Friday, December 28, 2012

MySQL- basic commands in Mysql

To login from unix shell.
[mysql dir]/bin/mysql -h hostname -u root -p

*Note: use -h only if needed.
Create, List, Use and Delete Databases Commands

create database
This command is used to create a Database on the sql server..
Syntax: create [db name];

Eg:
create employees;

show databases
This command id used to list all databases on the sql server.
Syntax: show databases;

use database
This command is used to switch to a database.
Syntax: use [db name];

drop database
This command is used to delete a database.
Syntax: drop [db name];
Creating tables and working with MySQL

create tabe
This command is used to create tables in a database.

Eg:
CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups
VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));

show tables
This command is see all the tables in the database.

describe table
To see database's field formats.
describe [table name];

drop table
To delete a table.
drop table [table name];

Show all data in a table.
SELECT * FROM [table name];

Returns the columns and column information pertaining to the designated table.
show columns from [table name];

Show certain selected rows with the value "something".
SELECT * FROM [table name] WHERE [field name] = "something";

Show all records containing the name "Telson" AND the phone number '2255'.
SELECT * FROM [table name] WHERE name = "Telson" AND phone_number = '2255';

Show all records not containing the name "Telson" AND the phone number '2255' order by the phone_number field.
SELECT * FROM [table name] WHERE name != "Telson" AND phone_number = '2255' order by phone_number;

Show all records starting with the letters 'Tel' AND the phone number '2255'.
SELECT * FROM [table name] WHERE name like "Tel%" AND phone_number = '2255';

Use a regular expression to find records. Use "REGEXP BINARY" to force case-sensitivity. This finds any record beginning with a.
SELECT * FROM [table name] WHERE rec RLIKE "^a$";

Show unique records.
SELECT DISTINCT [column name] FROM [table name];

Show selected records sorted in an ascending (asc) or descending (desc).
SELECT [column1],[column2] FROM [table name] ORDER BY [column2] DESC;

Return number of rows.
SELECT COUNT(*) FROM [table name];

Sum column.
SELECT SUM(*) FROM [table name];

Join tables on common columns.
select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Creating Mysql databse Users and changing Password

Switch to the mysql db.

Create a new user.
INSERT INTO [table name] (Host,User,Password) VALUES('%','user',PASSWORD('password'));

Change a users password.(from unix shell).
[mysql dir] mysqladmin -u root -h hostname.blah.org -p password 'new-password'

Change a users password.(from MySQL prompt).
SET PASSWORD FOR 'user'@'hostname' = PASSWORD('passwordhere');

Allow the user "telson" to connect to the server from localhost using the password "passwd"
grant usage on *.* to telson@localhost identified by 'passwd';

Switch to mysql db.
Give user privilages for a db.
INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('%','databasename','username','Y','Y','Y','Y','Y','N');

or

grant all privileges on databasename.* to username@localhost;
Modifying and Updating tables in MySQL

To update info already in a table.
UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y',Update_priv = 'Y' where [field name] = 'user'; Delete a row(s) from a table.
DELETE from [table name] where [field name] = 'something';

Update database permissions/privilages.
FLUSH PRIVILEGES;

Delete a column.
alter table [table name] drop column [column name];

Add a new column to db.
alter table [table name] add column [new column name] varchar (20);

Change column name.
alter table [table name] change [old column name] [new column name] varchar (50);

Make a unique column so you get no dupes.
alter table [table name] add unique ([column name]);

Make a column bigger.
alter table [table name] modify [column name] VARCHAR(4);

Delete unique from table.
alter table [table name] drop index [colmn name];

Load a CSV file into a table.
LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Creating MySQL Database backup's and Restoring Databases

Dump all databases for backup. Backup file is sql commands to recreate all db's.
[mysql dir] mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql

Dump one database for backup.
[mysql dir] mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql

Dump a table from a database.
[mysql dir] mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql

Restore database (or database table) from backup.
[mysql dir] mysql -u username -ppassword databasename < /tmp/databasename.sql

