Jan 03

RHCE: MariaDB Administration on Redhat/Fedora/CentOS

RHCE: MariaDB Administration on Redhat/Fedora/CentOS

 

Check if mariaDB is installed or not

130 yum list installed | grep ^mariadb

mariaDB originated from MySQL - after MySQL Got Bought by Oracle

133 yum list installed | grep ^mariadb

I see - installed though not completely

Output:

mariadb-libs.x86_64 1:5.5.52-1.el7 @anaconda

There are two other components: mariaDB - client component. MariaDB-server: Server Component

The MariaDB packages:
138 mariadb-bench.x86_64 mariadb-devel.x86_64 mariadb-server.x86_64 mariadb-test.x86_64 mariadb.x86_64

 

Install all packages at once

139 yum install mariadb*
140 yum list installed | grep ^mariadb

Now, I see the following, after I have installed - all MariaDB packages available in my system
mariadb.x86_64 1:5.5.52-1.el7 @local
mariadb-bench.x86_64 1:5.5.52-1.el7 @local
mariadb-devel.x86_64 1:5.5.52-1.el7 @local
mariadb-libs.x86_64 1:5.5.52-1.el7 @anaconda
mariadb-server.x86_64 1:5.5.52-1.el7 @local
mariadb-test.x86_64 1:5.5.52-1.el7 @local

MariaDB Configuration Files
149 ls /etc/my.cnf
150 ls /etc/my.cnf.d/*

The files
/etc/my.cnf.d/client.cnf /etc/my.cnf.d/mysql-clients.cnf /etc/my.cnf.d/server.cnf

153 vim /etc/my.cnf
154 vim /etc/my.cnf.d/client.cnf
155 vim /etc/my.cnf.d/server.cnf
156 vim /etc/my.cnf.d/mysql-clients.cnf
157 main config file /etc/my.cnf

158 grep -v ^# /etc/my.cnf : will show lines that are not comments
159 grep -v ^# /etc/my.cnf

The content of my.cnf : some lines are self explanatory

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

MariaDB messages are logged at: /var/log/mariadb/mariadb.log

 

MySQL Specific Selinux Contexts
171 ps -eZ | grep mysqld
I do not see anything as mysqld/maridb is not running

178 systemctl start mariadb.service
179 systemctl enable mariadb.service
180 ps -eZ | grep mysqld

now the output:
system_u:system_r:mysqld_safe_t:s0 4428 ? 00:00:00 mysqld_safe
system_u:system_r:mysqld_t:s0 4585 ? 00:00:00 mysqld

184 mysqld runs on it's own domain mysqld_t

Related Selinux file type: mysql_exec_t
etc_t is for /etc/my.cnf.d
mysql_db_t is for /var/lib/mysql/
mysql_log_t is for /var/log/mariadb/
189 ll -dZ /usr/libexec/mysqld /etc/my.cnf.d /var/lib/mysql /var/log/mariadb

The output - please note the Selinux Contexts in the output
drwxr-xr-x. root root system_u:object_r:mysqld_etc_t:s0 /etc/my.cnf.d
-rwxr-xr-x. root root system_u:object_r:mysqld_exec_t:s0 /usr/libexec/mysqld
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql
drwxr-x---. mysql mysql system_u:object_r:mysqld_log_t:s0 /var/log/mariadb

Corresponding Selinux Port Type: mysql_port_t
196 semanage port -l | grep mysqld
output:
mysqld_port_t tcp 1186, 3306, 63132-63164

Related Selinux Booleans: mysql_connect_any, selinuxuser_mysql_connect_enabled
200 getsebool -a | grep mysql

I see the output
mysql_connect_any --> off
selinuxuser_mysql_connect_enabled --> off

To install MariaDB-Server:
205 yum -y install mariadb-server
already installed. we installed with yum -y install mariadb* [installed everything together]

207 systemctl enable mariadb

We can run mysql_secure_installation - to secure our MariaDB installation
209 mysql_secure_installation

-----

The Output:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB


installation should now be secure.
Thanks for using MariaDB!

Enable MariaDB through Firewall and Allow traffic on Port 3306 - default mysql port
218 firewall-cmd --add-service=mysql --perm
220 firewall-cmd --reload

221 systemctl start mariadb
222 systemctl status mariadb
223 start mysql/mariadb

Run MySQL

224 mysql -u root -p

mysqldump is used to backup a database
mysql command can be used to restore a database
you can even use IDEs such as MySQL Workbench to backup and restore MySQL Databases

228 mysql -u root -p
229 mysqldump -u root -p testsayed > testsayeddb.sql

to restore - you need to use < testsayeddb.sql
231 mysql -u root -p testsayed < testsayeddb.sql

Backup and Restore MySQL Database

You can backup multiple databases at once, you can even backup some tables or other database objects using mysqldump

similarly, you can restore multiple databases at the same time using mysql command
just use multiple datbase or database object names with NO comma - one after another

235 mysqldump -u root -p DB1 DB2 DB3 > alldb.sql

when you use restore and give the sql file - if you use db name or table name before < then only that part will be restored irrespective hiow much data is there on the file

example
238 mysql -u root -p DB1 tbl1 < alldb.sql ;

you can use --all-databases or --databases with mysqldump command

Dec 31

Experiment with Selinux

Target Audience:  Technical People (who already knew or did similar stuff, at least worked well with Linux )

If you find these impossible to understand on your own (however, want to understand), better take help from Technical People

Selinux provides further security in addition to chmod, chown, facl, setuid, setgid or similar.

Firewall controls incoming and outgoing traffic; however, does not provide the security that Selinux provides.

Selinux helps in controlling - how much harm a security breach can do. Selinux tries to limit/restrict a process or a user to do only as much as it is allowed to do. A malfunctioning application or an affected application will not be able to do much harm (or to do a system and/or network wide harm) if Selinux is configured properly and enabled.

check if Selinux is enabled:

sestatus

 

Check Selinux Contexts:

id -Z

ll -Z

ll -dZ

ll -Z /etc/hosts

ps -eZ

 

setools can show you the Selinux users (these are not the Linux users that you create, these users are part of Selinux)

Install setools with

1 yum install setools-console

 

Show Selinux Users

16 seinfo -u

Available Selinux Users
18 seinfo -u

20 semanage - view current mapping
22 semanage login -l

Currently no output for semanage login -l for me

 

Process Contexts
32 ps -eZ

Selinux Context for Files
34 ll -Z /etc/passwd
35 ll -Z
36 ll -Z /etc/shadow

Selinux context for Ports
38 semanage port -l
output
3_callback_port_t tcp 7001
afs3_callback_port_t udp 7001
afs_bos_port_t udp 7007
afs_fs_port_t tcp 2040

 

Domain Transitioning
Allow one domain to work in another domain
processes running in passwd_t domain will be able to read and modify files in shadow_t type and allow the passwd_t domain processes entry point permission into passwd_exec_t domain.
47 useradd user1
48 useradd user2
49 su user1
50 semanage boolean -l

 

passwd

--------------------------------------------------------------

Some commands I executed under user1

We came to another terminal as user1; in our previous terimal, passwd was running

ps -eZ| grep passwd

/usr/bin/passwd is in passwd_exec_t domain. However, if you run passwd process and while this is in execution if you go to another terminal and check the process contexts with ps -eZ| grep passwd, then we can see passwd process has transitioned into passwd_t domain

to copy, move, or to tar files with preserving their Selinux Contexts - you need to provide --preserve=context

Selinux Booleans: On/Offf switches used by Selinux to Allow/Disallow actions

6 ll /sys/fs/selinux/booleans/

output
-rw-r--r--. 1 root root 0 Dec 31 07:57 zarafa_setrlimit
-rw-r--r--. 1 root root 0 Dec 31 07:57 zebra_write_config
-rw-r--r--. 1 root root 0 Dec 31 07:57 zoneminder_anon_writ

Better way of seeing

11 getsebool -a
output
server_execmem --> off
xserver_object_manager --> off
zabbix_can_network --> off
zarafa_setrlimit --> off
zebra_write_config --> off
zoneminder_anon_write --> off
zoneminder_run_sudo --> off
getsebool abrt_anon_write
abrt_anon_write --> off

22 sestatus -b
output
erver_object_manager off
zabbix_can_network off
zarafa_setrlimit off
zebra_write_config off
zoneminder_anon_write off

29 semanage boolean -l

 

------------------

 

 

output of semanage boolean -l
ssh_sysadm_login (off , off) Allow ssh to sysadm login
domain_fd_use (on , on) Allow domain to fd use
samba_enable_home_dirs (off , off) Allow samba to enable home dirs
mcelog_client (off , off) Allow mcelog to client
nfs_export_all_ro (on , on) Allow nfs to export all ro
cron_can_relabel (off , off) Allow cron to can relabel

 

Change/alter the booleans

58 setsebool abrt_anon_write 1
59 setsebool abrt_anon_write off

Use -P to make the change available or after system reboot
61 setsebool -P abrt_anon_write on
62 setsebool -P abrt_anon_write off

semanage can be used for the same purpose
69 semanage boolean -m abrt_anon_write -1
70 semanage boolean -m abrt_anon_write -0

getsebool or sestatus or semanage for validation
72 getsebool -a
73 getsebool -a | grep abrt_anon_write
74 sestatus -b | grep abrt_anon_write
75 semanage boolean -l | grep abrt_anon_write

 

Some related Commands:
to see contexts. ps -eZ, ll -eZ, id -Z
to change contexts: chcon

to compare current file context to original context
79 matchpathcon /etc/hosts

restorecon -> restore default context

semanage : does multiple things. modifies contexts, manages policies, manages labeling

Selinux operation Modes: getenforce
83 getenforce

getenforce : permissivie, enforcing, default

85 sestatus
To check current enforce status: sestatus or getenforce

 

Change:
87 setenforce permissive
88 sestatus

setenforce: set enforcing mode to permissive, or enforcing or disabled

90 setenforce enforcing
91 seinfo

seinfo : provides info on policies and policy components
seinfo : provides info on policies and policy components
94 seinfo
95 sesearch
97 sesearch --all

output of search --all
role_transition dbadm_r postgresql_initrc_exec_t system_r;
role_transition dbadm_r mysqld_initrc_exec_t system_r;
role_transition system_r rpm_exec_t system_r;

102 getsebool
103 getsebool abrt_anon_write

104 setsebool
105 setsebool abrt_anon_write on
106 setsebool abrt_anon_write off

 

Selinux has a GUI - Admin Interface

111 system-config-selinux : GUI based management tools

140 yum install policycoreutils-gui
141 system-config-selinux (run the GUI)

 

142 config file: /etc/selinux/config

You can change the enforce mode in the file
144 cat /etc/sestatus.conf

cat /etc/sestatus.conf some security contexts are provided
sestatus -v can show security contexts (files and processes) as set on the file /etc/sestatus.conf

147 sestatus -v
output
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Process contexts:

Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0

 

Create user with Selinux Context : Assign to Selinux User staff_u
169 useradd -Z staff_u user3

provide password in one line - actually a bad practice
171 echo 1234 | passwd --stdin user3

check
173 id -Z

actually need to switch to user3 and then check with id -Z
175 su user3
178 semanage login -l | grep user3

id -Z is not giving me the right output i.e. staff_u . I might need to login with the user or ....

 

map existing user to Selinux User
182 semanage login -a -s user_u user1

checking with semanage - works
184 output of semanage login -l | grep user3 -- the previous user

185 semanage login -l | grep user3
user3 staff_u s0-s0:c0.c1023

now try user1
188 semanage login -l | grep user1
works as I see in the output
user1 user_u s0

Change default policy to assign users to staff_u at creation
192 semanage login -m -S targeted -s staff_u -r s0 __default__

check the defaults
194 semanage login -l | grep default

the output
196 __default__ staff_u s0

Check context for a file
198 ll -Z /etc/hosts
199 ll -Z /etc/hosts.allow

Output
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 /etc/hosts.allow

change file context
203 touch /tmp/file1
204 chcon -vu user_u -t public_content_t /tmp/file1
205 ll -Z /tmp/file1

output
-rw-r--r--. root root user_u:object_r:public_content_t:s0 /tmp/file1

make this change permanent i.e. change on /tmp/file1
semanage fcontext -a -s user_u -t public_content_t /tmp/file1

210 ll -Z /tmp/file1

output
-rw-r--r--. root root user_u:object_r:public_content_t:s0 /tmp/file1

Another example of chcon
214 chcon -vu staff_u -t var_run_t /root
215 ll -dZ /root
output
217 dr-xr-x---. root root staff_u:object_r:var_run_t:s0 /root

restore /root folder original context
219 restorecon -vF /root

220 ll -dZ /root/

Port and Selinux
list ports with selinux contexts

223 semanage port -l

Output
zookeeper_client_port_t tcp 2181
zookeeper_election_port_t tcp 3888
zookeeper_leader_port_t tcp 2888
zope_port_t tcp 8021
semanage port -l | grep http_port

Output
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988

add a port selinux policy
234 semanage port -a -t http_port_t -p tcp 8090

check that the port got added
236 semanage port -l | grep http_port

you will see 8090 in the output
output
239 http_port_t tcp 8090, 80, 81, 443, 488, 8008, 8009, 8443, 9000
240 pegasus_http_port_t tcp 5988
241 delete the port
242 semanage port -d -t http_port_t -p tcp 8090

Check that the port got deleted
244 semanage port -l | grep http_port
245 copy files with/without selinux context
246 ll -Z /tmp/file1

output
-rw-r--r--. root root user_u:object_r:public_content_t:s0 /tmp/file1

249 cp /tmp/file1 /etc/
250 ll -Z /etc/file1

output
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/file1
the context got changed while copying.

