -> cd/DVD drive1 -> connect to disk image file (iso)
3. Reboot the system (ctrl+alt+del)
4. Click on the middle of the screen (super fast) and press esc to get the boot menu.
5. If you miss this step, reboot the system again.
6. On boot menu list, select cd-rom and press enter to reboot the system off the cdrom.
7. On the boot menu on the cd-rom, select rescue and press enter.
8. Just follow the instruction by pressing the enter key.
9. You will be on shell prompt.
10. Now, mount your system and find your readonly filesystem. (mostly root fs.)
# chroot /mnt/sysimage; df -h /
Note: at this point you can change your root pw if you needed
# mount -o rw,remount /; passwd
11. Exit out off the OS and unmount your system disk
# exit; umount -l /mnt/sysimage
12. fsck all the filesystem to fix the issue.
# fsck -y /dev/rootvg/rootVol
13. Once done, reboot your system.
14. Login and verify if everything is working.

CyberArk - Find password for a user

CyberArk is a password management tool which automatically manages and changes root password.

How to find failed accounts
1. Login to cyberArk
2. Click on accounts from drop down on the left.
3. From Operational Views click on Failed Accounts to find the number of failed accounts.

How to find password for a user
1. Once you login, find the host that you want to look for password for a user.
2. On the right side on search box, enter hostname and click on Go.
3. Click on the account from the result screen.
4. Click on show to see the password. Use this password to login to the system.
5. Once you used this password to login and your task is completed, you have to release it.
6. To release, click on Edit and click on Show Advanced Section at the bottom.
7. Next to the account name, you will see release, just click release to release the pw, so that CyberArk will manage the account.

Backup: DS-User - updating retention policy to 90days

1. Login to DS-user and expand the host.
2. Find the backup set that you want to change the retention value.
3. Right click on Backup set and click on properties
4. Under the Items menu, you will see different direcories.
5. On the left hand column you will see the directories and on the right number.
6. Double click on Max Gen and change from default value of 30 to 90.
7. Change the value for each directory based on your requirement and click ok.
8. Now, you are done. enjoy !!!

Monday, May 25, 2015

Shell Script:- Calculate the sun of the shell output

Read the content
$ cat /tmp/ab
1. apple (70 pieces)
2. Orange (94 pieces)
3. Mango (99 pieces)
4. Pineapple (50 pieces)

Read the content and only copy save the numbers only
$ cat /tmp/ab | awk -F'(' '{print $2}' | awk '{print $1}' >/tmp/b

Add the number
$ awk '{total += $1} end { print total}' /tmp/b
313


Saturday, May 23, 2015

User password reset

Check users failed attempts.
# pam_tally2 --user=sam
Reset the failed counter.
# pam_tally2 --user=sam --reset
Display account status
# passwd -S sam
Test if your syslog is working.
# logger  -p user.notice "Testing to see if it send message to /var/log/messages"

Thursday, May 21, 2015

Fixing ssh issue




[sam@rdujump05 .ssh]$ ssh dmpudb243
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for dmpudb243 has changed,
and the key for the corresponding IP address 192.168.10.118
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5b:03:e0:aa:dd:fd:52:5a:b3:6c:d1:54:3e:73:af:ac.
Please contact your system administrator.
Add correct host key in /home/sam/.ssh/known_hosts to get rid of this message.
Offending key in /home/sam/.ssh/known_hosts:786
RSA host key for dmpudb243 has changed and you have requested strict checking.
Host key verification failed.