Saturday, December 22, 2012

EXIM -- MTA

Exim
=====
Conf : /etc/exim.conf - exim main configuration file
/etc/localdomains - list of domains allowed to relay mail
Log : /var/log/exim_mainlog - incoming/outgoing mails are logged here
/var/log/exim_rejectlog - exim rejected mails are reported here
/var/log/exim_paniclog - exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim - /scripts/restartsrv_exim
Email forwarders and catchall address file - /etc/valiases/domainname.com
Email filters file - /etc/vfilters/domainname.com
POP user authentication file - /home/username/etc/domainname/passwd
catchall inbox - /home/username/mail/inbox
POP user inbox - /home/username/mail/domainname/popusername/inbox
POP user spambox - /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid - -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
force exim up : /scripts/eximup --force
Log file is located at /var/log/exim4/mainlog
Count the number of messages in the queue.

root@localhost# exim -bpc
Listing the messages in the queue (time queued, size, message-id, sender, recipient).

root@localhost# exim -bp
Search the queue for messages from a specific sender.

root@localhost# exiqgrep -f [luser]@domain
Search the queue for messages for a specific recipient/domain.

root@localhost# exiqgrep -r [luser]@domain
Print messages older than the specified number of seconds.

Eg: messages older than 1 hour.
root@localhost# exiqgrep -o 3600 [...]
Print messages younger than the specified number of seconds.

Eg: messages less than an hour old.
root@localhost# exiqgrep -y 3600 [...]
Match the size of a message with a regex. Eg: Messages between 500-599 bytes.

root@localhost# exiqgrep -s '^5..$' [...]
Print just the message-id of the entire queue.

root@localhost# exiqgrep -i
Remove a message from the queue.

root@localhost# exim -Mrm <message-id> [ <message-id> ... ]
Freeze a message.

root@localhost# exim -Mf <message-id> [ <message-id> ... ]
View a message's logs.

root@localhost# exim -Mvl <message-id>

========================
Remove all frozen messages.

root@localhost# exiqgrep -z -i | xargs exim -Mrm

there can be lot of frozen messages in the queue which are not delivered most probabalt spammed messages the script deletes them
exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm
Remove all messages older than five days (86400 * 2 = 172800 seconds).

root@localhost# exiqgrep -o 172800 -i | xargs exim -Mrm
Remove all messages latest five days (86400 * 2 = 172800 seconds).

root@localhost# exiqgrep -y 172800 -i | xargs exim -Mrm
Freeze all queued mail from a given sender.

root@localhost# exiqgrep -i -f user@example.com | xargs exim -Mf

To remove all messages from the queue, enter:
===================================================================
grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

Command to send all the emails in the mail queue
===================================================================
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M

=========================

Send a test message send "content" | mail -s "subject" user@example.com

Send a message without "send": echo "body" | mail -s "subject" user@example.com

==========================

##############################################################
Troubleshoot Spamming#########################################
##############################################################

Get details of scripts that are used to send out spam emails :
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i teststats

Script to know the mail count by various accounts
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

The number of mails by a domain
exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l

1)Issue this command: ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.

2)Issue this command: eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.

3)Issue this command: exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.

4)Issue this command: netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

5)In order to find “nobody” spamming, issue the following command
ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n

It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)

The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test

Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)

Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.
exim -bp
exim -bpr | exiqsumm -c | head
Then,
exiqgrep -ir | xargs -n1 exim -Mrm

================================

Thursday, November 29, 2012

Config-Server-Firewall

Installing CSF---config-server-firewall


Downloading the Packages

--------------->wget http://www.configserver.com/free/csf.tgz
--------------->tar zxvf csf.tgz

--------------->cd csf

This is where the paths diverge: cPanel server, or non-cPanel server.

--------------->./install.cpanel.sh

If you are running a non-cpanel redhat server:

--------------->./install.sh

---------------> /etc/init.d/csf restart


First run following command that you have all the required iptables modules available for running CSF full. Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors
[root@desk csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK
RESULT: csf should function on this server
Looks 100% OK.


