Thursday, October 30, 2014

Configure YUM repository using DVD or CD ROM


Necessary when for example you are configuring a Redhat Server without a paid for subscription
at lease this gives you access to all the programs on the CD / DVD

Mount your CD Rom. in this example we mount cd rom to  to /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

Create the new repo file called cdrom.repo under /etc/repos.d directory.

vi /etc/repos.d/cdrom.repo

Add the following details.

[cdrom]
name=CDROM Repo
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release


cntrl -  x to save


1. [cdrom]  -  Name of the Section.
2. name =  Name of the repository
3. baseurl = Location of the package
4. Enabled = Enable repository
5 gpgcheck= Enable secure installation
6. gpgkey= Location of the key

To test
Install the package using the yum command, let’s install the MySQL package using  YUM.

yum install mysql-server

Using systemctl to Manage Services

Using systemctl to Manage Services

Note: For in all examples below, the format of may also be used instead - though it is not required in recent versions of systemd, and is therefore not shown.

Several examples of widely used services are: httpd (Apache Web server), sshd (SSH server), nfs (NFS server), autofs (AutoFS service), vsftpd (the "Very Secure FTP" server), and many more...


Start a Service

# systemctl start


Stop a Service

# systemctl stop


Restart a Service

# systemctl restart


A Conditional Restart of a Service (Restarts a service only if it's already running)

# systemctl try-restart


Reload a Service

# systemctl reload


Check whether a Service is Running

# systemctl status  

( Or:  # systemctl is-active )


List all Available Services and Show their Running Status

Note: may be "piped" through grep, to find a specific service:  | grep  

# systemctl list-units --type service --all
or systemctl list-units -t service


Enable a Service (this makes it start automatically at start up)
does what chkconfig on used to do.

# systemctl enable


Disable a Service  (this stops the service from starting at startup)
does what chkconfig off used to do.

# systemctl disable


Check whether a Service is Enabled

# systemctl is-enabled  

( Also mentioned in: # systemctl status , under "Loaded:" )


List all Available Services, and check whether they are Enabled

Note: may be piped through grep, to find a specific service:  | grep

# systemctl list-unit-files --type service 


Kill all Running Processes Related to a Service

# systemctl kill


Available unit types.
Service unit          .service         A system service.
Target unit          .target         A group of systemd units.
Automount unit .automount A file system automount point.
Device unit        .device A device file recognized by the kernel.
Mount unit        .mount A file system mount point.
Path unit                .path         A file or directory in a file system.
Scope unit        .scope An externally created process.
Slice unit                .slice         A group of organized units that manage system processes.
Snapshot unit        .snapshot         A saved state of the systemd manager.
Socket unit        .socket An inter-process communication socket.
Swap unit        .swap A swap device or a swap file.
Timer unit        .timer A systemd timer.

Boot process

Systemd primary task is to manage the boot process and provides information about it.
To get the boot process duration, type:

# systemd-analyze

To get the time spent by each task during the boot process, type:

# systemd-analyze blame

To get the list of the dependencies, type:

# systemctl list-dependencies

More examples

To move to single user mode, type:

# systemctl rescue
To move to the level 3 (equivalent to the previous level 3), type:

# systemctl isolate runlevel3.target
Or:

# systemctl isolate multi-user.target
To move to the graphical level (equivalent to the previous level 5), type:

# systemctl isolate graphical.target
To set the default run level to non-graphical mode, type:

# systemctl set-default multi-user.target
To set the default run level to graphical mode, type:

# systemctl set-default graphical.target
To get the current default run level, type:

# systemctl get-default



To stop a server, type:

# systemctl poweroff
Note: You can still use the poweroff command, a link to the systemctl command has been created (the same thing is true for the halt and reboot commands).

To reboot , suspend it or put your machine into hibernation, type:

# systemctl reboot
# systemctl suspend
# systemctl hibernate


Journal analysis

In addition, Systemd handles the system event log, a syslog daemon is not mandatory any more.
To get the content of the Systemd journal, type:

# journalctl
To get all the events related to the crond process in the journal, type:

# journalctl /sbin/crond
Note: You can replace /sbin/crond by `which crond`.

To get all the events since the last boot, type:

# journalctl -b
To get all the events that appeared today in the journal, type:

# journalctl --since=today
To get all the events with a syslog priority of err, type:

# journalctl -p err
To get the 10 last events and wait for any new one (like “tail -f /var/log/messages“), type:

# journalctl -f




Tuesday, June 24, 2014

How to Convert GPT partition to MBR (without loosing Data) Windows 7



I know this is Windows related,  but the solution involves using gdisk which is a Linux tool.

For this you will need a Fedora Live CD and a Windows 7 system repair disk

boot with Fedora live CD

open Terminal

yum -y install gdisk

gdisk /dev/sda

will find the GPT partition table


b     (this will back it up)  (OPTIONAL)

give backup a name (optional)
sda-preconvert.gpt

type the following
r     (starts transformation / recovery)

g      (to convert GPT to MBR

p  (to preview the MBR converted partition table)

w  ( to save your changes)


Now boot with Windows 7 System repair Disk


choose option to go into command prompt

type
DISKPART and press Enter.
LIST DISK and press Enter.
SELECT DISK N and press Enter (N represents the disk you want).
LIST PARTITION and press Enter.
SELECT PARTITION N and press Enter (N represents the partition you want).
ACTIVE and press Enter.
EXIT and press Enter.

type the following

BOOTREC /SCANOS and press Enter.
BOOTREC /REBUILDBCD and press Enter.
BOOTREC /FIXMBR and press Enter
BOOTREC /FIXBOOT and press Enter.

reboot

if you recieve following error
File: \boot\bcd
Status: 0xc000000f
Info: An error occurred while attempting to read the boot configuration data.

don't sweat, boot back up using system repair disk and let the automatic system repair run
this time it will take longer and after a final reboot, you should have a working system. with a MBR partition and all your files and config exactly as they were.

if you continue to receive a Error 0xc0000225 on windows boot
boot with Gparted and remove all EFI  partitions.

reboot normally and you should be in good shape.