[sam@rdujump05 .ssh]$ grep dmpudb243  /home/sam/.ssh/known_hosts
[sam@rdujump05 .ssh]$ ls -la
total 1500
drwx------  2 sam sam      76 May 21 14:55 .
drwx------ 13 sam sam    4096 May 21 14:33 ..
-rw-r--r--  1 sam sam     623 Mar 25 14:05 authorized_keys
-rw-------  1 sam sam     744 Apr 28 11:40 id_dsa
-rw-r--r--  1 sam sam     623 Apr 28 11:40 id_dsa.pub
-rw-r--r--  1 sam sam 1528456 May 21 14:32 known_hosts

[sam@rdujump05 .ssh]$ mv known_hosts known_hosts.1
[sam@rdujump05 .ssh]$ mv id_dsa.pub id_dsa.pub.1
[sam@rdujump05 .ssh]$ mv id_dsa id_dsa.1
[sam@rdujump05 .ssh]$ mv authorized_keys authorized_keys.1

[sam@rdujump05 .ssh]$ ssh dmpudb243
The authenticity of host 'dmpudb243 (192.168.10.118)' can't be established.
RSA key fingerprint is 5b:03:e0:aa:dd:fd:52:5a:b3:6c:d1:54:3e:73:af:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dmpudb243,192.168.10.118' (RSA) to the list of known hosts.
sam@dmpudb243's password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user sam.
Changing password for sam.
(current) UNIX password:
passwd: Authentication token manipulation error
Connection to dmpudb243 closed.

[sam@rdujump05 .ssh]$ ssh dmpudb243
sam@dmpudb243's password:
You are required to change your password immediately (root enforced)
Last login: Thu May 21 14:50:38 2015 from 192.168.10.126
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user sam.
Changing password for sam.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to dmpudb243 closed.

[sam@rdujump05 .ssh]$ ssh dmpudb243
sam@dmpudb243's password:
Last login: Thu May 21 14:51:18 2015 from 192.168.10.126
[sam@dmpudb243 ~]$ pwd
/home/sam

[sam@dmpudb243 ~]$ ls -la
total 20
drwx------   2 sam sam 4096 May 21 14:10 .
drwxr-xr-x. 27 root    root    4096 May 21 14:10 ..
-rw-r--r--   1 sam sam   18 Jul  9  2013 .bash_logout
-rw-r--r--   1 sam sam  176 Jul  9  2013 .bash_profile
-rw-r--r--   1 sam sam  124 Jul  9  2013 .bashrc


[sam@rcrdmdcm01 ~]$ cd .ssh
-bash: cd: .ssh: No such file or directory
[sam@tcecapdAr6cm01 ~]$ logout
Connection to tcecapdar6cm01 closed.
[sam@rdujump05 .ssh]$ pwd
/home/sam/.ssh
[sam@rdujump05 .ssh]$ ls -la
total 1501
drwx------  2 sam sam     102 May 21 14:56 .
drwx------ 13 sam sam    4096 May 21 14:33 ..
-rw-r--r--  1 sam sam     623 Mar 25 14:05 authorized_keys.1
-rw-------  1 sam sam     744 Apr 28 11:40 id_dsa.1
-rw-r--r--  1 sam sam     623 Apr 28 11:40 id_dsa.pub.1
-rw-r--r--  1 sam sam     411 May 21 14:56 known_hosts
-rw-r--r--  1 sam sam 1528456 May 21 14:32 known_hosts.1
[sam@rdujump05 .ssh]$ more known_hosts
tcecapdar6cm01,192.168.10.118 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0sO1uCXuEbl4tjSVe6k3pWVBvMF08OgSSqsQeF9w7jKFYn
4QxstP5nhv1cyK3zIGYgP0wX25wwkgO/MSuwLJ1wAGooy+64eZcGDCKhnQmtm686AJTRjktfTD6zlzPAkJ/Wsaq3ErzYSh2BR4CyrqpoUKnfwC3u
7f0+omTulmoOaLQWit2gcuQYG+NoEHXBo4Ugnu294d2ZaE8PlG7nV3jtv6gm2UPoFHE9M0BhGjiRgQ5/UsVEnPN3Z6Xu2rdnPXcM2guzP7G/ytn9
JYwrUeTaJwOgI+Z/6HAilSeODm8uuoX9Mtmryl3G4xVTMpx0h2yN9thLbICtHlDvfXdEWHfw==
[sam@rdujump05 .ssh]$ nslookup 192.168.10.118
Server:         10.153.156.4
Address:        10.153.156.4#53

118.10.168.192.in-addr.arpa     name = dmpudb243.ecap.cciio.