Here are the most common commands you will be using:

csf -d IPADDRESS will deny an IP.
csf -a IPADDRESS will allow an IP.
csf -r will reload all rules.
-dr, --denyrm ip    Remove and unblock an IP address in /etc/csf.deny
-t, --temp          Displays the current list of temporary IP bans and their TTL
-tr, --temprm ip    Remove an IP address from the temporary IP ban list


---------------------------
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "1"

Edit the last line of that block of text so that it reflects testing being disabled:
TESTING = "0"

Finally, restart CSF:
---------------------------


More about csf
##############################
Now edit the /etc/csf/csf.conf
Put your all ports which you want to be open on your server for incoming traffic seperated by comma.
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995″
Also open any port you want for outgoing traffic
TCP_OUT = “20,21,22,25,53,80,110,113,443″
Same goes for UDP_IN and UDP_OUT, be remember if you are running DNS service, so you have to open port 53 in UDP_IN as DNS port 53 runs on udp rather than tcp
UDP_IN = “20,21,53″
To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,33434:33523″
#############################
SYNFLOOD protection is already enabled and if you want to change the RATE or BURST value you can use following lines to match your traffic.
SYNFLOOD = “0″
SYNFLOOD_RATE = “100/s”
SYNFLOOD_BURST = “150″
currently the RATE is 100/s and BURST can upto 150. This can be varry from server to server.
i.e. if 100 connections are received from an IP/sec for 150 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
############################
Search for “PORTFLOOD”
PORTFLOOD = “80;tcp;20;300″
This rule will block IPs that connects to port 80 via TCP more than 20 times within 300 seconds.  Once the attack is normal then remove this rule from the csf firewall.
############################
# To disable this feature, set this to 0
CT_LIMIT = Default: 50 (means 50 connections per ip address)
# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
CT_INTERVAL = Default: 30
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = Default: 1
# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared after CT_BLOCK_TIME seconds
CT_PERMANENT = Default: 0
# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = Default: 1800
# If you don’t want to count the TIME_WAIT state against the connection count
# then set the following to “1″
CT_SKIP_TIME_WAIT = Default: 0
# If you only want to count specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. “SYN_RECV,TIME_WAIT”
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES =
# If you only want to count specific ports (e.g. 80,443) then add the ports
# to the following as a comma separated list. E.g. “80,443″
#
# Leave this option empty to count all ports against CT_LIMIT
CT_PORTS = 80,443
############################
CONNLIMIT is a comma separated list of:
port;limit
So, a setting of CONNLIMIT = "22;5,80;20" means:
1. Only allow up to 5 concurrent new connections to port 22 per IP address
2. Only allow up to 20 concurrent new connections to port 80 per IP address
Note: Existing connections are not included in the count, only new SYN packets,
i.e. new connections
############################
If you want to add some spam protection, CSF can help. Look in the configuration for the following:
LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.
LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.
Define email address to which you need to get alerts and define email address to which you want to get.
LF_ALERT_TO = “snipped@google.com”
LF_ALERT_FROM = “csf@google.com”
###########################

Gstreamer-ffmpeg Packages for rhel

1. Download the latest atrpms-repo rpm from

http://dl.atrpms.net/el6-x86_64/atrpms/stable/

2. Install atrpms-repo rpm:

# rpm -Uvh atrpms-repo*rpm

3. Install gstreamer-ffmpeg rpm package:

# yum install gstreamer-ffmpeg

[fusion]
name=fusion
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/
enabled=1
gpgcheck=0

[atrpms]
name=atrpms
baseurl=http://dl.atrpms.net/el6-x86_64/atrpms/stable/
enabled=1
gpgcheck=0

Tuesday, November 27, 2012

Creating a Certificate Authority OR Self Signing

To create the private Certificate Authority we could make one as below..
How the whole thing works

1.First create Certificate Authority with needed credentials as per needed certificate details.To sign a certificate signing request the authority must have a certificate with same credentials as that of certificate signing request . so after configuring /etc/pki/tls/openssl.cnf with needed credential we need to create a private key and a certificate in the certificate authority

2.create the private key and certificate signing request at client side as per needed credential.