Sunday, March 30, 2014

Command line shortcuts


Clear screen
cntrl l 

ssh connection to unreachable host through a reachable host
ssh -t reachable_host ssh unreachable_host 

set an audible alarm when machine comes online
ping -i 60 -a IP_address

Display top 10 running processes sorted by memory usage
ps aux | sort -nk +4 | tail

save your previous command as a script
echo "!!" > foo.sh

what is my my public ipadress ?
curl ifconfig.me


Sunday, March 16, 2014

Enable Logging for SFTP sessions




To enable logging of your sftp sessions

Replace the susbsystem line in your /etc/ssh/sshd_config with
Subsystem    sftp    /usr/libexec/openssh/sftp-server -f LOCAL5 -l INFO
Add the following to /etc/syslog.conf or  /etc/rsyslog.conf
#sftp logging
local5.*                        /var/log/sftpd.log
Restart the sshd and syslog/rsylog services,
sftp sessions should now be logged to /var/log/sftpd.log

Wednesday, March 12, 2014

setting persistant system wide environment variables


The folder /etc/profile.d/ is the recommended place to add customizations to the system profile.
do not edit /etc/profile  rather add files in the /etc/profile.d folder

For example, when installing the oracle JDK, you might need to set the JAVA_HOME and JRE_HOME environment variables.

Create a new file called java.sh
vim /etc/profile.d/java.sh

Within this file, initialize the necessary environment variables
export JRE_HOME=/usr/java/jdk1.7/jre
export PATH=$PATH:$JRE_HOME/bin

export JAVA_HOME=/usr/java/jdk1.7
export JAVA_PATH=$JAVA_HOME

export PATH=$PATH:$JAVA_HOME/bin

save the file.

every time you reboot the environment variable will be loaded system wide..

Sunday, March 2, 2014

Undeleting Files that were accidentallly deleted


How to undelete files from ext3/ext4 partition
When you accidentally delete a file or files or an entire directory extundelete can recover them for you.

yum install extundelete

The first step should be to  unmount the partition that your lost files are on, as soon as possible.
If you know the path and the name of the file or directory  (let's assume it's /home/cgerada/Music/ and you accidentally deleted all your music files .
sudo to root
sudo -i or su - root and go to a partition with enough free space to store the deleted files. Then:
type

extundelete --restore-files /home/cgerada/Music/ /dev/sda3

you should get the following
NOTICE: Extended attributes are not restored.
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set.
The partition should be unmounted to undelete any files without further data loss.
If the partition is not currently mounted, this message indicates 
it was improperly unmounted, and you should run fsck before continuing.
If you decide to continue, extundelete may overwrite some of the deleted
files and make recovering those files impossible.  You should unmount the
file system and check it with fsck before using extundelete.
Would you like to continue? (y/n) 
type y
y
Loading filesystem metadata ... 3679 groups loaded.
Loading journal descriptors ... 31276 descriptors loaded.


As soon as extundelete is  finished, you will  find the recovered files  in the folder you were in when you ran the command  /RECOVERED_FILES/

If you deleted  a  directory itself, you can use --restore-directory


There are some other  useful options such as  --restore-all , --restore-file, --after 'dtime' or --before 'dtime'

type extundelete --help  to see exactly what the other options do.


Thursday, February 6, 2014

Installing with yum from a text file.




To install a list of specific  packages that are installed on one server to another server .

rpm -qa > installed.txt

will create a text file with a list of all installed packages

copy installed.txt from server1 using rsync to server2, like this:

rsync installed.txt  server2:

then on server2  type

 yum -y install $(cat installed.txt)

This will now install all the packages listed in installed.txt on server2.

Tuesday, February 4, 2014

Disallowing programs through Sudo

You want to grant user cgerada root privelages to all programs except one, lets use tcpdump in this example.
ie we want to prevent cgerada from running  tcpdump,  but he must still be able to run all other commands as root using sudo. Further ,you do not want cgerada to have the ability to sudo -i
which effectively changes cgerada to the root user.

Normally with sudo you list the programs that the user is allowed to run with root privelages.
in this example you want to list and implement a program that is not allowed..

To edit the sudoers config file
type visudo  [enter]
which will bring up the sudoers file in vi ready to edit..

add the following line

under the section were the Cmnd_Alias is commented out
add the following alias

Cmnd_Alias DISALLOWED = /user/tcpdump, /bin/bash

You can separate with commas all the commands that you want to disallow.

Im also disallowing /bin/bash simply because when a user types sudo -i a new bash session is started as root. by disallowing this my user will not be able to sudo -i.

Further down in the sudoers file were you see
root   ALL=(ALL)    ALL

add the following underneath

cgerada ALL=ALL, !DISALLOWED

The !(Bang) means the opposite  ie without the !(bang) the user will have access to those programs.
by putting in a !(bang) in front the opposite is true.

save the file and exit by typing :x [enter]

Now look what happens if the user cgerada tries to run tcpdump


sudo tcpdump -n port 25
[sudo] password for cgerada: 
Sorry, user cgerada is not allowed to execute '/usr/sbin/tcpdump -n port 25' as root on server.



now look what happens if the user tries to sudo -i

sudo -i
[sudo] password for cgerada: 
Sorry, user cgerada is not allowed to execute '/bin/bash' as root on server