[sam@rdujump05 .ssh]$ cat known_hosts >>known_hosts
cat: known_hosts: input file is output file
[sam@rdujump05 .ssh]$  more known_hosts
dmpudb243,192.168.10.118 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0sO1uCXuEbl4tjSVe6k3pWVBvMF08OgSSqsQeF9w7jKFYn
4QxstP5nhv1cyK3zIGYgP0wX25wwkgO/MSuwLJ1wAGooy+64eZcGDCKhnQmtm686AJTRjktfTD6zlzPAkJ/Wsaq3ErzYSh2BR4CyrqpoUKnfwC3u
7f0+omTulmoOaLQWit2gcuQYG+NoEHXBo4Ugnu294d2ZaE8PlG7nV3jtv6gm2UPoFHE9M0BhGjiRgQ5/UsVEnPN3Z6Xu2rdnPXcM2guzP7G/ytn9
JYwrUeTaJwOgI+Z/6HAilSeODm8uuoX9Mtmryl3G4xVTMpx0h2yN9thLbICtHlDvfXdEWHfw==
[sam@rdujump05 .ssh]$ cat known_hosts >>known_hosts.1
[sam@rdujump05 .ssh]$ mv known_hosts.2
mv: missing destination file operand after `known_hosts.2'
Try `mv --help' for more information.
[sam@rdujump05 .ssh]$ mv known_hosts known_hosts.2
[sam@rdujump05 .ssh]$ cp -p known_hosts.1 known_hosts
[sam@rdujump05 .ssh]$ ssh dmpudb243
sam@dmpudb243's password:
Last login: Thu May 21 14:52:02 2015 from 192.168.10.126
[sam@dmpudb243 ~]$


Wednesday, May 20, 2015

How to check the status of the backup job?


How to check the status of the backup job?

1. Open DS-User Client application & login with your pc local administrator account
2. Once you login, you will see list of Gateways. login to the gateway with your unix account
3. Once you login in to the gateway, you will see list of ipaddress which are the clients that are managed by this particular gateway.
4. Click on the Logs at the top menu and click on Acivity Log.
5. On activity Log Viewer window, select the following
   - specify the date under From and to
   - Under activity: select backup and click find.

6. You will be presented with the detail description. Click on Description header and it will be ordered by the ip addresses.
7. Expand your result window by clicking on the left bottom icon.
8. Look at the very right side corner, you will see Completion tab.
9. Check with the Completed with error
10. Double click the row to get detail about it.
11. You will see No such file or dir error just ignore it because those might have been deleted by user or system process.
12. Make a note of broken pipes and look for detail. There is a problem with the backup. There might be communication hickup during backup and you got this error. You have to re-run the backup job.
13. Now, close Activity Log windows and find the Backup set where backup is failing.
14. Right click on the backup set and click on Backup now.
15. Click next and finish.
16. You will see the backup status at the bottom of the page.

Remove account from CyberArk

Remove account from CyberArk
- Login to cyberark and search the hostname.
- You will see all the accounts assoicated with the server.
- Click on the account and click delete .
- Continue deleting with refrence to that host and finish all. 

Decommission the server - shutdown and suspend backup

Decommission the server

1. Shutdown the server.
a. wait for confirmation from your retirement team.
b. Make sure your console is working if its physical, in case you have to bring it back.
c. If its solaris, bring the server to OK prompt. Shutdown the Linux server.
d. Based on your server environment, wait 2 weeks to 1 month to 2/3 months.