Now copy keeping the context preserved
255 cp --preserve=context /tmp/file1 /etc/
256 ll -Z /etc/file1
output
258 -rw-r--r--. root root user_u:object_r:public_content_t:s0 /etc/file1
this does match with the original (source file) context

260 cat /var/log/messages | grep selinux


 

I used the following commands to help with setting up a local ftp based Yum server. I did just before installing system-config-selinux (core utils packages). I installed setools-console with rpm command

112 ping yahoo.com
113 rpm -ivh vsftpd
114 rpm -ivh vsftpd-3.0.2-21.el7.x86_64.rpm
115 systemctl status vsftpd
116 systemctl start vsftpd
117 systemctl enable vsftpd
118 firewall-cmd
119 firewall-cmd --help
120 firewall-cmd --add-service=ftp --perm
121 ln -s /var/ftp/pub/ /mnt/Packages
122 cp -rf /mnt/Packages /var/ftp/pub/
123 mkdir /etc/yum.repos.d/old
124 mv /etc/yum.repos.d/*.repo old/
125 mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old/
126 touch /etc/yum.repos.d/local.repo
127 vim /etc/yum.repos.d/local.repo
128 systemctl restart vsftpd
129 yum repolist all
130 yum install tree
131 vim /etc/yum.repos.d/local.repo
132 rpm -ivh createrepo-0.9.9-26.el7.noarch.rpm
133 createrepo /var/ftp/pub/Packages/ /var/ftp/pub/Packages/
134 cd /var/ftp/pub/Packages/
135 ls
136 pwd
137 createrepo .
138 yum repolist all

Dec 26

AutoFS and Mounting in Linux/Redhat/CentOS

AutoFS and Mounting in Linux/Redhat/CentOS

echo "AutoFS - Automatic FS system Mounting - Dec 26th, 2017 by Sayed"

check if Autofs installed or not
yum list installed | grep autofs

I just installed; hence it is there
you can install with yum -y install autofs

944 yum -y install autofs

then you can enable autofs
946 systemctl status autofs
947 systemctl start autofs
948 systemctl enable autofs

enable - will start this service at reboot/system start

AutoFS in general does not use /etc/fstab
AutoFS uses /etc/mtab file
Also, AutoFS has some files under /etc and starting with auto. You can also define which file will contain the mounting mapping. the file that will act like /etc/fstab for autofs

AutoFS has direct mapping and indirect mapping
let's see some files under /etc for autofs

955 ls /etc/auto*

The files

/etc/auto.direct /etc/autofs.conf /etc/autofs_ldap_auth.conf /etc/auto.master /etc/auto.misc /etc/auto.net /etc/auto.smb /etc/auto.master.d:

I saw to use /etc/auto.master for configuring which file will do the mapping for direct mounting.
I saw to use /etc/auto.misc for configuring which file will do the mapping for indirect mounting for AutoFS.

One more config file is under: /etc/sysconfig/autofs

961 cat /etc/sysconfig/autofs

the content
#
# Init system options
#
# If the kernel supports using the autofs miscellanous device
# and you wish to use it you must set this configuration option
# to "yes" otherwise it will not be used.
#
USE_MISC_DEVICE="yes"
#
# Use OPTIONS to add automount(8) command line options that
# will be used when the daemon is started.
#
#OPTIONS=""
#

For mounting NFS i.e. remote/network file-systems/folders - we can use the regular mounting i.e. /etc/fstab and mount command. However, that is kinda manual. We can mount NFS using AutoFS that will be automatic mount

We use AutoFS for LDAP clients to auto mount Users' home directories. We just configure, then the mounting happens automatically. You remember that getent passwd user-name mounted the remote users' home directory into local system. we used /etc/auto.master to tell that auto.guests will have the mounting configurations. then on /etc/auto.guests file - we configured that users' home directories will be mounted on /home/guests. you can check our notes on LDAP client configuration

979 cat /etc/auto.master
980 vim /etc/auto.master

we added the following line on /etc/auto.master
/etc/auto.guests /etc/auto.direct

it just tells that AutoFS will consult /etc/auto.guests file for direct mapping

 

984 vim /etc/auto.guests
we added the following line on /etc/auto.guests
/home/guests 192.168.1.15:/nfsrh

it just tells remote /nfsrh will be automatically mounted to /home/guests
you can try to restart autofs

989 systemctl restart autofs

 

Indirect Map
indirectly mounted points are only visible when accessed
automatically mounts shares under one common parent directory
each indirect map put only one entry in the mtab file
local and indirect maps cannot exist in the same parent directory
for indirect mapping - you use /etc/auto.misc file

Dec 26

On File Systems and Linux Commands (Redhat/CentOs/Fedora)

On File Systems and Linux Commands (Redhat/CentOs/Fedora)

echo "Dec 26th, 2017, Sayed Ahmed, Justetc Technologies"

On file Systems - Target Audience: Technical People. Software Developers and System/Network Administrators or DevOps  (or wanna be)

/ and /boot are the default Linux file systems

you can also configure /home, /opt, /var, /tmp, /usr as separate file systems or can make these as part of the / file systems.

/ and /boot are mandatory

The advantages of having separate file systems (and/or partitions) for different purpose (/var, /usr) are: you can independently manage them, extend them or reduce them as required. Can implement restriction on users who can access which file system. do repair and maintenance activities separatel

Types of file systems: ext2, ext3, ext4, xfs (default for Redhat 7), btrfs, vfat, iso9660, BIOS Boot, EFI System Partitions, NFS, AutoFS, CIFS (Common Internet File Systems)

AutoFS: NFS based auto mount. You can use this for LDAP Client configuration. Check our LDAP Notes.

xfs_repair : repair xfs file system devices

813 File System Administration Commands
814 dumpe2fs
815 dumpe2fs /dev/sdb
816 lsblk
817 dumpe2fs /dev/sdb
818 dumpe2fs /dev/sdc1
819 dumpe2fs /dev/sda

820 e2fsck /dev/sdb
821 e2fsck /dev/sda

823 lsblk
824 mkfs.ext2 /dev/sdb
825 mkfs.ext2 /dev/sdc1

826 e2fsck /dev/sdc1
827 e2fsck is for ext2 file system. ext2 will be removed soon. ext2 is deprecated on RHEL 7.
828 fsck.ext2 /dev/sdc1
829 fsck.xfs /dev/sda

 

830 xfs_repair /dev/sda
831 dumpe2fs, e2fsck, e2label, mke2fs, resize2fs, tune2fs, mkfs.xfs, xfs_admin, xfs_growfs, xfs_info, xfs_repair, mkfs.vfat, blkid, df, du, findmnt, fuser, mount, umout - some file system related linux commands

 

835 man e2label
836 e2label - Change the label on an ext2/ext3/ext4 filesystem
837 SYNOPSIS
838 e2label device [ new-label ]
839 DESCRIPTION
840 e2label will display or change the filesystem label on the ext2, ext3, or ext4 filesystem located on device.

841 man mke2fs
mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition. device is the special file corresponding to the device (e.g /dev/hdXX). blocks-count is the number of blocks on the device. If omitted, mke2fs automagically figures the file system size. If called as mkfs.ext3 a journal is created as if the -j option was specified.

man resize2fs
The resize2fs program will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located
on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel supports on-line
resizing. (As of this writing, the Linux 2.6 kernel supports on-line resize for filesystems mounted using ext3 and ext4.).

849 man tune2fs
tune2fs allows the system administrator to adjust various tunable filesystem parameters on Linux ext2, ext3, or ext4 filesystems. The cur‐rent values of these options can be displayed by using the -l option to tune2fs(8) program, or by using the dumpe2fs(8) program.

852 man mkfs.xfs
mkfs.xfs constructs an XFS filesystem by writing on a special file using the values found in the arguments of the command line. It is invoked automatically by mkfs(8) when it is given the -t xfs option.

855 man xfs_admin
xfs_admin uses the xfs_db(8) command to modify various parameters of a filesystem.
Devices that are mounted cannot be modified. Administrators must unmount filesystems before xfs_admin or xfs_db(8) can convert parameters.
A number of parameters of a mounted filesystem can be examined and modified using the xfs_growfs(8) command.

859 man xfs_growfs
xfs_growfs expands an existing XFS filesystem (see xfs(5)). The mount-point argument is the pathname of the directory where the filesystem is mounted. The filesystem must be mounted to be grown (see mount(8)). The existing contents of the filesystem are undisturbed, and the added space becomes available for additional file storage.

863 man xfs_info
xfs_info is equivalent to invoking xfs_growfs with the -n option (see discussion below).

865 man xfs_repair
xfs_repair repairs corrupt or damaged XFS filesystems (see xfs(5)). The filesystem is specified using the device argument which should be the device name of the disk partition or volume containing the filesystem. If given the name of a block device, xfs_repair will attempt to find the raw device associated with the specified block device and will use the raw device instead. Regardless, the filesystem to be repaired must be unmounted, otherwise, the resulting filesystem may be inconsistent or corrupt.

870 man mkfs.vfat
mkfs.fat is used to create an MS-DOS filesystem under Linux on a device (usually a disk partition). device is the special file correspond‐ing to the device (e.g /dev/hdXX). block-count is the number of blocks on the device. If omitted, mkfs.fat automatically determines the filesystem size.

874 man blkid
The blkid program is the command-line interface to working with the libblkid(3) library. It can determine the type of content (e.g. filesystem or swap) that a block device holds, and also the attributes (tokens, NAME=value pairs) from the content metadata (e.g. LABEL or UUID fields).

878 man df
df displays the amount of disk space available on the file system containing each file
name argument. If no file name is given, the space available on all currently mounted file systems is shown. Disk space is shown in 1K blocks by default, unless the environment variable POSIXLY_CORRECT is set, in which case 512-byte blocks are used.

882 df
883 du

884 man du
du - Summarize disk usage of each FILE, recursively for directories.

886 man findmnt
findmnt will list all mounted filesytems or search for a filesystem. The findmnt command is able to search in /etc/fstab, /etc/mtab or /proc/self/mountinfo. If device or mountpoint is not given, all filesystems are shown.

889 findmnt

890 man fuser
fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:
c current directory.
e executable being run.
f open file. f is omitted in default display mode.
F open file for writing. F is omitted in default display mode.
r root directory.
m mmap'ed file or shared library.

899 man mount
mount command - All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the filesystem found on some device to the big file tree. Conversely, the umount(8) command will detach it again.

