Posts Tagged Linux
Martian Friend
Posted by Lincoln Zuljewic Silva in Linux on September 15th, 2009
You may find some weird messages indications in your syslog telling you something like “martian source” like the followings:
When a host needs send a package to another host, it can define the route on the network or use the default route. Those “source routed packages” are identified in Linux as martian packages. You can configure your Linux log/do not log those packages:
| echo 0 > /proc/sys/net/ipv4/conf/*/log_martians #do not log |
Resizing lvol in Red Hat AS 4
Posted by Lincoln Zuljewic Silva in Linux on August 18th, 2009
As incredible as it seems, RHAS4 doesn’t came with the resize2fs command (just like the others RH distributions). After some research, I found the tool that replace the resize2fs command and it’s the ext2online, for example:
| ext2online /dev/mapper/VG00-vl02 |
Using vi as crontab editor
Posted by Lincoln Zuljewic Silva in Linux on April 22nd, 2009
Hi!
The default Debian installation use a non-vi editor when you try to use crontab (ie: “crontab -e”).
To change it to vi, you should do the following:
|
rm -f /etc/alternatives/editor |
Locking a Linux account
Posted by Lincoln Zuljewic Silva in Linux on April 9th, 2009
Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.
To lock, you can use the follow command:
|
passwd -l username (where username is the login id). |
After that, if someone try to loginusing this account, the system will return:
|
[root@server root]# su – foobar |
Stop/Start a Guest OS in Vmware Server 2.0
Posted by Lincoln Zuljewic Silva in Linux on April 8th, 2009
The VMWare 2.0 has a command named “vmrun” that can control the state of the VMs. The syntax is:
|
vmrun [AUTHENTICATION-FLAGS] COMMAND [PARAMETERS] |
To list all started VM:
|
[root@host ~]# vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD list |
To stop a VM:
|
vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD stop “[standard] Apolo/Apolo.vmx” |
To start a VM:
|
vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD start “[standard] Apolo/Apolo.vmx” |
Adding new users to Xmail SMTP server
Posted by Lincoln Zuljewic Silva in E-Mail server on April 7th, 2009
Adding new users to Xmail SMTP server
There are three different ways to add an user on XMail:
- Using “telnet localhost 6017”
- Using XMailAdmin (a Windows client)
- Using phpxmail (a php script that run in the browser – need apache and PHP in some server that can access the XMail server).
The most important thing is configure a user/passwd as XMail administrator:
- /var/MailRoot/bin/XMCrypt SOME_PASSWORD
- Edit the /var/MailRoot/ctrlaccounts.tab and add the following line:
- “USERNAME”<TAB>”string returned from XMCrypt command”
Note: SOME_PASSWORD is the desired password for the administrator user, USERNAME is the desired user and <TAB> means a TAB.
Assuming that you have apache, php and phpxmail installed, access it thru http://YOUR_SERVER/phpxmail/ and fill the following data:
- Server hostname: XMail server hostname
- Server ip address: XMail server IP address
- Server port: XMail CTRL service port (usually 6017)
- CTRL account: the user created above
- CTRL password: the password defined above
Once you are now able to login on that XMail CTRL console, go to “server domains”, click on the domain you wish to add the user and “new user”.
Cheers!