2. Suspend backup.
i. Retirement team or you may have to inform backup team to suspend the backup.
ii. if you manage backup/restore job (some place you do) then you stop the job.
ii. Here is the step to suspend backup job on DS User backup client
    a. Find the gateway server for the server
-> grep -r "your_retiring_server" gateways.records
 gateway105: Unix-Server\192.168.10.120
    b. Once you know the gateway and the ip address for the backup for that host, login to your DS User client.
    c. Login to the gateway and suspend backup

$ nslookup  nslookup your_retiring_server
Verify the ip address

A. Suspend backup
-> login to gateway and find the host and click + to expand. You will see list of backup sets.
    - Right click on backup sets and click on suspend
    - Again right click on backup set and click on properties and rename the backup set. append ( Decomm YYYY-MM-DD ) to keep track of the retired date in case you needed and click ok.

B. Delete backup set
- Click on backup set to highlight 
- Click on sets on the top menu 
- Click on delete and click on remove backup set
- Click ok and Y to confirm. 

Thursday, May 14, 2015

APT-Advanced Package Tool

APT
APT -  Advanced Package Tool is a command line application tool to handle the installation and removal of software on the Debian based distribution and its variants. APT simplifies the process of managing software on Unix-like computer systems by automating the retrieval, configuration and installation of software packages, either from precompiled files or by compiling source code.

It handles the retrieval, configuration and installation of software packages.
Automatic dependency checking and resolution.
Relies on repositories which are central “stores” of available packages.
Has a myriad of front-ends such as aptitude, Synaptic, Adept.


Repositories
4 Components
Whether or not it supports Free Software Philosophy
- Main – Free software that gets security updates and its fully supported.
- Restricted – Not completely free & partially supported.
- Universe – Snapshot of FOSS world with most any application you can find in the open source world. Variety of licenses.
- Multiverse – Not free and not supported.

Apt examples
Note: root is disabled by default so sudo allows you to run commands with superuser privileges

# apt-get install packagename – installs software package
# apt-get remove packagename – removes package'
# apt-get update – updates list of software packages.
# apt-get upgrade – installs upgrades of all packages currently installed.
# apt-get dist-upgrade – upgrades to latest release


Apt for AMP

Install Apache, Php and MySQL
# apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server

Now, you can Configure and deploy securely.



MCELOG - hardware error log monitoring tool on x86 systems


mcelog logs hardware related errors on Linux based x86 systems. Mostly this tool is used on physical server and start at boot time (used to be at cron) and runs as a daemon. it can detech hardware error such as system bus errors, CPU error (cache error on processor or hardware) and most importantly memory error (Error Correction code-ECC). Once it detech the error threshold, it can predictively offline memory pages and CPUs  based on the error. If you check the error frequently, you will find the problem before server panic and crash.


Install mcelog
# yum install mcelog

Verify the daemon is running
# mcelog --client
# /etc/init.d/mcelog status
#  service mcelogd status

Dependencies
- Make sure  /dev/mcelog does exists. If not create with mknod command
# mknod /dev/mcelog c 10 227



How to find the error?
- Login to console and run the meclog command which read message from the kernel. Make sure to send output to a file because you can't re-run it see the error.
# /usr/sbin/mcelog >/var/tmp/mymce.log

Check the log
# more /var/log/mcelog
# grep -i "hardware error" /var/log/mcelog
# more /var/log/mcelog
# tail -200 /var/log/mcelog

Put it on cron,
[ $(grep -c "hardware error" /var/log/mcelog) -gt 0 ] && echo "Hardware Error on $(hostname)" | mailx -s "Error on `hostname`" sam@domain.com




Most of the systems are by default set up to dump the log at /var/log/mcelog.

Some commands
mcelog
mcelog --k8
mcelog --k8 --ascii
mcelog --k8 /dev/mcelog
mcelog --ascii /dev/mcelog
mcelog --ascii > changelog.txt
dmesg | grep ADMA
dmesg | grep ata5
vmstat -d


Note: If mcelog running as a daemon, you get the /dev/mcelog output when the MCE actually happens..