 

903 man umount
umount - The umount command detaches the file system(s) mentioned from the file hierarchy.
You can customize mount operation by giving some parameters and options such as async: allow async I/O operation, acl: to support ACL (facl: getfacl, setfacl), users: allow all users to mount exec:noexec: permit/deny execution of binary files, ro:read only suid/nosuid: allow/disallow setuid operation user/nouser: allow/disallow a normal user to mount the file system remount: remount an already existing filesystem,

_netdev: network connectivity is a must before mounting, owner: allow the file system owner to mount dev/nodev: allow/disallow device files on the file system, defaults: accept all defaults (async, auto, dev, exec, nouser, rw, suid), auto: support auto mounting when -a option is used for mount command

note: mount -a will mount all filesystems mentioned in /etc/fstab
umount -a : everything mentioned in fstab will be unmounted. provided auto was there for the mount operation. auto is default parameter for mount command

 

blkid : gives you UUID for partitions/file systems. you can use UUID in /etc/fstab - usually is a good practice. because if you use /dev/sda /dev/sdb in the /etc/fstab - that might not work always because that can change depending on what storage device to add or remove to the system.
909 blkid
910 xfs_admin -u
911 xfs_admin -u /dev/sda
912 xfs_admin -u /dev/sda1
913 xfs_admin -u /dev/sdc1
914 xfs_admin -u device/partition : will also give UUID for that partition

 

915 blkid /dev/sdb
916 blkid /dev/sdc1
917 blkid
918 you can also create a label for a partition/file-system and use that in the /etc/fstab file
919 xfs_admin -l /dev/sdc1
920 xfs_admin -l /dev/sda
921 lsblk

926 lsblk
927 df -h
to create a label: xfs_admin -L testpartition /dev/sdc1
929 xfs_admin -L testpartition /dev/sdc1
930 then you can use testpartition in the /etc/fstab file

xfs_admin : -l shows label, -L creates label

932 cat /etc/fstab
933 the default format in the /etc/fstab file
934 /dev/mapper/cl-root / xfs defaults 0 0

device   mount-point file-system defaults/options-you-want(auto, rw, defaults, async) dump-or-not-for-dump-command scan-sequence-for-fsck

UUID and Label cab be used for the device/first parameter on /etc/fstab file

941 vim /etc/fstab
examples:

/dev/mapper/cl-root / xfs defaults 0 0

UUID=45213437-3dcf-4ee7-b6b7-26c37e2a82d7 /boot xfs defaults 0 0

/dev/mapper/cl-swap swap swap defaults 0 0

/dev/sdb1 /mnt ext2 defaults 0 0

947 df -h: disk free : check usage
948 df -h

partiton exercise
950 parted /dev/sdb mklabel msdos
951 parted /dev/sdb mkpart 1 101MB
952 parted /dev/sdb mkpart primary 1 101MB
953 parted /dev/sdb print
954 parted /dev/sdb mkpart primary 101 201MB
955 parted /dev/sdb print

956 mke2fs -t ext3 /dev/sdb2
957 mkfs.xfs /dev/sdb1

958 blkid
959 xfs_admin -L testlabel /dev/sdb1

960 vim /etc/fstab
961 mkdir -p /disks/sdb1

962 mount -a
963 vim /etc/fstab
964 mount -a
965 blkid
966 vim /etc/fstab
967 mount -a
968 umount -a
969 mount -a
970 cat /etc/fstab

971 example of using label on /etc/fstab
972 LABEL="testlabel" /disks/sdb1 xfs defaults 0 1

973 xfs_repair /dev/sdb1

974 umount /dev/sdb1
975 xfs_repair /dev/sdb1
976 xfs_repair : requires the file system to be unmounted

 

you can use nfs-utils to mount/unmount remote file systems
978 yum -y install nfs-utils
979 mkdir /disks/nfs-pc2

the format in the /etc/fstab file can be
981 192.168.10.15:/folder/fs-to-share-remotely /disks/nfs-pc2 nfs _netdev 0 0

check that I used: nfs as the file system
For options: I used _netdev because this is network devie and network connectivity is a must for this mounting operation

to mount cd-drive on redhat/centos/fedora
985 mount /dev/sr0 /mnt
df -h can show you the cdrom device. for me it was: /dev/sr0

987 df -h
you could use -t with mount command to give file system. However, for CD the default works fine
for NFS to mount using commands

mount -t nfs 192.168.1.15:/folder-or-fs-to-share-remotely /mount-point-on-our-system-like-/disks/nfs/pc2-share

you can also mount samba file system as well

Dec 25

Users and Groups management in Linux (Redhat/CentOS/Fedora)

Users and Groups management in Linux (Redhat/CentOS/Fedora)

Target Audience: Technical people who knew or already know (to some extent) - just wanna review

Yes, from my history

622 echo "dec 25th, 2017 - sayed"

 

User and password related files

623 cat /etc/passwd
624 cat /etc/shadow
625 cat /etc/group
626 cat /etc/gshadow

There are some backup files for them as well
629 cat /etc/passwd-
630 cat /etc/group-
631 cat /etc/shadow-
632 cat /etc/shadow-
633 cat /etc/gshadow-

try to understand the format of the passwd, shadow, and group files

passwd file format: userid: password - or password space holder:user id: group id: comments: user home directory: user shell

shadow file format: userid : encrypted password: password last changed in timestamp format: min days - min days the password must be ket before changing: max days - max days the current password can be kept: warn days - user will get warning to change password: inactive days - how many inactive days allowed: disable days - account expiry date: not used field - kept for future use

cat /etc/group

format for /etc/group file: group name: password place holder: group id: group members - comma seprated

cat /etc/gshadow

gshadow file format: group name: encrypted group password: group admins: group members

why group password? when we want to restrict users to  assign them to the groups

cat /etc/login.defs
647 vim /etc/login.defs
648 /etc/login.defs : defines default values for users and groups - some of these values are used at the time of user and group creation and modifications - i.e. some values are taken from this file (when not specified at creation/modification time)

649 pwck checks for integrity among user/permission related files
650 pwck
651 grpck

653 vipw -> passwd file: lock for others and read-only for others. admins use this command

 

655 cat /etc/sudoers
656 users or groups can be defined in /etc/sudoers file who can run commands with su or sudo
657 vim /etc/sudoers

 

658 su user1 (switch user)
659 usermod -G wheel user1  (assign users to groups)
660 user1 is added to wheel group. wheel is a sudo group
661 su user1

 

Graphical user management tool:

662 system-config-users

 

663 managing groups
664 groupadd, groupmod, groupdel
665 groupadd -g 5000 linuxadm
666 groupadd -o -g 5000 sales
667 groupmod -n mgmt sales
668 groupmod -g 6000 linuxadm
669 usermod -a -G linuxadm user1

672 id user1
673 su user1
674 groupdel mgmt
675 gpasswd -> add admins to groups, group password assign/change, add users to groups and similar
676 gpasswd -A user1, user20new linuxadm

681 gpasswd -a user20new, user1 linuxadm

684 su user20new

 

Needed some adjustments for the user: user20new, it was locked,  shell was assigned to /sbin/nologin
685 usermod -U user20new (unlock user)
686 gpasswd -a user20new, user1 linuxadm
687 grep user20new /etc/passwd
688 usermod -s /bin/sh user20new
689 gpasswd -a user20new, user1 linuxadm
690 grep user20new /etc/passwd
691 cat /etc/passwd
692 usermod -s /bin/bash user20new
693 su user20new

 

694 gpasswd -a user20new, user1 linuxadm
696 su - user20new
697 su user1
699 su -

713 vipw
714 ls /etc/passwd.edit
715 pwck
716 grpchk
717 grpck
719 vigr
720 vigr -s

 

//enable disable shadow files

721 pwconv
722 cat /etc/passwd
723 pwunconv
724 cat /etc/passwd
725 pwunconv : do not use shadow file : move passwords back to passwd file
726 pwconv
727 cat /etc/passwd
728 grpconv
729 grpunconv
730 cat /etc/gshadow
731 cat /etc/group
732 grpconv
733 cat /etc/gshadow

cat in the above lines was to check - if the changes wee done or not

 

734 user related commands: useradd, usermod, userdel, chage, passwd
735 cat /etc/default/useradd
736 cat /etc/login.defs

See defaults
738 useradd -D
739 change default user home directory location
740 useradd -D -b /usr/home
741 useradd -D
742 useradd -D -b /home
743 useradd -D
744 useradd -D -b /usr/home

745 grep ^# /etc/login.defs
746 grep -v ^# /etc/login.defs
747 grep -v ^# /etc/login.defs > show-lines-from-login.defs-that-does-not-start-with-#--comment lines will not be shown
748 grep -v ^# /etc/login.defs | grep -v ^$
749 grep -v ^# /etc/login.defs
750 grep -v ^# /etc/login.defs | grep -v ^$

 

 

751 useradd user2
752 mkdir -p /usr/home
753 useradd user2
754 useradd user20
755 passwd user20
756 cd /etc; grep user20 passwd shadow group gshadow
757 useradd -u 5000 -g 5000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
758 useradd -u 5000 -g 1000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
759 create user with no login: just point shells to no login
760 useradd -s /sbin/nologin user40
761 su - user40
762 su user40

 

changing: min days, max days, expiry, and password

763 passwd -n 7 -x 28 -w 8 user20
764 chage -l user20
765 chage -m 10 -M 30 -W 7 -E 2017-12-31 user30
766 chage -l user30

 

767 modifying users
768 usermod -u 2000 -m -d /home/user20new -s /sbin/nologin -l user20new user20
769 grep user20new /etc/passwd
770 chage -l user30
771 chage -l user20
772 chage -l user20new
773 chage -d 0 -m 5 -E -1 user30
774 chage -l user30

775 lock a user
776 usermod -L user20
777 usermod -L user20new

778 userdel -r user30
781 usermod -U user20new

782 su user1
784 usermod -U user20new

 

//assign users to groups

785 gpasswd -a user20new linuxadm
786 gpasswd -a user1 linuxadm

787 useradd user4
788 passwd user4
789 gpasswd -M user4 linuxadm

 

791 cat /etc/group
792 gpasswd -M : replace existing group members with the new user assigned
793 set group password
794 gpasswd linuxadm
795 groups
796 su user4

 

800 su user4
801 newgrp the user can execute this to change primary group

802 important shell startup files : /etc/bashrc /etc/profile /etc/profile.d

Dec 24

NTP related commands/Linux

598 echo "dec 24th, 2017"
599 echo "NTP Client"
600 yum list ntp
601 yum list installed |grep ntp

602 To activate ntp
603 yum -y install ntp system-config-date
604 cat /etc/ntp.conf
605 grep ^server /etc/ntp.conf

606 systemctl restart ntpd
607 systemctl enable ntpd
608 systemctl start ntpd

609 ntpq -p

612 nmtui
613 ip addr

619 system-config-date
620 system-config-authentication

 

Dec 24

Network Interface, Network Clients related Linux/Redhat/CentOS commands

echo "Dec 24th, 2017"
532 echo "Basic Networking in Linux"
533 hostname
534 uname -a
535 uname -n
536 cat /etc/hostname
537 nmcli general hostname
538 changing hostname temporarily
539 hostname server10.example.com
540 for permanent change
541 hostnamectl set-hostname server100.example.com
542 or change /etc/hostname file
543 vim /etc/hostname
544 restart systemctl
545 systemctl restart systemd-hostnamed
546 systemctl restart systemd-hostnamed.service
547 echo "IPV4 addresses"
548 ip addr
549 cat /etc/protocols
550 ip neighbor
551 yum install arp*
552 cat /etc/services
553 cat /etc/protocols
554 ip neighbor
555 interface configuration files
556 cat /etc/sysconfig/network-scripts/
557 ll /etc/sysconfig/network-scripts/
558 ll /etc/sysconfig/network-scripts/ifcfg-*
559 you can change parameters for the interface config files
560 ll /etc/sysconfig/network-scripts/ifcfg-ens33
561 cat /etc/sysconfig/network-scripts/ifcfg-ens33
562 name and IP conversion. /etc/hosts - DNS is the system to do this.
563 interface stop and start
564 ifdown ens33; ifup ens33
565 cat /etc/default/grub
566 it used to be eth0 eth1, now default is ens
567 you can change that using some config changes
568 ip
569 nm-connection-editor
570 nm-connection-editor is graphical nmtui is text based - not command line but text based interface
571 nmtui is command line based. nmtui is text-based interface based
572 nmcli
573 nmcli device show
574 nm-connection-editor
586 to set ipv4 address - one example

589 ip addr add 192.168.0.111/24 broadcast 192.168.0.255 dev ens33
590 ip addr
591 ip addr add 192.168.0.111/24 broadcast 192.168.0.255 dev eth1
592 ls
593 systemctl status NetworkManager
594 nmcli con show
595 nmcli dev status
596 exit
597 history