3.scp the certificate signing request csr from the client to the server which is the certificate authority and sign the csr with the certificate authority and get the certificate and send the certificate back to client


Signing of the certificate will be successful only if the the credentials in the certificate authorities certificate and that in certificate signing request matches

Packages needed are openssl*

1.
In server where we need to create the certificate authority

cd /etc/pki/tls/openssl.cnf
In that file we need to change the following as per out need
#######
dir             = /etc/pki/CA ----------------------> root directory of Certificate  authority
certificate     = $dir/my-ca.crt  ------------------> Certificate of the CA which is used to check against the csr
crl             = $dir/crl.pem    ------------------> certificate revocation list if the certificate is compromised
private_key     = $dir/private/my-ca.key -----------> private key of Certificate authority used to create the CA's certificate

#######Basic Credentials that should be same in both csr and the certificate in CA

stateOrProvinceName_default     = North Carolina
localityName_default            = Raleigh
0.organizationName_default      = Example, Inc.

#######There are more credentials which are used in certificate creation

#######Make the needed directories in CA

mkdir /etc/pki/CA/{cert,crl,newcerts}
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial

NOW Creating the CA's private key and CERTIFICATE in corresponding places

cd /etc/pki/CA

openssl genrsa -out private/my-ca.key -des3 2048
openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt



2.
Creating privet key and Certificate Signing Request at client side
Creating private key

openssl genrsa -out private.key -des3 2048

Creating certificate sigining request with private key

openssl req -new -key private.key -out certificate.csr

here you will be asked for needed credentials ..Remember if the credentials are different in csr and ca the signing will be failure



3
With certificate.csr in Certificate Authority server we can sign the certificate

openssl ca -in certificatecsr.csr -out certificate.crt

here the ca implies that it will use the configuration from /etc/pki/tls/openssl.cnf to sign the signing request.

Or the other way is to self sign as follow after creating the private key and csr we could do self signing as follows

openssl  x509 -req -days 365 -in  certificate.csr -signkey private.key -out certificate.crt

Tuesday, November 13, 2012

Install Dolphin in Vps / Hosting

Installing Dolphin

We can install dolphin in two ways either as main site or as a sub directory ie a folder inside the main site. The difference between this two are is that to get the dolphin installed as the main site uncompress the tar file in the public_html folder so that we can access the site as following

http://your-domain-name/

and in second type we will be uncompressing the tar file in a directory inside public_html so that we can access the site as follows

http://your-domain-name/<name-we-give>

Downloading Dolphin


Cd /<path-to-root_directory>/public_html

mkdir dolphin

Change to the Dolphin directory by entering the following command:
cd dolphin

Download the latest Dolphin release by entering the following command:
http://www.boonex.com/paymentprovider/payment#download

wget http://get.boonex.com/Dolphin-v.7.0

Unzip the archive by entering the following command:
unzip Dolphin-v.7.0

Adding a MySQL User and Database


We could create the database and user using cpanel mysql window. Normally the database are named as username_databasename and username as username_name

mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;

GRANT ALL PRIVILEGES ON db_base.* TO db_user @’%’ IDENTIFIED BY ‘db_passwd’;


Configuring Permissions


Cd /<path-to-root-document>/public_html/dolphin

chmod 777 ./inc ./backup ./cache ./cache_public ./langs ./media/app ./media/images ./media/images/banners ./media/images/blog ./media/images/classifieds ./media/images/membership ./media/images/profile ./media/images/profile_bg ./media/images/promo ./media/images/promo/original ./tmp ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/HTML ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/CSS ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/Test ./plugins/htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/URI

chmod 777 ./flash/modules/board/files ./flash/modules/chat/files ./flash/modules/photo/files ./flash/modules/im/files ./flash/modules/mp3/files ./flash/modules/video/files ./flash/modules/video_comments/files