More on http://www.mcelog.org/

By analyzing the log, it appears that the server suffered a crash and dump file is generated which infact caused the /var/crash to fill up. It appears that the crash dump also caused the memory errors on the system.

Friday, May 8, 2015

Find changed files on the system



The command below List all files along with md5 information from your system.
# find / -type f | xargs md5sum > All_Files-`date +%m%d%y`

Note: May take long time to complete.

The command below List all files along with md5 information that are changed within last 5 minutes.
# find / -type f -mmin -5 | xargs md5sum > Changed_Files-`date +%m%d%y`

To find the difference between old record and new one, run the diff command

# diff All_Files Changed_Files


You can script the task as follow
# for((i=1;i<=16;i++)) do find ~/ -type f > new;diff original new; done



Compiling kernel from scratch

Download the latest patch and sources from kernel.org.

http://www.kernel.org/pub/linux/kernel.../linux-2....tar.bz2
http://www.kernel.org/pub/linux/kernel.../patch-2.....bz2

unzip the file and apply the patch:
# tar xvf linux-2.6....bz2
# mv patch-2......bz2 linux-2..../
# cd linux-2....

How to generate a crash dump on Redhat

How to generate a crash dump on Redhat

1. Install following Packages
# rpm -qa | grep -i dump # kdump must be installed.
# yum install kexec-tools crash kernel-debuginfo kernel-debuginfo-common system-config-kdump

2. Edit the /boot/grub/grub.conf
on the kernel line on /boot/grub/grub.conf file, append crashkernel=512M@256M

kernel /vmlinuz-2.6.32-504.1.3.el6.x86_64 .....  crashkernel=512M@256M

or

If you are on GUI
Run the command system-config-kdumpIn and on target settings tab, select the appropriate path and the partition value
Click apply and reboot the system.

3. Modify the config file /etc/kdump.conf to specify the dump location.

# more /etc/kdump.conf
path /opt/crash
core_collector makedumpfile -c --message-level 1 -d 31
default reboot

4. Restart the kdump service
# chkconfig kdump on
# service kdump stop/start
It will create new kdump boot image..

5. Reboot the server
# reboot

6. Core will be generated but may take time to complete.

Locate the core
# echo c > /proc/sysrq-trigger

7. Analyze the core
# ls /var/crash
# ls -l /opt/crash/127.0.0.1-2015-05-08-09\:24\:46/vmcore
# crash ls -l /opt/crash/127.0.0.1-2015-05-08-09\:24\:46/vmcore /usr/lib/debug/lib/modules/`uname -r`/vmlinux

Available Commands:
crash> help
crash> sys
crash> bt -a
crash> mod
crash> log

do man crash for more info..
crash> sys

Thursday, May 7, 2015

How to Reverse the Order of PDF Pages

How to Reverse the Order of PDF Pages
I just scanned the document but the first page become last and last page become first. Here is the instruction to change the page order. 

Req: Download and install Cutepdf

1. Open your pdf document with Adobe Acrobat
2. Now press CTRL+P which opens the printing dialog box.
3. On the page to print section, click on reverse pages. [ you may have to click on more option ]
4. Now, undr printer section, select CutePDF and ok to save it..


This should bring your last page to the top & continue until all pages have been reverse ordered.

Wednesday, May 6, 2015

password policy

password policy

A. password complexity

# more /etc/pam.d/system-auth

- Set Minimum Password Length to 10
- Enforce not to repeat already used password.
# grep pam_cracklib.so /etc/pam.d/system-auth
password    requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=3

# grep pam_unix.so /etc/pam.d/system-auth
password   sufficient   pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5

"remember=5" - will stores old password on /etc/security/opasswd.