Dec 24

TCP Wrappers in Linux/CentOS/Redhat/Fedora

yum info tcp_wrappers

yum install tcp_wrappers-devel.x86_64
506 reboot
507 ifdown ens33
508 ifup ens33
509 yum install tcp_wrappers-devel.x86_64
510 yum -y install tcp_wrappers-devel.x86_64
511 ls /var/ftp/pub/Packages/
512 ls /etc/yum.repos.d/local.repo
513 vim /etc/yum.repos.d/local.repo
514 systemctl status vsftpd
515 systemctl start vsftpd
516 systemctl enable vsftpd
517 yum -y install tcp_wrappers-devel.x86_64
518 cat /etc/hosts.allow
519 cat /etc/hosts.deny
520 two config files as above. hosts.allow will be consulted first and then hosts.deny is consulted
521 the format of the file content: service: user@source pc
522 service examples: All, All Except, sshd, vsftpd, sshd. multiple services can be given in one line with commas
523 user@source pc examples can be: All, just an IP, 192.168.1.1 Local, subnet: 192.168.0.0/24, network address with except host like: 192.168.0 except 192.168.0.25. multiple host can be given - comma separated. user1@192.168.1.1
524 the above content will serve the purpose of the file. if the content is found on the allow file - that services and user and pc will be allowed. if the content is written in the .deny file - corresponding user, service, pc will be denied
525 exit
526 history

Dec 24

SSH/SSHD/OpenSSH in CentOS/Redhat Linux

Experiment with SSH/SSHD/OpenSSH in CentOS/Redhat Linux

Yes, from  my history (Probably a review for the technical people, who already knew these sometimes in the past)

461 echo "dec 24th, 2017"
462 vim /etc/ssh/sshd_config

463 echo "SSH Related Commands"
464 scp -> secure copy
465 tscp -> secure copy for windows
466 sftp -> secure ftp
467 slogin -> secure login - alternative to rlogin
468 ssh -> provides secure telnet, secure rlogin
469 ssh-add -> provides DSA/ECDSA/RSA characteristics to ssh-agent
470 ssh-agent

 

471 ssh-agent output
472 SSH_AUTH_SOCK=/tmp/ssh-DQP6FzPIZvG7/agent.3903; export SSH_AUTH_SOCK;
473 SSH_AGENT_PID=3904; export SSH_AGENT_PID;
474 echo Agent pid 3904;

475 ssh-copy-id -> copy keys to remote system (manual copy is also an option, you can use scp as well)
476 ssh-keygen: generates public and private key

 

477 SSH components: the server with the SSH daemon. The client with scp, sftp, slogin, ssh, ssh-copy-id. and the openssh packgae itself to provide ssh-ketgen and different modules and libraries.
478 ssh-agent : authentication agent that also holds private keys
479 cat /etc/ssh/sshd_config > system wide ssh config file
480 cat /etc/ssh/sshd_config

481 cat /etc/ssh/ssh_config
482 vim /etc/ssh/ssh_config
483 vim /etc/ssh/sshd_config
484 cat /etc/sysconfig/sshd

485 cat /etc/sysconfig/sshd -> server configuration file
486 cat /var/log/secure
487 cat /var/log/secure -> related messages

488 cat /etc/passwd
489 useradd user1
490 passwd user1
491 su user1
492 useradd user100
493 passwd user100
494 su user100

496 ipaddr
497 ip addr
498 nmtui
499 ip addr
500 su user1

501 exit
502 history > ssh_history.txt
503 history

 


 

after switching to user100

 

ssh 192.168.12.45
4 ssh 192.168.12.45 /bin/ls -la

exit


cd ~

14 touch file1
15 scp file1 192.168.12.45:/home/user100
16 sftp 192.168.12.45

Dec 24

Tools for iOS Application Development

iOS Development

When developing for iOS platform the first question that comes in mind is that “do I need a mac for iOS app development?” Today I am going to talk about some of the iOS development tools, their setup procedure for different platforms and their pros and cons.

Native iOS Development:

Apple’s official development platform is known as Xcode and is a free download. If you want to develop iOS app using Xcode or Apple provided development tools then you need a mac. You won’t be able to put your apps up for sale without a developer’s license, but you will be able to play around with the environment.

Apple introduced the Swift programming language as a replacement for Objective-C, which was painful to use for development purpose.

Swift may not exactly be rapid application development, but it is much quicker to program using Swift than Objective –C.

Note: You will need a Mac to develop iOS application, but it need not to be the most powerful Mac in the world. A Mac Mini is more than sufficient for creating iPhone and iPad apps.

By using Xcode you will be able to use all the development tools provided by apple. Which makes it easier to develop iOS application. Then, first of all, you’d need a more expensive Mac instead of an inexpensive PC. The price difference is pretty steep if you want a high-performance development system. Xcode is basically limited to producing applications for the Apple family of devices, which is a reasonable large limitation considering the number of Windows desktops and Android devices.

iOS App development tools will be very useful for the development of application in native platform:

  • Jazzy

  • Hotfix Native iOS Apps

  • Gitter

  • Charter

  • Qordoba

  • Swift Express

  • iOS Up

On Windows:

Before committing to buying a new Mac, you can actually “rent” one for development. You’ll remotely access the Mac and Xcode through your PC.

It’ll be like having the Mac desktop in a window on your Windows Desktop. The really nice thing about this option is that the cost is really low and it’s the fastest option to get up and running. There are few companies out there that provide this service like MaclnCloud, VirtualMacOSX and XcodeClub.

Another way to work on iOS development can be using virtualization software and run a “virtual Mac” on your PC. The services above are essentially doing the same thing on their servers and then they charge you a fee to access the virtual machine.

By setting it up yourself on your own PC, you essentially cut the middle man out of the equation.

The two most popular pieces of software to do virtualization are VirtualBox and VMWare Workstation.

You can download them and then use Google to find a guide on how to install the latest MacOS with either VirtualBox or VMWare Workstation.

VirtualBox is open source software which means that it’s free. That probably explains why it’s a lot more popular than VMWare Workstation when it comes to running MacOS on your Windows machine.

Third Party Solutions/Cross Platform:

With all of the articles that have been published on this topic, you’d think the app world have come to some sort of conclusion by now iOS and Android development. But they haven’t. And it’s because there is no easy answer to the question. Both platforms are great, for equal and different reasons.

Different cross platform mobile development tools have different specialties. Some focus on gaming, some are focused on data security for business purposes, where others are focused on letting you use whatever programming language you like, so you don’t have to learn new ones.

Ultimately, which of these cross platform mobile development tools you choose depends on your needs and goals for your app.

  • PhoneGap:

Owned by Adobe, PhoneGap is a free resource that first-time app developers can use to translate code from HTML5CSS, and JavaScript.

They maintain SDKs (software development kits) on their end for each of the platforms you can develop an app for, so it’s one less thing you have to worry about. And once your app is completed, you can share it with your team members for review to see if you need to make any improvements.

Beyond iOS and Android, PhoneGap also creates apps for BlackBerry and Windows. So it is truly a cross platform mobile development tool!

  • Unity 3D:

Also focused on creating great games, Unity 3D is a game engine you can use if you really want to take care of your incredible graphics.

This cross platform mobile development tool goes beyond simple translation. After developing your code in UnityScript, C#, or Boo, you can export your games to 17 different platforms, including iOS, Android, Windows, WebPlaystationXboxWiiand Linux.

Once you’ve got your game on all your chosen platforms, Unity will even help you distribute it to the appropriate stores, get social shares, and track user analytics.

  • Xamarin:

With a free starter option, Xamarin is a mobile development tool that includes app store delivery, performance testing and monitoring, and the ability to do virtual tests on more than 1,000 devices to make sure everything is working and displaying like it should.

Using Ruby or C# for code, Xamarin has created a robust cross platform mobile development platform that’s been adopted by big names like Microsoft, Foursquare, IBM, and Dow Jones.

There are also other cross platform development tools like React Native, Appcelerator, Sencha, Corona etc.

Dec 22

Disk/Partition/Logical Volume (LVM) Management related commands in Centos/Redhat Linux

echo "Dec 22nd 2017"
321 pvs
322 output
323 PV VG Fmt Attr PSize PFree
324 /dev/sda2 cl lvm2 a-- 19.00g 0
325 pvs
326 vgs
327 lsblk
328 vgdisplay
329 vgdisplay | grep "PE Size"
330 PE Size 4.00 MiB
331 vgdisplay > vgdisplay20171222.txt
332 vgdisplay | grep 'PE Size'> vgdisplay20171222.txt
333 lvs
334 lvs > lvs20171222.txt
335 lvs
336 lvdisplay vg00
337 lvdisplay cl
338 lvdisplay cl > lvdisplaycl.txt
339 lvdisplay /dev/cl
340 lvdisplay /dev/cl/root
341 lsblk
342 lvdisplay /dev/cl/swap
343 lvdisplay /dev/cl/swap > swaplv.txt
344 pvck
345 pvck /dev/sda
346 lsblk
347 pvck /dev/sda2
348 pvs
349 pvs > pvsoutput
350 pvck /dev/sda2
351 echo "physical volume related commands - just the terms"
352 pvck
353 pvcreate
354 pvdisplay
355 pvresize
356 pvmove
357 pvremove
358 pvs
359 pvscan
360 echo "volume group related commands"
361 echo "you create volume groups out of physical volumes"
362 vgch
363 vgck-> checks integrity of volume groups
364 vgck
365 vgcreate : you provide the physical volumes as parameters
366 vgcreate
367 vgdisplay
368 vgextend
369 vgextend -> you can add additional physical volumes to a volume group
370 vgreduce
371 vgreduce : reduce size of a volume group
372 use -L target-size as parameters for vgreduce along with vg name or -L -100m where 100m is the amount to reduce. not the final size
373 vgrename
374 vgremove
375 vgremove -> removes a volume group
376 vgs
377 vgs -> list volume groups
378 vgscan -> scan system find volume groups
379 vgscan
380 vgscan /dev/sda2
381 vgscan
382 echo "Logical Volume related commands"
383 lvcreate
384 lvdisplay
385 lvextend
386 lvreduce
387 lvremove
388 lvrename
389 lvresize
390 lvs
391 lvscan
392 lvm
393 lvscan
394 lvm
395 lsblk | grep vd
396 lsblk | grep sd
397 lvmdiskscan
398 lvscan
399 lvmdiskscan > outputoflvmdiskscan.txt
400 lsblk
401 parted /dev/sdc mkpart primary 1 100m
402 parted /dev/sdc mklabel msdos
403 parted /dev/sdc mkpart primary 1 201m
404 parted /dev/sdc print
405 pvcreate /dev/sdb /dev/sdc1 -v
406 pvcreate /dev/sdb /dev/sdc1 -v > outputofpvcreate
407 lsblk
408 vgcreate vg01 -s 16 /dev/sdb /dev/sdc1 -v
409 cat pvsoutput
410 cat outputofpvcreate
411 vgs vg01
412 vgscan
413 vgdisplay
414 vgdisplay -v
415 vgdisplay -v vg01
416 pvs
417 pvscan
418 pvdisplay /dev/sdb
419 pvdisplay /dev/sdb > pvdisplaydevsdb
420 pvdisplay /dev/vdc1
421 pvdisplay /dev/sdc1
422 lvcreate -n lvol0 -L 600MB vg01 -v
423 lvcreate -n oravol -L 1.3g vg01 -v
424 lvs
425 lvscan
426 lvdisplay
427 lvdisplay /dev/vg01/lvol0
428 lvdisplay /dev/vg01/oravol
429 vgextend vg01 /dev/sdd -v [need to initialize with pvcreate]
430 pvcreate /dev/sdd
431 vgextend vg01 /dev/sdd -v
432 vgs vg01
433 vgscan
434 lvextend /dev/vg01/lvol0 -L 1g -v
435 lvextend /dev/vg01/oravol -L 2g -v
436 lvdisplay oravol0
437 lvdisplay /dev/vg01/oravol
438 vgdisplay -v vg01
439 lvrename /dev/vg01/lvol0 lvolnew -v
440 lvs /dev/vg01/lvolnew
441 lvs
442 lvs | grep lvolnew
443 lvreduce /dev/vg01/lvolnew -L 800m -v
444 lvresize /dev/vg01/lvolnew -L -100m -v
445 lvremove /dev/vg01/lvolnew
446 lvremove -f /dev/vg01/oravol
447 vgdisplay vg01 | grep 'Cur LV'
448 vgreduce vg01 /dev/sdb /dev/sdc1
449 vgs
450 vgs vg01
451 vgscan
452 lsblk
453 vgdisplay vg01
454 vgdisplay vg01 -v
455 vgremove vg01
456 vgdisplay vg01 -v
457 pvremove /dev/sdb /dev/sdc1 /dev/sdd
458 exit
459 history

Dec 21

Redhat/CentOS Linux and Disk/Volume Management. LVM, parted, gdisk, vgcreate, lvcreate and similar

