Posts Tagged Linux
Updating partition table in Linux
Posted by Lincoln Zuljewic Silva in Linux on March 15, 2010
When you use the "fdisk" to handle the partitions of a disk, depending on the disc, the "fdisk" will bring the following message:
WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
No, you do not have to restart the server for the changes are applied, simply use the following command (example):
kpartx -a /dev/sda
This will re-read the partition table on /dev/sda and create the mapping of the system partitions (/dev/sda1, /dev/sda2, etc).
Martian Friend
Posted by Lincoln Zuljewic Silva in Linux on September 15, 2009
You may find some weird messages indications in your syslog telling you something like “martian source” like the followings:
When a host needs send a package to another host, it can define the route on the network or use the default route. Those “source routed packages” are identified in Linux as martian packages. You can configure your Linux log/do not log those packages:
# echo 0 > /proc/sys/net/ipv4/conf/*/log_martians #do not log
Resizing lvol in Red Hat AS 4
Posted by Lincoln Zuljewic Silva in Linux on August 18, 2009
As incredible as it seems, RHAS4 doesn't came with the resize2fs command (just like the others RH distributions). After some research, I found the tool that replace the resize2fs command and it's the ext2online, for example:
# ext2online /dev/mapper/VG00-vl02
Using vi as crontab editor
Posted by Lincoln Zuljewic Silva in Linux on April 22, 2009
The default Debian installation use a non-vi editor when you try to use crontab (ie: “crontab -e”).
To change it to vi, you should do the following:
# rm -f /etc/alternatives/editor ln -s /usr/bin/vi /etc/alternatives/editor
Locking a Linux account
Posted by Lincoln Zuljewic Silva in Linux on April 9, 2009
Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.
To lock, you can use the follow command:
# passwd -l username (where username is the login id).
After that, if someone try to loginusing this account, the system will return:
# su - foobar
This account is currently not available.
Stop/Start a Guest OS in Vmware Server 2.0
Posted by Lincoln Zuljewic Silva in Linux on April 8, 2009
The VMWare 2.0 has a command named “vmrun” that can control the state of the VMs. The syntax is:
vmrun [AUTHENTICATION-FLAGS] COMMAND [PARAMETERS]
To list all started VM:
# vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD list
Total running VMs: 3
[standard] Apolo/Apolo.vmx
[standard] Ares - NS01/Ares - NS01.vmx
[standard] hades - NS02/hades - NS02.vmx
To stop a VM:
# vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD stop “[standard] Apolo/Apolo.vmx”
To start a VM:
# vmrun -u root -h ‘https://192.168.0.14:8333/sdk’ -p YOURPASSWORD start “[standard] Apolo/Apolo.vmx”
Adding new users to Xmail SMTP server
Posted by Lincoln Zuljewic Silva in E-Mail server on April 7, 2009
There are three different ways to add an user on XMail:
- Using “telnet localhost 6017”
- Using XMailAdmin (a Windows client)
- Using phpxmail (a php script that run in the browser
– need apache and PHP in some server that can access the XMail server).
The most important thing is configure a user/passwd as XMail administrator:
- # /var/MailRoot/bin/XMCrypt SOME_PASSWORD
- Edit the /var/MailRoot/ctrlaccounts.tab and add the following line:
"USERNAME"<TAB>"string returned from XMCrypt command"
Note: SOME_PASSWORD is the desired password for the administrator user, USERNAME is the desired user and <TAB> means a TAB.
Assuming that you have apache, php and phpxmail installed, access it thru http://YOUR_SERVER/phpxmail/ and fill the following data:
- Server hostname: XMail server hostname
- Server ip address: XMail server IP address
- Server port: XMail CTRL service port (usually 6017)
- CTRL account: the user created above
- CTRL password: the password defined above Once you are now able to login on that XMail CTRL console, go to “server domains”, click on the domain you wish to add the user and “new user”.