B. Set Password Expiration date

# grep PASS /etc/login.defs

# Get account age information
# chage -l user1

-> Set account password expiration date
# chage -E 12/30/2015 -m 5 -M 90 -I 30 -W 14 jsmith

-E = Expired date [ or YYYY-MM-DD ], if set -E = -1, account will not expire.
-m = minimum number of days between password changes. 0 mean password can be change any time.
-M = maximum number of days a password is valid
-I = number of days of inactivity after a password has expired before the account is locked
-W = number of days of warning before a password change is required

Tuesday, May 5, 2015

Assign additional IP address on the interface

Assign additional IP address on the interface

If you need additional IP address and you have only one interface, you can create a virtual interface and assign the ipaddress.

Make a copy of primary interface.
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
here, 0 is the first instance.

Edit the file and change the device name, ipaddress.
You may want to remove the hostname, UUID info..



Below is a comparison of two files. The one on the left is the original ifcfg-eth0 file, the one on the right is ifcfg-eth0:0 with the changes and deletions.

Restart network services for the additional interface to be activated:
$ sudo service network restart

Verify the new interface is active and has the correct IP. Ex:
$ ifconfig eth0:0
Output should resemble the following:

OLD info NEW info
--------- ---------
DEVICE=eth0 DECVICE=eth0:0
BOOTPROTO=static BOOTPROTO=static
GATEWAY=192.168.10.1 HWADDR=00:00:00:00:00:00
HOSTNAME=sam IPADDR=192.168.10.201
IPADDR=... IPV6INIT=yes
IPV6INIT=yes MTU=1500
MTU=1500 NETMASK=255.155.155.0
NETMASK=255.155.155.0 NM_CONTROLLED=yes
NM_CONTROLLED=yes ONBOOT=yes
ONBOOT=yes TYPE=Ethernet
TYPE=Ethernet
UUID=0000000-0000-2222-2222-000000000000

Now, restart network service
# service network restart
# ifcfg eth0:0

Disk Wipe- Using Darik’s Boot and Nuke tool

Wipe your system disk using Darik’s Boot and Nuke (DBAN)
Version used: 2.7.7

Instructions:

1. Login to the console and boot the system using cd/iso.
   On the tool bar, you will see cd/dvd dropdown list. Select ISO and click mount and mount the DBAN image from your PC.

2. Once you set up to boot the system off the CD, reboot your system.

3. Upon reboot, you will see different options. just press enter to start DBAN on interactive mode.

4. You will be presented with new screen. Press M for the method and pick the one best suites your environment.
a. Quick Erase
b. RCMP TSSIT OPS-II
c. DoD Short
d. DoD 5220-22.M
e. Gutmann Wipe:- For sensetive data.
f. PRNG Stream

select the one and press enter to continue.

5. You will be on different screen where you can select the disk available on the system.
Use arrow key to move and press space bar to select the disk.

6. Press F10 to start the cleaning process. You will see the status about the disk.

Note: DoD short and Gutmann option take a long time to finish the job.
Please allocate enough time based on the size of the disk. [ 10-12 hrs ]

7. Finally your wipe process will be completed soon.

Friday, May 1, 2015

Step by step Guide to create Glusterfs

Plan:
1. Prepare 2 hosts with CentOS 6.3, thats what I am using
Server1: moti.expanor.local
server2: goma.expanor.local

2. Veryfy dns is working, and each host can ping each other.

3. Create a shared disk on both hosts: /opt/home


Software installation:

1. Install glusterfs-server package.
You can set up and repo

download the software
http://download.gluster.org/pub/gluster/glusterfs/

download the repo

# wget -P /etc/yum.repos.d/ http://download.gluster.org/pub/gluster/glusterfs/3.6/3.6.3/CentOS/glusterfs-epel.repo.el5

# yum clean all
# yum install gluster-server
# chkconfig --list | grep glust
# service glusterd start


At this poing, you either disable iptables or enable the port to have a communicate with each other host.
I disabled iptables but you can let running SElinux.