Misc related commands from history

[Redhat/CentOS Linux and Disk/Volume Management. LVM, parted, gdisk, vgcreate, lvcreate and similar]

 

fdisk /dev/sdb
93 parted
94 parted /dev/sdb

96 parted /dev/sdb print
97 vi /etc/fstab
98 parted /dev/sdb
99 vi /etc/fstab
100 parted /dev/sdb
101 parted /dev/sdb print
102 gdisk /dev/sdc
103 gdisk -l /dev/sdc
104 fdisk -l /dev/sda
105 gdisk /dev/sdc
106 gdisk -l /dev/sdc
107 gdisk /dev/sdc
108 gdisk -l /dev/sdc
109 yum list installed
110 yum list installed | grep gnome-disk-utility
111 gdisk /dev/sdc
112 gdisk /dev/sdb
113 gdisk -l /dev/sdb
114 fdisk -l /dev/sdb
115 sfdisk -l /dev/sdb
116 fdisk -l /dev/sdb
117 parted
118 parted /dev/sdb
119 parted /dev/sdc
120 gdisk /dev/sdb
121 gdisk /dev/sdc
122 sfdisk /dev/sdc
123 cfdisk /dev/sdc
124 pvs
125 lsblk
126 pvs
127 pvdisplay
128 vgs
129 lvs
130 lsblk
131 lvs -v
132 vgs -v
133 lvdisplay /dev/vg00/root
134 lvmdiskscan
135 gdisk /dev/sdb
136 parted /dev/sdb mklabel msdos
137 parted /dev/sdb mkpart primary 1 1g
138 parted /dev/sdb print
139 pvcreate -v /dev/sdb1 /dev/sdc
140 parted /dev/sdc
141 lsblk
142 pvcreate -v /dev/sdb1 /dev/sdc
143 parted /dev/sdc mklabel msdos
144 pvcreate -v /dev/sdb1 /dev/sdc
145 vgcreate -s 16 vg01 -v /dev/sdb1 /dev/sdc
146 vgs
147 vgdisplay
148 vgs
149 vgscan
150 vgs vg01
151 vgdisplay vg01 -v
152 pvs
153 pvscan
154 pvdisplay
155 pvdisplay /dev/sdb
156 pvdisplay /dev/sdb1
157 lvcreate -L 600 vg01 -v
158 lvcreate -L 1.3g -n oravol vg01 -v
159 lvs
160 lvdisplay /dev/vgo1/lvol0
161 lvdisplay /dev/vg01/lvol0
162 lvdisplay /dev/vg01/oravol
163 lsblk
164 journalctl -xb
165 tail /var/log/messages
166 vi /etc/fstab
167 reboot
168 lsblk
169 pvcreate /dev/sdd
170 vgextend vg01 /dev/sdd -v
171 vgs
172 lvextend -L 1g /dev/vg01/lvol0 -v
173 lvresize -L 2g /dev/vg01/oravol -v
174 vgdisplay -v vg01
175 lvextend -L 3g /dev/vg01/oravol -v
176 vgdisplay -v vg01
177 lvdisplay
178 vgdisplay
179 lvrename /dev/vg01/lvol0 lvolnew
180 vgdisplay
181 vgdisplay -l
182 vgdisplay -v
183 lvrename vg01 lvolnew lvolrenew
184 vgdisplay -v
185 lvreduce -L 800m /dev/vg01/lvolrenew
186 lvreduce -L -200m /dev/vg01/lvolrenew
187 vgdisplay -v
188 lvresize -L +400m /dev/vg01/lvolrenew
189 lvresize -L -400m /dev/vg01/lvolrenew
190 lvreduce -L +200m /dev/vg01/lvolrenew
191 lvextend -L -1g /dev/vg01/oravol -v
192 lvextend -L +1g /dev/vg01/oravol -v
193 lvremove -f /dev/vg01/lvolrenew
194 lvremove -f /dev/vg01/oravol
195 vgreduce vg01 /dev/sdb1 /dev/sdc
196 vgdisplay vg01
197 lsblk
198 vgdisplay
199 vgdisplay -v
200 vgremove vg01
201 pvremove /dev/sdd /dev/sdb1 /dev/sdc
203 history

Dec 18

Step by Step: How to Install and Configure LDAP Server

From my history of executed commands.

The command sequence works like charm [though some commands might fail as I am directly pasting from history]

You can check our other posts on LDAP client configuration. Also, go to the end of the commands list; some config file contents will be provided. These files need to be created and configured before the LDAP users start working. When you see a vi command (to create a file) in the command sequence , go to the file section and bring the configurations in the file.

1 ip addr ens33
2 ip addr
3 exit
4 ls
5 vim /etc/hosts

 

this was executed before. You need to execute at this point - if these tools are not already installed
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

6 systemctl start slapd.service
7 systemctl enable slapd.service
8 netstat -antup | grep -i 389
9 slappasswd
10 ls /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
11 vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
12 vim /etc/openldap/slapd.d/db.ldif
13 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
14 cd /etc/openldap/slapd.d/
15 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
16 vi monitor.ldif
17 ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
18 openssl req -new -x509 -nodes -out /etc/openldap/certs/itzgeekldapcert.pem -keyout /etc/openldap/certs/itzgeekldapkey.pem -days 365
19 chown -R ldap:ldap /etc/openldap/certs/*.pem
20 ll /etc/openldap/certs/*.pem
21 vi certs.ldif
22 ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
23 slaptest -u
24 config file testing succeeded
25 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
26 chown ldap:ldap /var/lib/ldap/*
27 dapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
28 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
29 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
30 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
31 vi base.ldif
32 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
33 slappasswd
34 vi db.ldif
35 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
36 systemctl restart slapd.service
37 systemctl enable slapd.service
38 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
39 vi db.ldif
40 ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
41 ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
42 chown -R ldap:ldap /etc/openldap/certs/*.pem
43 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
44 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
45 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
46 vi base.ldif
47 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif
48 vi sayed.ldif
49 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f sayed.ldif
50 ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"
51 ldapsearch -x cn=raj -b dc=itzgeek,dc=local
52 ldapdelete -W -D "cn=ldapadm,dc=itzgeek,dc=local" "uid=raj,ou=People,dc=itzgeek,dc=local"
53 firewall-cmd --permanent --add-service=ldap
54 firewall-cmd --reload
55 vi /etc/rsyslog.conf
56 systemctl restart rsyslog
57 yum install -y openldap-clients nss-pam-ldapd
58 ip addr
59 ls /etc/yum.repos.d/local.repo
60 ip addr
61 nmtui
62 ifdown ens33
63 ifup ens33
64 authconfig --enableldap --enableldapauth --ldapserver=192.168.1.73 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
65 systemctl restart nslcd
66 yum install -y openldap-clients
67 systemctl start ftp
68 systemctl start vsftp
69 systemctl start vsftpd
70 yum install -y openldap-clients
71 yum install -y openldap-clients nss-pam-ldapd
72 authconfig --enableldap --enableldapauth --ldapserver=192.168.1.73 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
73 getent passwd sayed
74 systemctl restart nslcd
75 getent passwd sayed
76 cat /etc/passwd
77 exit
78 authconfig-tui
79 ls /etc/openldap/cacerts
80*
81 authconfig-gtk
82 yum install authconfig-gtk
83 ls /etc/openldap/certs/*.pem
84 cp /etc/openldap/certs/*.pem /etc/openldap/cacerts/
85 getent passwd sayed
86 authconfig-tui
87 getent passwd sayed
88 cat /etc/passwd
89 nmtui
90 ifdown ens33
91 ifup ens33
92 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
93 systemctl start slapd.service
94 systemctl enable slapd.service
95 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
96 systemctl restart nslcd
97 getent passwd sayed
98 pwd
99 cd /etc/openldap/slapd.d/
100 ls -la
101 vi raj.ldif
102 ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f raj.ldif
103 ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"
104 ldapsearch -x cn=raj -b dc=itzgeek,dc=local
105 irewall-cmd --permanent --add-service=ldap
106 firewall-cmd --permanent --add-service=ldap
107 firewall-cmd --reload
108 vi /etc/rsyslog.conf
109 authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update
110 systemctl restart nslcd
111 getent passwd raj
112 ifconfig
113 cat /etc/hosts
114 history

 

 

 

Reference: http://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html/2  [the great one]

 

 

vi /etc/hosts

192.168.12.10 server.itzgeek.local server
192.168.12.20 client.itzgeek.local client

 

 

# vi /etc/openldap/slapd.d/db.ldif
#remember to provide the correct password. Bring the password hash as created with: slappasswd 

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=itzgeek,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=itzgeek,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}QF+jBFJ/RWGVwPuDzQI87YJfJtKOYGhK

 

# vi monitor.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=itzgeek,dc=local" read by * none4
# vi base.ldif

dn: dc=itzgeek,dc=local
dc: itzgeek
objectClass: top
objectClass: domain

dn: cn=ldapadm ,dc=itzgeek,dc=local
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager

dn: ou=People,dc=itzgeek,dc=local
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=itzgeek,dc=local
objectClass: organizationalUnit
ou: Group

 

 

# vi certs.ldif

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/itzgeekldapcert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/itzgeekldapkey.pem

 

Create ldap users

vi raj.ldif

Paste the below lines to above LDIF file.

dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

 

For the file

vi /etc/rsyslog.conf

Add below line to /etc/rsyslog.conf file.

local4.* /var/log/ldap.log

 

Check if the ldap users work:

# getent passwd raj

Dec 18

Configuring an LDAP Client in Redhat/CentOS

You can use the tool authconfig-tui  or authconfig-gtk to configur an LDAP client.

If these are not installed, you can install them with

yum install authconfig-tui

yum install authconfig-gtk

You will also need to install nss-pam-ldapd

yum install nss-pam-ldapd

Some command sequence from my history

authconfig-tui
yum install nss-pam-ldapd  [auth config tui was asking for this]
authconfig-tui
authconfig-gtk [is not installed]
yum install authconfig-gtk (so install)

[ then either run authconfig-tui  or authconfig-gtk, and give proper configurations. You need to provide LDAP server info and Domain (dc=redhat, dc=local), you also need to provide the CA certificate path in the config. if you use authconfig-tui then you have to copy the certificate to a folder. when you run authconfig-tui , the command will tell you where to copy the certificate to]

yum install autofs [install autofs to mount remote LDAP user home directory to local folders]

vim /etc/auto.master (autofs configuration file. tell here, in which file the mounting is configured) (filesystem=nfs)
vim /etc/auto.misc  (just checking format)
touch /etc/auto.guests (on auto.master, we told  auto.guests will have the file system mounting)
vim /etc/auto.guests
systemctl restart autofs
getent passwd ldapuser01 (check if the remote user can login from local and mounting is done)

Check if you see the LDAP users'  folders mounted on your local

Dec 15

Experiment with Firewalls in Linux (CentOS/RedHat)

44 firewall-cmd --state
45 systemctl status firewalld
46 firewall-cmd --reload
47 systemctl restart firewalld.service

systemctl restart firewalld

48 firewall-cmd --get-default-zone
49 firewall-cmd --get-active-zones
50 firewall-cmd --get-zones
51 firewall-cmd --get-zone-of-interface=ens33
52 firewall-cmd --list-all
53 firewall-cmd --list-all-zones
54 firewall-cmd --get-default-zone
55 firewall-cmd --get-active-zones
56 firewall-cmd --list-all
57 firewall-cmd --get-zones
58 firewall-cmd --list-all-zones
59 firewall-cmd --list-all --zone external
60 firewall-cmd --new-zone testzone --perm
61 firewall-cmd --delete-zone testzone --perm
62 firewall-cmd --get-zones
63 firewall-cmd --new-zone testzone --perm
64 firewall-cmd --get-zones
65 cat /etc/firewalld/zones/testzone.xml
66 cat /etc/firewalld/zones/
67 ll /etc/firewalld/zones/
68 cat /etc/firewalld/firewalld.conf
69 firewall-cmd --get-services
70 firewall-cmd --list-services
71 firewall-cmd --list-services --zone internal
72 firewall-cmd --query-service tftp
73 firewall-cmd --query-service ftp

76 firewall-cmd --query-service ssh
77 firewall-cmd --new-service testservice --perm
78 ll /etc/firewalld/services/testservice.xml
79 firewall-cmd --add-service testservice testservice --zone work --perm
80 firewall-cmd --permanent --add-service testservice --zone work
81 firewall-cmd --list-services --zone work
82 firewall-cmd --list-ports
83 firewall-cmd --query-port 53/tcp --zone dmz
84 firewall-cmd --permanent --add-port 53/tcp
85 firewall-cmd --list-ports
86 firewall-cmd --query-port 53/tcp --zone dmz
87 firewall-cmd --query-port 53/tcp

Dec 15

Experiment with SSH and TCP Wrappers

The idea was :

use two servers; server1, and server2
create user: user1 in both server1 and server2
use nmtui to assign IP Addresses to both
use ifdown and ifup to check if IPs are assigned properly
change /etc/hosts and add the server ips and names
use ping to know that you can reach each other
use ssh-key gen to create key files
use ssh-copy-id to transfer public key file to remote hosts
then use ssh commands to reach to without passwords
try scp and sftp : to copy files/folder to and from

Then use TCP wrappers to allow or deny remote hosts, users, or domains

SSH:

2 useradd user1
3 passwd user1
4 ip addr
5 nmtui
6 vim /etc/hosts
7 ping server2
8 ip addr
9 nmtui
10 ifdown ens33
11 ifup ens33
12 ping 192.168.1.200
13 vim /etc/hosts
14 ping server2
15 su user1

ssh-keygen
1 ssh server2 /bin/ls -l
2 scp file1 server2:
3 touch file1
4 scp file1 server2:
5 scp server2:/usr/bin/zip .