Installing OpenSSH from source on SuSe 10
Posted by Lincoln Zuljewic Silva in Linux on April 7th, 2009
Installing OpenSSH 5.2 on a SUSE Linux Enterprise Server 10
The current version of my SuSe is:
| cat /etc/SuSE-release SUSE Linux Enterprise Server 10 (i586) VERSION = 10 PATCHLEVEL = 1 |
1 – Download OpenSSH:
| cd /usr/src wget http://anga.funkfeuer.at/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz |
2 – Unpack it:
| tar zxvf openssh-5.2p1.tar.gz |
3 – Check if you have the necessary packages:
| automake-1.9.6-2.i586.rpm cpp-4.0.2_20050901-3.i586.rpm gcc-4.0.2_20050901-3.i586.rpm gcc-c++-4.0.2_20050901-3.i586.rpm glibc-2.3.5-40.i586.rpm glibc-devel-2.3.5-40.i586.rpm libselinux-1.23.11-3.i586.rpm libstdc++-4.0.2_20050901-3.i586.rpm libstdc++-devel-4.0.2_20050901-3.i586.rpm openssl-devel-0.9.8a-18.15.i586.rpm pam-devel-0.99.6.3-28.8.i586.rpm pam_ssh-1.91-19.2.i586.rpm sudo-1.6.8p9-2.i586.rpm tcpd-devel-7.6-731.2.i586.rpm zlib-devel-1.2.3-3.i586.rpm
|
You can check it by typing:
| rpm -qa (example: “rpm -qa |grep openssl-devel“) |
4 – If there are some packeage missing, I advice you search it in www.filewatcher.com and install using:
| rpm -ivh (example: “rpm -ivh tcpd-devel-7.6-731.2.i586.rpm“) |
5 – Run configure:
| cd /usr/src/openssh-5.2p1 ./configure –prefix=/opt/ssh2 –with-libs=-ldl –disable-suid-ssh –with-privsep-user=sshd -with-tcp-wrappers –with-pam |
After some time, you should see something like this:
| OpenSSH has been configured with the following options: User binaries: /opt/ssh2/bin System binaries: /opt/ssh2/sbin Configuration files: /opt/ssh2/etc Askpass program: /opt/ssh2/libexec/ssh-askpass Manual pages: /opt/ssh2/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh2/bin Manpage format: doc PAM support: yes OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no libedit support: no Solaris process contract support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu PAM is enabled. You may need to install a PAM control file |
6 – Install contrib scripts. Check into /usr/src/openssh-5.2p1/contrib some files that we can use to setup our server:
| cp sshd.pam.generic /etc/pam.d/sshd cp rc.sshd /etc/init.d/sshd cp sysconfig.ssh /etc/sysconfig/ssh cp rc.config.sshd /etc/rc.d/sshd chmod 755 /etc/init.d/sshd /etc/rc.d/sshd ln -s /etc/init.d/sshd /etc/rc.d/rc3.d/S20-sshd |
7 – Configure some parameters. Edit the main SSHD configuration file
| vi /opt/ssh2/etc/sshd_config Ensure that some lines are uncommented: Line 21: Protocol 2 -> Enable just the protocol version 2 (more secure) Line 41: PermitRootLogin no -> Do not enable root login Line 46: RSAAuthentication yes -> enable authentication thru auth-keys Line 47: PubkeyAuthentication yes -> enable authentication thru auth-keys Line 48: AuthorizedKeysFile .ssh/authorized_keys -> enable authentication thru auth-keys (keys location – user’s home) Line 86: UsePAM yes -> enable PAM authentication Line 113: Subsystem sftp /opt/ssh2/libexec/sftp-server -> enable the sftp subsystem (for secure file transfer – NOT SCP) |
8 – Start the server:
| /etc/init.d/sshd start |
9 – Place a login test
10 – Check in your /var/log/message. If you see the following message:
| Apr 7 10:02:48 localhost sshd[8388]: pam_unix(sshd:setcred): Unknown option: `shadow’ Apr 7 10:02:48 localhost sshd[8388]: pam_unix(sshd:setcred): Unknown option: `nodelay’ Apr 7 10:02:48 localhost sshd[8390]: pam_unix(sshd:setcred): Unknown option: `shadow’ Apr 7 10:02:48 localhost sshd[8390]: pam_unix(sshd:setcred): Unknown option: `nodelay’ |
Edit your /etc/pam.d/sshd and change the following lines:
| auth required /lib/security/pam_unix.so shadow nodelay |
to
| auth required /lib/security/pam_unix.so |
and
| password required /lib/security/pam_unix.so shadow nullok use_authtok password required /lib/security/pam_unix.so use_authtok |
Thats it!