chmod 666 inc/prof.inc.php

chmod 666 ./flash/modules/global/data/integration.dat ./flash/modules/board/xml/config.xml ./flash/modules/board/xml/langs.xml ./flash/modules/board/xml/main.xml ./flash/modules/board/xml/skins.xml ./flash/modules/chat/xml/config.xml ./flash/modules/chat/xml/langs.xml ./flash/modules/chat/xml/main.xml ./flash/modules/chat/xml/skins.xml ./flash/modules/desktop/xml/config.xml ./flash/modules/desktop/xml/langs.xml ./flash/modules/desktop/xml/main.xml ./flash/modules/desktop/xml/skins.xml ./flash/modules/global/xml/config.xml ./flash/modules/global/xml/main.xml ./flash/modules/im/xml/config.xml ./flash/modules/im/xml/langs.xml ./flash/modules/im/xml/main.xml ./flash/modules/im/xml/skins.xml ./flash/modules/mp3/xml/config.xml ./flash/modules/mp3/xml/langs.xml ./flash/modules/mp3/xml/main.xml ./flash/modules/mp3/xml/skins.xml ./flash/modules/photo/xml/config.xml ./flash/modules/photo/xml/langs.xml ./flash/modules/photo/xml/main.xml ./flash/modules/photo/xml/skins.xml ./flash/modules/video/xml/config.xml ./flash/modules/video/xml/langs.xml ./flash/modules/video/xml/main.xml ./flash/modules/video/xml/skins.xml ./flash/modules/video_comments/xml/config.xml ./flash/modules/video_comments/xml/langs.xml ./flash/modules/video_comments/xml/main.xml ./flash/modules/video_comments/xml/skins.xml

chmod 777 flash/modules/global/app/ffmpeg.exe


Running the Install Script


Navigate to http://host-name.com/dolphin/install/index.php.

The Dolphin installation page appears,

Click Install to begin.

If any of the file get failed we need to do that manually using chmod 755 for needed files.

All of the files listed should be Writable. Click Next to continue. The Paths Check webpage appears, as shown below.

If we get ImageMagick installed failed we need to install it manually .we could intall that using the cpanel scripts

Check whether ImageMagicK is installed or not:-à/scripts/checkimagemagick

Install ImageMagick :à/scripts/installimagemagick

/usr/bin/convert –version

If we get GD library failed intall it using

/scripts/easyapache

  1. "Start customizing based on profile"

  2. Select the Apache version and click next step.

  3. Select the Major PHP Version and click next step.

  4. Select the PHP Minor Version and click next step.

  5. Scroll down to the bottom and click "Exhaustive Options List". (If the module you are needing isn't listed)

  6. Select the modules you wish to add (GD library) then scroll to the bottom and click "Save and Build".


Even after installing GD library if we get GD library failed we need to edit

Find and edit the php.ini

And add

extension=php_gd2.dll

extension=php_gd.dll

and run the check again.

All of the paths listed should be "found". You should also see a GD library installed message at the bottom of the webpage. Click Next to continue. The Database webpage appears.

Enter the details for the Dolphin database you created earlier in this guide. Click Next to continue. The Configuration webpage appears.

Complete the form by entering the required information for your website, and then click Next to continue. The Cron Jobs webpage appears.

Now you'll need to set up a cron job specified on the webpage. We can also do this from the cpanel in graphical way. To set up your cron job, you'll need to open your crontab for editing by entering the following command:
sudo crontab -e

MAILTO=myemail@gmail.com
* * * * * cd /var/www/periodic; /usr/bin/php -q cron.php

To save the cron job, press Control-X, and then press Y to save.

Back in your web browser, click Next. The Permissions Reversal webpage appears, as shown below.

To reverse your permissions, enter the following commands, one by one.
cd /<path-to-document-root>/public_html/dolphin
find ./ -type d -exec chmod 755 {} \;
sudo find ./ -type f -exec chmod 644 {} \;
chmod 755 flash/modules/global/app/ffmpeg.exe;

Back in your web browser, click Check. The webpage should now indicate that the directory is "Non-writable", as shown below.

Click Next. If the webpage shown below appears its finished

After that copy the languages from the install/lang directory to dolphin/lang that in dolphin.

mv /<path-to-document-root>/public_html/dolphin/install/langs/* /<path-to-document-root>/public_html/dolphin/langs/

Now you'll want to remove the install directory by entering the following commands, one by one:
cd /<path-to-root-document>/public/dolphin
rm -rf install

Change the permissions of the cache, cache_public, langs, and tmp folders by entering the following commands, one by one:
chmod 777 cache
chmod 777 cache_public
chmod 777 tmp

You can now log into your admin panel at http://host-name.com/dolphin/administration/.

Installing Wordpresss in VPS / Hosting places

We can install wordpress in our domain in two ways . Either as main site ie in public_html or as an sub website inside a directory in the public_html..difference between then is just about uncompromising  the tar file in public_html directory or in a sub directory . For doing that in either way all the steps are same .