7 sftp server2
8 su root

10 w
11 last

13 tail /var/log/secure

15 sudo tail /var/log/secure

19 getcwd

24 ssh-keygen

27 ssh-copy-id -i ~/.ssh/id_rsa.pub server2

31 vim .ssh/authorized_keys
32 ssh server2

---------------------

TCP wrappers

/etc/hosts.allow : to allow to services from whom
/etc/hosts.allow : to deny to services from whom

Install TCP Wrappers. I used rpm as I turned off internet in the VMware workstation I used

27 rpm -ivh tcp_wrappers*
28 yum info tcp_wrappers
29 ls /etc/hosts.allow
30 vim /etc/hosts.allow
30 vim /etc/hosts.allow

example rules on hosts.allow

All:All
All:user1
All:user1@server2
All:.justetc.com
sshd:LOCAL
vsftpd:192.168.1.200
All Except sshd:192.168.1.200

Dec 12

Linux: LVM : Logical Volume Manager : Multiple Hard Disk and Partition and Volume Management

On RedHat/Centos Linux - LVM experiments

Concepts to understand:

Physical Volume: Physical Hard Drive or  Partitions in Physical Hard Drive

Physical Extent:  One unit of space usually 4 MB.

Volume Group: One or multiple Physical Volumes can be assigned to a Volume Group

Logical Volume: Logical volumes are created from the volume groups. This is the volume that users interact with. You mount Logical Volume to work with a logical hard drive space (not partition though similar)

Linux Commands to Know:

pvcreate : create  a physical volume. Initialize a physical drive or partition for LVM

vgcreate: create volume group. Parameters: hard drive or partitions

lvcreate: create logical volume from volume group

lvextend: extend a logical volume

lvresize, lvreduce: to resize or to reduce logical volume

lvremove: to remove a logical volume

 

Some experiment:

I added some hard drives using VMWARE.

lsblk
pvcreate /dev/sdb /dev/sdc
vgcreate vg001 /dev/sdb /dev/sdc
lvcreate -L 500M vg001
lsblk
lvcreate -l 100 vg001
lsblk
pvs
pvdisplay
pvdisplay -v
vgcreate -s 8m /dev/sde
lsblk
vgcreate vg002 -s 8m /dev/sdd
pv
pvs
pvdisplay
lvcreate -L 1G vg002
lsblk
lvextend lv001 +100M
lvextend vg001-lvol0 +100M
lvextend /dev/sdb/vg001-lvol0 +100M
lsblk
lvrename vg01 lvol0 lvolnew
lvrename vg001 lvol0 lvolnew
lsblk
lvextend vg001 lvolnew +100M
lvreduce -L 100m /dev/vg001/lvolnew
lsblk
lvreduce -L 300m /dev/vg001/lvolnew
lvreduce -L 50m /dev/vg001/lvolnew
lvresize -L 700m /dev/vg001/lvolnew
lsblk
lvextend vg001 lvolnew +100M
lvextend /dev/vg001/lvolnew +100M
lvextend -L 100m /dev/vg001/lvolnew
lvextend +100m /dev/vg001/lvolnew
lvextend -L 200 /dev/vg001/lvolnew
lvextend -L 200m /dev/vg001/lvolnew
lvextend -l 200 /dev/vg001/lvolnew
lsblk
lvextend -l 210 /dev/vg001/lvolnew
lsblk
lvextend vg001 lvolnew +100M
history
history > history.txt

Dec 08

Configure Virtual Machine using CentOs/Redhat Virtualization Features

Yes, taken from the output of the history command

Check for Virtualization Support

lscpu | grep Virtualization
grep vmx /proc/meminfo  (should be in Redhat/CentOS installed in the actual machine - not when Linux is under VM)

 

Check info on different related packages

yum group info "virtualization hypervisor"
vim /etc/yum.repos.d/CentOS-Base.repo
yum install tree
ping yahoo.com
yum group info "virtualization hypervisor"
yum group info "virtualization client"
yum group info "virtualization tools"
yum group info "virtualization platform"

The other commands such yum install tree or ping was to make sure internet is available and yum will work. Yum was not working as I was in a Lan segment then I changed network adapter to NAT. You can ignore these commands

 

ip addr

Install all related packages from all related package groups
yum -y group install "virtualization hypervisor" "virtualization client" "virtualization platform" "virtualization tools"

You could also try yum -y install virt-manager*   : to keep things simple and when you are not using virtualization heavily

 

Bring up the GUI for Virtualization Manager

virt-manager

Now, I created a Virtual Machine under Virt-Manager. However, I used the option FTP/HTTP/NFS. So, I needed to bring the CentOS installer under a FTP server.

Configure FTP server and Bring CentOS installer files under the FTP server
systemctl status vsftpd
systemctl status ftp
yum install vsftpd
systemctl status vsftpd
systemctl start vsftpd
systemctl enable vsftpd
df -h
mkdir /mnt/dvd1
mount /dev/sr0 /mnt/dvd1/
cp -r /mnt/dvd1/Packages /var/ftp/pub/
ls /var/ftp/pub/
ll /var/ftp/pub/Packages/
ls /var/ftp/pub/Packages/
cp --help
cp -u /mnt/dvd1/Packages/* /var/ftp/pub/Packages/
cp -u /mnt/dvd1/* /var/ftp/pub/
cp -ur /mnt/dvd1/* /var/ftp/pub/

Then in the Virtual Machine creation step, provide the URL of the ftp server (i.e. with CentOS installer)

Better, try to customize the installation and provide proper values. If you just select auto detect and auto-configure - things might not work as is.

And yes, rather than using a FTP server, you could point to an iso installer of CentOS. I used that in another instance. That also works.

 

In a later article, I will give more info on FTP install.

Dec 08

Experiment with Misc. Linux (Redhat/CentOs) Commands: Permission, kill, ps, virtualization, firwall, star, environment variables, fsck

Yes, taken from the output of the history command

ll
chmod 755 /var
w
whoami
who
id

 

With Star
star cvf /tmp/etc.tar -xattr -H=exustar /etc
cd /tmp
ls -la etc.tar
star tvf etc.tar

star tvf etc.tar
star xvf etc.tar

Attributes

lsattr etc.tar
chattr +a etc.tar
lsattr etc.tar

 

Permission Related
umask
umask -S
touch testperm
ll testperm

 

Environment Variables
echo LOGNAME
echo $LOGNAME
echo $DISPLAY
echo $SHELL
echo $HISTFILE
echo $HISTSIZE
echo $MAIL
VR1=rhel1
echo $VR1
export VR1
echo $PS1
export PS1="<$LOGNAME@'hostname':\$PWD"
export PS1="<$LOGNAME@'hostname':\$PWD>"
export PS1="<$LOGNAME@$hostname:\$PWD>"
hostnamectl set-hostname test
history 11

chattr +a etc.tar

echo ~
echo ~+
echo ~

echo ~+

 

Search words in files
grep ^root /etc/passwd
grep bash$ /etc/passwd

who | nl

Linux Processes

ps -eaf
ps -eaf | more
top
pidof crond
pidof httpd
pgrep crond
ps -U root
ps -G qemu
ps -efl

 

Priority of Processes

nice
nice top
nice -2 top
ps -el | grep top
top&
ps -el | grep top
q

 

Process in the background and foreground
fg
fg top
bg
top
renice 5 3377

Terminate Processes

top
kill -l
pkill crond
pkill httpd
kill 'pidof ftpd'
kill 'pidof vsftpd'
kill "pidof vsftpd"
pidof vsftpd

service start httpd
service restart httpd
systemctl start httpd
kill "pidof httpd"
kill 'pidof httpd'

man at
at -f ~/script1.sh now + 2 hours
yum list installed at
vi /etc/cron.allow
su root

 

Misc. Filesystems
tune2fs -l /dev/sda
tune2fs -l /dev/sda1
tune2fs -l /mnt/iso-installer
fsck
e2fsck
e2fsck /dev/sda1
e2fsck /dev/sda
e2fsck /dev/sda2
e2fsck /mnt/iso-installer
e2fsck /dev/sr0

facl : File System ACL experiment. Also, permission related

mkdir facltest
getfacl facltest
setfacl -m d:0:r facltest
getfacl facltest
setfacl -m d:o:r facltest
getfacl facltest
vi /etc/fstab
ll facltest
ll /usr/bin/su
find / - perm 4000
ls /usr/bin/wall
ls -l /usr/bin/wall
groupadd -g 9999 sdatagrp
usermod -G sdatagrp jerry
mkdir /sdata
chown root:sdatagrp /sdata -v
chmod g+s /sdata -v
ll -d /sdata
su jerry
mount /dev/sr0 /mnt/iso-installer

Experiment with rpm command
rmp -qip /mnt/iso-installer/Packages/zsh*
rpm -qip /mnt/iso-installer/Packages/zsh*
rpm -qf /etc/passwd
rpm -qR sox
rpm -qf /etc/passwd
rpm -q gpg-pubkey
rpm -Vf /etc/sysconfig/atd

Yum command Experiment

yum list install
yum list installed
yum check-update
yum history list
yum -y install gnome-packagekit

Virtualization Related

virsh
virt-install
history -l 20
history
hostnamectl set-hostname hostx.example.com

yum –y group install “virtualization hypervisor“ “virtualization client“ “virtualization platform“ “virtualization

Firewall Related

firewall-cmd --add-service=vsftpd --perm
firewall-cmd --add-service=ftp --perm
systemctl reload firewalld
systemctl start firewalld
systemctl enable firewalld
vi /etc/yum.repos.d/local.repo
yum repolist
yum install tree
ps
top
ps aux | grep yum
kill -s 9 5841
kill -s 9 6689
kill -s 9 6693
kill -s 9 6880
ps aux | grep yum
kill -s 9 6898
yum clean cache
yum repolist enabled
yum repolist all
ps aux | grep yum
kill -s 9 6915
ps aux | grep yum
pkill -9 yum
ps aux | grep yum
yum repolist
cat /etc/yum.repos.d/local.repo
yum intall tree
ps -ef | grep yum
pkill -9 yum
ps -ef | grep yum
yum repolist
ps -ef | grep yum
pkill -9 yum
/var/run/
init 3
yum repolist
yum install virt-manager*
df -h
rm -rf repodata
createrepo .
yum install virt-manager-*
systemctl start virt-manager

Install GUI virtualization Manager Tool in CentOS
yum install virt-manager*

========================Virtualization in CentOs/Redhat==============
Check if your workstation can support virtualization
lscpu | grep Virtualization
we are looking for VT-x
lscpu
we need to change bios to support vt-x. Bios probably under security
for VMWARE/Virtualbox, there is a configuration for that.

lscpu | grep Virtualization
VT-x for intel
AMD-V/RVI for amd pcs
anyway
/proc/meminfo
cat /proc/meminfo
cat /proc/meminfo | grep vmx
grep vmx /proc/meminfo
will work when you are in actual pc. I am on VMWARE
yum group info "virtualization hypervisor"

Dec 08

Redhat/CentOS, Selinux: Linux Security: and related

From my history (i.e. taken from output of history command)

Check if internet connection is there otherwise yum might not work as yum goes to the internet to find packages (unless you are using local yum servers)

ping yahoo.com
nslookup

yum install selinux : will not work as it is

you can try yum install selinux*, or yum -y install selinux*

-y is to say yes to all prompt during installation

you can install individual modules of selinux as well like policy, core

yum install selinux-policy

 