Installing OpenSSH from source on SuSe 10
Posted by Lincoln Zuljewic Silva in Linux on April 7, 2009
The current version of my SuSe is:
# cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (i586) VERSION = 10 PATCHLEVEL = 1
1 – Download OpenSSH:
# cd /usr/src
# wget http://anga.funkfeuer.at/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz
2 – Unpack it:
# tar zxvf openssh-5.2p1.tar.gz
3 – Check if you have the necessary packages:
automake-1.9.6-2.i586.rpm
cpp-4.0.2_20050901-3.i586.rpm
gcc-4.0.2_20050901-3.i586.rpm
gcc-c++-4.0.2_20050901-3.i586.rpm
glibc-2.3.5-40.i586.rpm
glibc-devel-2.3.5-40.i586.rpm
libselinux-1.23.11-3.i586.rpm
libstdc++-4.0.2_20050901-3.i586.rpm
libstdc++-devel-4.0.2_20050901-3.i586.rpm
openssl-devel-0.9.8a-18.15.i586.rpm
pam-devel-0.99.6.3-28.8.i586.rpm
pam_ssh-1.91-19.2.i586.rpm
sudo-1.6.8p9-2.i586.rpm
tcpd-devel-7.6-731.2.i586.rpm
zlib-devel-1.2.3-3.i586.rpm
You can check it by typing:
# rpm -qa (example: "rpm -qa |grep openssl-devel")
4 – If there are some packeage missing, I advice you search it in www.filewatcher.com and install using:
# rpm -ivh (example: "rpm -ivh tcpd-devel-7.6-731.2.i586.rpm")
5 – Run configure:
# cd /usr/src/openssh-5.2p1
# ./configure --prefix=/opt/ssh2 --with-libs=-ldl --disable-suid-ssh --with-privsep-user=sshd -with-tcp-wrappers --with-pam
After some time, you should see something like this:
OpenSSH has been configured with the following options:
User binaries: /opt/ssh2/bin
System binaries: /opt/ssh2/sbin
Configuration files: /opt/ssh2/etc
Askpass program: /opt/ssh2/libexec/ssh-askpass
Manual pages: /opt/ssh2/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh2/bin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: yes
MD5 password support: no
libedit support: no
Solaris process contract support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -std=gnu99
Preprocessor flags:
Linker flags:
Libraries: -lresolv -lcrypto -lutil -lz -lnsl -ldl -lcrypt +for sshd: -lwrap -lpam
PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory
6 – Install contrib scripts. Check into /usr/src/openssh-5.2p1/contrib some files that we can use to setup our server:
# cp sshd.pam.generic /etc/pam.d/sshd
# cp rc.sshd /etc/init.d/sshd
# cp sysconfig.ssh /etc/sysconfig/ssh
# cp rc.config.sshd /etc/rc.d/sshd
# chmod 755 /etc/init.d/sshd /etc/rc.d/sshd
# ln -s /etc/init.d/sshd /etc/rc.d/rc3.d/S20-sshd
7 – Configure some parameters. Edit the main SSHD configuration file
# vi /opt/ssh2/etc/sshd_config
Ensure that some lines are uncommented:
Line 21: Protocol 2 -> Enable just the protocol version 2 (more secure)
Line 41: PermitRootLogin no -> Do not enable root login
Line 46: RSAAuthentication yes -> enable authentication thru auth-keys
Line 47: PubkeyAuthentication yes -> enable authentication thru auth-keys
Line 48: AuthorizedKeysFile .ssh/authorized_keys -> enable authentication thru auth-keys (keys location - user's home)
Line 86: UsePAM yes -> enable PAM authentication
Line 113: Subsystem sftp /opt/ssh2/libexec/sftp-server -> enable the sftp subsystem (for secure file transfer - NOT SCP)
8 – Start the server:
# /etc/init.d/sshd start
9 – Place a login test
10 – Check in your /var/log/message. If you see the following message:
Apr 7 10:02:48 localhost sshd[8388]: pam_unix(sshd:setcred): Unknown option: `shadow'
Apr 7 10:02:48 localhost sshd[8388]: pam_unix(sshd:setcred): Unknown option: `nodelay'
Apr 7 10:02:48 localhost sshd[8390]: pam_unix(sshd:setcred): Unknown option: `shadow'
Apr 7 10:02:48 localhost sshd[8390]: pam_unix(sshd:setcred): Unknown option: `nodelay'
Edit your /etc/pam.d/sshd and change the following lines:
auth required /lib/security/pam_unix.so shadow nodelay
to
auth required /lib/security/pam_unix.so
and
password required /lib/security/pam_unix.so shadow nullok use_authtok
to
password required /lib/security/pam_unix.so use_authtok
Thats it!