First we need to download the tar file and we need to uncompress it in the needed directory .

cd /<path-to-document-root>/public_html
wget http://wordpress.org/latest.tar.gz

now decompress the file

tar -xvzf  latest.tar.gz

change the privilage of the folder by

chmod -R 777 *

noramally to make it the main site we copy the tar file and extract the tar file in same public_html directroy so that it can be accessed like

http://your-domain-name

To make it a sub website first we need to make a direcotry with any name inside the public_html and untar the tar file into that it can be accessed by

http://your-domain-name/<name-we-give>

Second thing we need is a database which we can create through the cpanel or through the shell .when creating the databse user throug the cpanel we need to create a database first and later a user and we need to give full permission to that user over that database. All this can be done through

cpanel>>Home>>Mysql databse …Or

by following commands in the shell .To do it through shell we need to get into our server/vps through ssh and run the following command.Normally the databases will be named as username_databasename . And user of that database as username_name.

mysql
CREATE USER USER_NAME IDENTIFIED BY PASSWORD
CREATE DATABASE DATABASE_NAME;
GRAND ALL ON DATABASE_NAME TO USER_NAME;
FLUSH PRIVILEGES;
EXIT;

GRANT ALL PRIVILEGES ON db_base.* TO db_user @'%' IDENTIFIED BY 'db_passwd';

Now go to browser and type “http://your-domain-name/” or “ http://your-domain-name/<name-we-give>” to get the auto install configuration file of the wordpress.There we will be asked for following and we need to fill in the needed details..Remember to give correct database name and user name leave the rest of options as it is

database: database_name
username:user_name
password:password
host:localhost:

and click next

If all things ends correctly it will be done and you will get the welcome page

Wednesday, November 7, 2012

Creating the Cpanel account with WHM

Log into your WHMIn the left menu under "Account Functions", click "Create a New Account"
Fill in the details for the new account. Here's a brief outline of the settings you'll be putting in:

  • Domain Information

    • Enter the main domain name on the account, set a cPanel username and password for it, and then enter the email address to be associated with the account.



  • Package

    • WHM allows you to create packages, which make it easier to manage cPanel accounts. For Example, you may have a "Power Plan" package like InMotion Hosting offers. Within that package you could set limits such as the number of addon domains to associate to the account. If you don't have any packages set, select the "Select Options Manually" option and set those limitations now.



  • Settings

    • Choose the cPanel theme to assign the user (InMotion Hosting currently uses x3) and select the appropriate language for the user.



  • Reseller Settings

    • If you have the access to create a cPanel account, it means that you have reseller permissions. Decide here if this new account you're creating should have WHM access and be able to create accounts themselves.



  • DNS Settings

    • Decide how the domain's nameservers should be configured on the server. If the nameservers specified for this domain name are going to be on another server, choose the option "Use the nameservers specified at the Domain's Regsitrar"



  • Mail Routing Settings

    • Decide how the server handles email for this specific domain. For example, should it attempt to deliver the email locally or should it look at the external MX records and decide? It's recommended to use "Automatically Detect Configuration" if you're not sure about this setting

    • .




After you have filled in all of the details above, click the "Create" button at the bottom of the page.

Congratulations, you have just created a new cPanel account!

Tuesday, November 6, 2012

Installing cPanel manually

In order to install cpanel/WHM on your VPS ,  you will need to log into your server as root first.

ssh root@server-ip

In above server-ip should be your server's  ip. We should install cpanel/whm only in a fresh system ,configured with a proper yum or apt-get system .

From a windows machine we can use putty to log into the server ...

Minimum Requirements as per cpanel's original site















Processor266 MHz
Memory512 MB RAM (1 GB recommended when hosting many accounts)
Disk Space10 GB hard disk


Removing YUM groups


To obtain a list of yum groups, run the command:

yum grouplist


You should make sure these yum groups are not installed:

  • FTP Server

  • GNOME Desktop Environment

  • KDE (K Desktop Environment)

  • Mail Server

  • Mono

  • Web Server

  • X Window System


To remove a yum group, run the command yum groupremove. For example, if you wish to remove Mono and Mail Server, enter:

yum groupremove "Mono" "Mail Server"


Disabling SELinux security features


You should disable SELinux after installing Red Hat Enterprise Linux, CentOS, or CloudLinux. To disable SELinux, you can either:

  • Use the graphical interface while configuring your operating system, or

  • Edit /etc/selinux/config from the command line and set the SELINUX parameter to disabled using a text editor, such as nano or vi.