Install some services that will help to experiment with selinux
service httpd status
yum install httpd
service httpd start
service httpd vsftpd
yum install vsftpd
service start vsftpd
service vsftpd start
service httpd start

 

Query selinux command

rpm -qa | grep selinux

output for me:

[root@yumserver ~]# rpm -qa | grep selinux
selinux-policy-targeted-3.13.1-166.el7_4.5.noarch
libselinux-utils-2.5-11.el7.x86_64
selinux-policy-3.13.1-166.el7_4.5.noarch
libselinux-2.5-11.el7.x86_64
libselinux-python-2.5-11.el7.x86_64

 

Install selinux by modules
yum install policycoreutils policycoreutils-python selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

getenforce
sestatus
vim /etc/sysconfig/selinux
reboot

Check if any error message from selinux
cat /var/log/messages | grep Selinux
cat /var/log/messages | grep "Selinux"
getenforce
sestatus
setenforce permissive
semodule -l
semodule -l | less
ls -l /etc/selinux/targeted/modules/active/modules/
ls -l /etc/selinux/targeted/policy/

Selinux Booleans

semanage boolean -l
semanage boolean -l | less
getsebool ftpd_anon_write
setsebool ftpd_anon_write on
nano .bash_history
setsebool ftpd_anon_write ooff

 

Misc Permission Commands

ll -d /sdata
chmod g+w /sdata
ll - d /sdata
ll -d /sdata
su jerry; cd /sdata/
su jerry
vi /etc/cron.allow
su jerry
chmod 1755 /var -v
chmod u-t /var
ll
chmod o-t /var

Dec 08

Misc Linux (Redhat/CentOS) Commands. User Group Password star wc w who id group

Create user and assign to a group

useradd joseph

usermod jerry -G wheels

usermod --help

 

Check users and Groups listed in related files

cat /etc/passwd
cat /etc/group

Try to install star - standard tar (supports extended attributes for Selinux as well)
yum install star
star

yum is not there. so use rpm to install star

mkdir /mnt
mkdir /mnt/iso-installer
mount /dev/sr0 /mnt/iso-installer/
cd /mnt/iso-installer/
cd Packages/

ls -la

You need to install the depenencies for star before 
rpm -ivh star-1.5.2-13.el7.x86_64.rpm
rpm -ivh star-1.5.2-13.el7.x86_64.rpm
rpm -ivh spax-1.5.2-13.el7.x86_64.rpm
rpm -ivh star-1.5.2-13.el7.x86_64.rpm
man star

tar --help

 

Misc Commands
who
last

 

Word and Line Count for a file
wc
wc /etc/hosts
wc -l /etc/hosts
w

Check the id and group for the current user

id

groups

Dec 07

On Creating a Yum Server on Redhat/CentOS Linux

Mount Installer ISO

mkdir /mnt/dvd1

mount /dev/sr0 /mnt/dvd1

Check if FTP server is installed

systemctl status vsftpd

systemctl start vsftpd

Install ftp Server. Using rpm as yum is not available yet [default yum needs the internet, kindof]

cd /mnt/dvd1/Packages/

rpm -ivh vsftpd-3.0.2-22.el7.x86_64.rpm

systemctl start vsftpd

systemctl enable vsftpd

Copy rpm installer packages to the FTP server under Packages folder

cp -rv /mnt/dvd1/Packages /var/ftp/pub/

Also, copy the key file for Yum. Key file is to verify the integrity of the packages

cp -rv /mnt/dvd1/RPM-GPG-KEY-CentOS-7 /var/ftp/pub/

mv /var/ftp/pub/RPM-GPG-KEY-CentOS-7 /var/ftp/pub/key

Install Createrepo using rpm -ivh; create repo will help to create package rep database based on the packages on the FTP server

rpm -ivh createrepo-0.9.9-28.el7.noarch.rpm

Create the repp config file on yum server

cd /etc/yum.repos.d/

mkdir old

mv *.repo old/

vim ftp.repo

ftp.repo  file content

 

[ftp]

name=ftp

baseurl=ftp://yumserver/pub/Packages

enabled=1

gpgcheck=1

one line for pointing to the GPG key file - if you want to configure for key based verification

 

Allow ftp over firewall

firewall-cmd --add-service=ftp --perm

systemctl reload firewalld
systemctl restart firewalld

Again Checking if yum works locally on the server

yum repolist all
yum repolist
yum repolist enabled
yum -y install tree
yum clean
yum clean cache
yum -y install tree
yum repolist enabled
yum repolist

Create Installer Repository Data

cd /var/ftp/pub/Packages/

createrepo .

Configure name for the server

hostnamectl set-hostname yumserver

vim /etc/hosts

192.168.1.100 yumserver

192.168.1.200 yumclient

ip addr

ip addr ens33

use nmtui command or ifconfig to set the IP of the server [when required]

you might want to restart the interface

ifdown ens33; ifup ens33

ping yumserver

ping yumclient

before pinging you might want to see if the ping package is installed and if it is blocked or not

Check if yum server works or not

yum install tree

yum -y install lynx


Configure a Client to use your FTP based yum server

Copy the ftp.repo

scp /etc/yum.repos.d/ftp.repo root@yumclient:/etc/yum.repos.d/

For Windows:

tscp /etc/yum.repos.d/ftp.repo root@yumclient:/etc/yum.repos.d/

Check if the client can access your yum server

yum install tree

yum -y install lynx

Dec 06

Some Educational Android Apps on Software/Web Development

Some are in Bengali

Project Management

https://play.google.com/store/apps/details?id=com.sitestree.pmp

On CSS

https://play.google.com/store/apps/details?id=com.sitestree.css

On JavaScript

https://play.google.com/store/apps/details?id=com.sitestree.javascript

 

On PHP

https://play.google.com/store/apps/details?id=com.sitestree.php

 

On SEO course

https://play.google.com/store/apps/details?id=com.sitestree.seo

 

SQL Course

https://play.google.com/store/apps/details?id=com.sitestree.sql

 

Oral Communications

https://play.google.com/store/apps/details?id=com.justetc.oral_communications.workplace

 

AngularJS

https://play.google.com/store/apps/details?id=com.salearningschool.bangla.angularjs1

 

HTML

https://play.google.com/store/apps/details?id=com.salearningschool.bangla.html

 

 

 

 

 

Dec 04

Create your own yum repo in Centos/Redhat

Yum is a software installation manager for Redhat Linux and Related.

yum is a better tool than rpm.

Here, we will take the rpm packages as come with Redhat/Centos and then we will host those packages on our own Repo Server for yum. i.e. yum will use this Repo to find installers rather than going to the Internet.

Installing Yum Manager

First we have to install and configure ftp.

[if vsftpd is not already installed, use rpm -ivh vsftpd, you need to mount installer dvd and run rpm under Packages folder - or similar]

Check the status of vsftpd
systemctl status vsftpd
systemctl start vsftpd
systemctl enable vsftpd
cd /var/ftp/pub/
pwd
ls -la
df -h (see disks and default mounts)
mount /dev/sr0 /mnt/iso-installer
(mount DVD where the iso of the installer is kept. I was using VMWare Workstation Pro)

Copy installer rpms from .iso to our ftp server
cd /mnt/iso-installer/
ls -la
cd Packages/
cp -v * /var/ftp/pub/
pwd
ls -la

Create the Repo database
We have to create a database based on all these rpm files. This repo database will be queried by yum to find packages and dependencies to install.

rpm -ivh createrepo-0.9.9-26.el7.noarch.rpm (create repo is not installed by default)

createrepo .

Now configure local PC [workstation with our Yum Repo/server under ftp]. We need a file local.repo to point to our yum repo server

ls /etc/yum.repos.d/
cd /etc/yum.repos.d/
pwd
ls -la

[move existing repo files to old directory]
mkdir old
mv *.repo old/

ls -la
touch local.repo

 

[need to configure local.repo]
Try to check any of the existing .repo file and create based on that. A basic config might look like this

[local]
name=local.repo
baseurl=ftp://localhost/pub

If you want to put hostname for your ftp server

vim /etc/hosts
systemctl start vsftpd
systemctl restart vsftpd
ping localhost
ping yumserver
vi /etc/yum.repos.d/local.repo
hostnamectl set-hostname yumserver
cat /etc/hosts
hostnamectl set-hostname yumserver

You might need to run, if you see yum does not work
yum clean
yum clean cache

cd /etc/yum.repos.d/
cat old/CentOS-Base.repo
vim local.repo

Let FTP work through Firewall
firewall-cmd --add-service=vsftpd --perm
firewall-cmd --add-service=ftp --perm
systemctl reload firewalld
systemctl start firewalld
systemctl enable firewalld
vi /etc/yum.repos.d/local.repo

Check if your yum server is working or not

yum repolist
yum install tree

yum repolist enabled
yum repolist all

Dec 04

Miscellaneous CentOS/RedHat/Fedora Commands. Yum Repo, Firewall, User Permissions, Virtualization Manager

Misc Linux Commands from .bash_history file

Add a user and assign to a group

useradd joseph
usermod jerry -G wheels
usermod jerry -G wheel
usermod --help

 

Check the created user in the file where some user info are kept
cat /etc/passwd
cat /etc/groups
cat /etc/group
exit

 

Try to install star: Standard tar
yum install star

if yum not installed or internet connection is not there, yum will not work

 

Mount CD/DVD with Centos Isoo
mkdir /mnt
mount /dev/sr0 /mnt/iso-installer/
cd /mnt/iso-installer/
ls
cd Packages/  [centos/redhat packages]
ls -la

 

Yum is not there, so use rpm command to install. You might need to install dependencies for star
rpm -ivh star-1.5.2-13.el7.x86_64.rpm
yum install star
ping yahoo.com
rpm -ivh star-1.5.2-13.el7.x86_64.rpm
rpm -ivh spax-1.5.2-13.el7.x86_64.rpm
rpm -ivh star-1.5.2-13.el7.x86_64.rpm

Simple Linux Commands

who
last

id

groups

Word/Line count in a File
wc
wc /etc/hosts
wc -l /etc/hosts
w

Trying to install Selinux:  This is a security thing

some related random commands. the actual install command is after this section.

yum install selinux
ping yahoo.com
nslookup
yum install selinux
yum install selinux-policy
yum install httpd
yum install vsftpd
service start vsftpd
service vsftpd start
service httpd start
rpm -qa | grep selinux

You could use rpm to install selinux as well. However, yum is a better tool for installation

 

Selinux Actual Install
yum install policycoreutils policycoreutils-python selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

getenforce
sestatus
vim /etc/sysconfig/selinux  [check Selinux enforce policies]
reboot
yum install selinux
yum install selinux-policy
service httpd status
yum install httpd
service httpd start
service httpd vsftpd

Ftp Server Install

yum install vsftpd
service start vsftpd
service vsftpd start
service httpd start
rpm -qa | grep selinux
yum install policycoreutils policycoreutils-python selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
getenforce
sestatus
vim /etc/sysconfig/selinux
reboot
cat /var/log/messages | grep Selinux
cat /var/log/messages | grep "Selinux"
getenforce
sestatus
setenforce permissive
semodule -l
semodule -l | less
ls -l /etc/selinux/targeted/modules/active/modules/
ls -l /etc/selinux/targeted/policy/
semanage boolean -l
semanage boolean -l | less
getsebool ftpd_anon_write
setsebool ftpd_anon_write on
nano .bash_history
setsebool ftpd_anon_write ooff
exit
nano .bash_history
exit
cat .bash_history
getenforce
sestatus
cat .bash_history
getenforce
sestatus
ll -d /sdata
chmod g+w /sdata
ll - d /sdata
ll -d /sdata
su jerry; cd /sdata/
su jerry
vi /etc/cron.allow
su jerry
chmod 1755 /var -v
chmod u-t /var
ll
chmod o-t /var
ll
chmod 755 /var
ll
w
whoami
who
id
star cvf /tmp/etc.tar -xattr -H=exustar /etc
ls -la *.tar
cd /tmp
ls -la
ls -la etc.tar
star tvf etc.tar
ls
ll
ls /etc/
cd /etc/
pwd
cd /tmp/etc
pwd
cd /tmp/
star tvf etc.tar
star xvf etc.tar
cd etc/
pwd
cd /tmp/
lsattr etc.tar
chattr +a etc.tar
lsattr etc.tar
umask
umask -S
touch testperm
ll testperm
echo LOGNAME
echo $LOGNAME
echo $DISPLAY
echo $SHELL
echo $HISTFILE
echo $HISTSIZE
echo $MAIL
VR1=rhel1
echo $VR1
export VR1
echo $PS1
export PS1="<$LOGNAME@'hostname':\$PWD"
export PS1="<$LOGNAME@'hostname':\$PWD>"
export PS1="<$LOGNAME@$hostname:\$PWD>"
hostnamectl set-name=test
hostnamectl sethostname=test
hostnamectl set-hostname=test
hostnamectl hostname=test
hostnamectl test
history 11
history yum install star
chattr +a etc.tar
history chattr +a etc.tar
echo ~
echo ~+
echo ~
echo ~+
grep ^root /etc/passwd
grep bash$ /etc/passwd
who | nl
ps -eaf
ps -eaf | more
top
pidof crond
pidof httpd
pgrep crond
ps -U root
ps -G qemu
ps -efl
nice
nice top
nice -2 top
ps -el | grep top
top&
ps -el | grep top
q
fg
fg top
bg
top
renice 5 3377
top
kill -l
pkill crond
pkill httpd
kill 'pidof ftpd'
kill 'pidof vsftpd'
kill "pidof vsftpd"
pidof vsftpd
service start httpd
service restart httpd
systemctl start httpd
kill "pidof httpd"
kill 'pidof httpd'
man at
at -f ~/script1.sh now + 2 hours
yum list installed at
vi /etc/cron.allow
su root
tune2fs -l /dev/sda
tune2fs -l /dev/sda1
tune2fs -l /mnt/iso-installer
fsck
e2fsck
e2fsck /dev/sda1
e2fsck /dev/sda
e2fsck /dev/sda2
e2fsck /mnt/iso-installer
e2fsck /dev/sr0

 

Facl - File level ACL
mkdir facltest
getfacl facltest
setfacl -m d:0:r facltest
getfacl facltest
setfacl -m d:o:r facltest
getfacl facltest
vi /etc/fstab
ll facltest
ll /usr/bin/su
find / - perm 4000
ls /usr/bin/wall
ls -l /usr/bin/wall

 

 

Group and Change Group, Change Owner
groupadd -g 9999 sdatagrp
usermod -G sdatagrp jerry
mkdir /sdata
chown root:sdatagrp /sdata -v
chmod g+s /sdata -v
ll -d /sdata
su jerry
mount /dev/sr0 /mnt/iso-installer
rpm -qip /mnt/iso-installer/Packages/zsh*
rpm -qf /etc/passwd
rpm -qR sox
rpm -qf /etc/passwd
rpm -q gpg-pubkey
rpm -Vf /etc/sysconfig/atd

 

Misc yum commands
yum list install
yum list installed
yum check-update
yum history list
yum -y install gnome-packagekit

 

Misc Commands
virsh
virt-install
history -l 20
history
hostnamectl set-hostname hostx.example.com
exit
yum –y group install “virtualization hypervisor“ “virtualization client“ “virtualization platform“ “virtualization tools“
exit
ip addr

Installing Yum Manager
systemctl status vsftpd
systemctl start vsftpd
systemctl enable vsftpd
cd /var/ftp/pub/
pwd
ls -la
df -h (see disks and default mounts)
mount /dev/sr0 /mnt/iso-installer

 

Copy installer rpms from .iso to ftp server
cd /mnt/iso-installer/
ls -la
cd Packages/
cp -v * /var/ftp/pub/
pwd
ls -la
rpm -ivh createrepo-0.9.9-26.el7.noarch.rpm
ls /etc/yum.repos.d/
cd /etc/yum.repos.d/
pwd
ls -la
mkdir old
mv *.repo old/
ls -la
touch local.repo

 

[need to configure local.repo]

cd /mnt/iso-installer/
cd Packages/
ls -la
rpm --?
rpm --help
createrepo  [create repositories out of the installer packages]
pwd
createrepo .
cd /var/ftp/pub/
ls -la
createrepo .
createrepo
man createrepo
createrepo --help
createrepo *
createrepo repo
mkdir repo
createrepo repo

 

If you want to put hostname for your ftp server

vim /etc/hosts
systemctl start vsftpd
systemctl restart vsftpd
ping localhost
ping yumserver
vi /etc/yum.repos.d/local.repo
hostnamectl set-hostname yumserver
cat /etc/hosts
hostnamectl set-hostname yumserver
ls -la
rm -rf repo
rm -rf repodata
createrepo .
yum clean
cd /etc/yum.repos.d/
ls
cat old/CentOS-Base.repo
vim local.repo

 

Let FTP work through Firewall
firewall-cmd --add-service=vsftpd --perm
firewall-cmd --add-service=ftp --perm
systemctl reload firewalld
systemctl start firewalld
systemctl enable firewalld
vi /etc/yum.repos.d/local.repo

Check if your yum server is working or not

yum repolist
yum install tree

The rest is about debugging why yum was not working. Restarting the Virtual Machine made it work.

However,  /var/run/yum.pid might be related

Other solutions might involve systemctl and packagekit [i.e. when yum is not working]

ps
top
ps aux | grep yum
yum clean cache
yum repolist enabled
yum repolist all
pkill yum
pkill -9 yum
yum repolist
cat /etc/yum.repos.d/local.repo
yum intall tree
ps -ef
ps -ef | grep yum
pkill 9 yum
pkill -9 yum
ps -ef | grep yum
yum repolist
ps -ef | grep yum
pkill -9 yum
cd /var/run/
ls
ll
init 3
init 6
yum repolist

 

Install Graphical Virtualization Manager inside Centos/RedHat/Fedora

yum install virt-manager
systemctl start virt-manager

Dec 01

(No title)

Ticker

$ Current
Price

$ Change
% Change
Morningstar
Rating For
Stocks
46.93
-0.95
-1.98
---
---
42.08
-0.82
-1.91
---
---
27.44
-0.63
-2.24
---
---
30.68
-0.58
-1.86
---
---
25.98
-0.50
-1.89
---
---
32.56
-0.08
-0.25
---
---
25.48
-0.07
-0.27
---
---
14.34
-0.06
-0.42
---
---
34.19
-0.04
-0.10
---
---
27.55
-0.03
-0.11
---
---
21.30
-0.01
-0.05
---
---
23.86
-0.01
-0.04
---
---
25.41
-0.01
-0.04
---
---
20.67
0.03
0.15
---
---
16.54
0.04
0.24
---
---
24.34
0.14
0.58
---
---
-3.58
-0.81

Nov 30

Selinux and Security in Linux

Find out the Selinux packages available

rpm -qa | grep selinux

The output:
libselinux-utils-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64
selinux-policy-targeted-3.12.1-153.el7.noarch
selinux-policy-3.12.1-153.el7.noarch
libselinux-python-2.2.2-6.el7.x86_64

Install Selinux

yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

 

 

SELinux Modes

  • Enforcing
  • Permissive
  • Disabled

 

Check Modes:

getenforce
sestatus (some more details)

Related Files:
cat /etc/selinux/config
cat /var/log/messages | grep "SELinux is preventing"
cat /var/log/messages | grep "SELinux"
cat /var/log/messages | grep "SELinux"

Change Modes:

sestatus
setenforce permissive
setenforce enforcing

Check Selinux Modules
semodule -l | less
ls -l /etc/selinux/targeted/modules/active/modules/
ls -l /etc/selinux/targeted/policy/

Change SeLinux Policy
semanage boolean -l | less
setsebool ftpd_anon_write on

Nov 22

IT Infrastructure Monitoring

Tools:

  • Nagios
    • Core
    • XI
    • Log Server
    • https://www.nagios.org/

VEEAM

  • https://www.veeam.com

Vmotion:

"VMware VMotion enables the live migration of running virtual machines from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity. It is transparent to users."

What is VMotion? | Mosaic Technology

www.mosaictec.com/tessera/what-is-vmotion.htm

Nov 22

Virtualization Products…and Concepts

Top 10 Virtualization Companies:
  • VMware. VMware. ...
  • Microsoft. Microsoft. ...
  • Citrix. ...
  • Red Hat. ...
  • Oracle. ...
  • Amazon. ...
  • Google.
  • Parallels / Odin
  • Huawei
  • VERDE VDI
Reference:

https://www.serverwatch.com/server-trends/slideshows/top-10-virtualization-technology-companies-for-2016.html

 

VMware

-Vmware Workstation Player

-Vmware Workstation Pro

-Vmware Fusion for MacOS

-Go here and select products: https://www.vmware.com/

"

What is meant by VMware vSphere?
VMware vSphere includes the VMware ESX / ESXi hypervisor, a type 1 hypervisor that functions as the virtualization server; the VMware vCenter Server, which manages vSphere environments; the VMware vSphere Client, which is used to install and manage virtual machines through the hypervisor; and VMware VMFS, the file ...

What Is VMware vSphere? Webopedia Definition

https://www.webopedia.com/TERM/V/vmware-vsphere.html

"

VMware ESXi is a free hypervisorfrom VMware. You can use just ESXi hypervisor without purchasing vCenter.May 9, 2017

Using Free Version of VMware ESXi and back it up - Iperius

www.iperiusbackup.net/en/using-free-version-of-vmware-esxi/
What is SCCM and what does it do?
Microsoft System Center Configuration Manager 2012 (SCCM 2012) is a Windows product that enables administrators to manage the deployment and security of devices and applications across an enterprise.

What is Microsoft System Center Configuration Manager 2012 ...

searchwindowsserver.techtarget.com/.../Microsoft-System-Center-Configuration-Manage...
WDS:
Windows Deployment Services is a server technology from Microsoft for network-based installation of Windows operating systems. It is the successor to Remote Installation Services.

Windows Deployment Services - Wikipedia

https://en.wikipedia.org/wiki/Windows_Deployment_Services
Citrix Products
https://www.citrix.com/products/

Oracle Server Virtualization Products

 

Oracle Desktop Virtualization Products

 

 

 

 

Nov 22

Linux vs Unix

Posix: "a set of formal descriptions that provide a standard for the design of operating systems, especially ones that are compatible with Unix.". Considering POSIX, Linux can be thought as Unix. Though Unix is copyrighted.

Topic
Unix Linux
Is Complete Operating System?
Yes,  everything comes from a single vendor Linux is kinda Kernel only then All Linux distributions includes GUI system + GNU utilities + installation & management tools + GNU c/c++ Compilers + Editors (vi) + and various applications (such as OpenOffice, Firefox)
License and cost
Costs money Free
User-Friendly
Yes Yes
Security Firewall Software?
Own firewall though you can use 3rd party firewall Comes with open source netfilter/iptables based firewall tool
Backup and Recovery Software
Yes. Common in both:  tar, dump/restore, and cpio Yes. Common in both  tar, dump/restore, and cpio
File Systems
ext3, ext4  jfs, gpfs (AIX), jfs, gpfs (HP-UX), jfs, gpfs (Solaris)
System Administration Tools
own tools such as SAM on HP-UX. Suse: Yast

Red Hat: redhat-config-*

System Startup Scripts
  1. HP-UX – /sbin/init.d
  2. /etc/rc.d/init.d
/etc/init.d
End User Perspective
Not much difference. They will use the same shell (e.g. bash or ksh) and other development tools such as Perl or Eclipse development tool.
System Administrator Perspective
 Will have differences in the following areas:

  1. Software installation procedure
  2. Hardware device names
  3. Various admin commands or utilities
  4. Software RAID devices and mirroring
  5. Logical volume management
  6. Package management
  7. Patch management

 

 

UNIX Operating System Names
 

  1. HP-UX
  2. IBM AIX
  3. Sun Solairs
  4. Mac OS X
  5. IRIX
 

A few popular names:

  1. Redhat Enterprise Linux
  2. Fedora Linux
  3. Debian Linux
  4. Suse Enterprise Linux
  5. Ubuntu Linux

 

Common Things Between Linux & UNIX
 

Both share many common applications such as:

  1. GUI, file, and windows managers (KDE, Gnome)
  2. Shells (ksh, csh, bash)
  3. Various office applications such as OpenOffice.org
  4. Development tools (perl, php, python, GNU c/c++ compilers)
  5. Posix interface

 

 

UNIX and Linux Hardware
 

UNIX hardware might have advanced initial boot options such as:

  • Decide how to boot
  • Check system health
  • Set hardware parameters etc

Reference: https://www.cyberciti.biz/faq/what-is-the-difference-between-linux-and-unix/

Skip to toolbar