If you disable SELinux from the command line, the contents of /etc/selinux/config should resemble:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted


Deactivating default firewall and checking for updates


If you are installing a CentOS, Red Hat Enterprise Linux, CloudLinux operating system, you should deactivate the default firewall and check for updates.

To deactivate the firewall, run the commands:

chkconfig iptables off
service iptables stop


To check for updates, run the command:

yum update


change the hostname of the VPS to a valid hostname like "server.domain.com".

Installing cpanel


The installation of cPanel can take a long time and it is better if you install "screen". Depending on your operating system you can install screen running yum or apt-get (yum install screen or apt-get install screen).

Now you will want to download and install cPanel:

screen -S cpanel
cd /home
wget http://layer1.cpanel.net/latest
sh latest

ctrl -A-D ...to detach from screen

screen -ls will list the screens

If you get disconnected, you can ssh back into your server as root, and run: 
screen -r cpanel

After everything is complete, and there are no errors, you should be able to access the WHM control panel by visiting

https://your_ip:2087

Friday, October 26, 2012

Kerberose authentication in rhel

Kerberose authentication

To use kerberose authentication we need to set up server with all the needed principle and their passwords.and we must configure the client to use the proper kerberpse server as needed.

Server Configuration

server:virtual19.virtual.com
IP:192.168.100.19

client:virtual21.virtual.com
IP:192.168.100.21

Packages needed are

yum install -y krb5-server
yum install -y krb5-libs
yum install -y readline-devel

vim /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = VIRTUAL.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
VIRTUAL.COM = {
kdc = virtual19.virtual.com
admin_server = virtual19.virtual.com
}

[domain_realm]
virtual19.virtual.com = VIRTUAL.COM
virtual21.virtual.com = VIRTUAL.COM

[appdefault]
validate=true

vim /var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88

[realms]
VIRTUAL.COM = {
master_key_type = aes256-cts
default_principle_flags = +preauth
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}

kdb5_util create -r VIRTUAL.COM -s

kadmin.local

kadmin:  listprincs
kadmin:  addprinc root/admin
kadmin:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin

kadmin:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw

kadmin:  addprinc -randkey host/virtual19.virtual.com

kadmin:  ktadd -k /etc/krb5.keytab host/virtual19.virtual.com

vim /var/kerberos/krb5kdc/kadm5.acl
*/admin@VIRTUAL.COM     *

service krb5kdc restart
chkconfig krb5kdc on
service kadmin restart
chkconfig kadmin on

----------------------------------------------------------
Client side configuration
----------------------------------------------------------

copy the /etc/krb5.conf from server to client

authconfig-tui

select the kerberised password authentication then they will ask for kdc and krb5 server and releam name to which we need to enter the correct entry .When closing the utils the system will configure itself for connection to kerberose server

Now we need to add that machine to kerberose server database

kadmin
kadmin:  addprinc -randkey host/virtual21.virtual.com
kadmin:  ktadd -k /etc/krb5.keytab host/virtual21.virtual.com

now the client machine is added to server and now the tickets will be issued as normal and to check that
klist to list the tickets got from server

-------------------------------------------------------------------.

Now adding nis user to kerberose

At server make a principle for the nis users and that is it

kadmin.local

kadmin:  addprinc nisuser1

now will be prompted for kerberose password which at client will enable the user to login as user using kerberised security .

Tuesday, October 23, 2012

NIS server-client configuration

NIS Network Information System is one of the centralized way to use the user through-out the network.

At Server
Install the nis server package

----->yum install -y ypserv

Add the needed users ,make sure that u give an uid that is normally not used ..go for 5000 + uids here i will be using ids at range of 6000 . This is may to avoid confilt with the local user uids

----->useradd -u 60000 nisuser1
----->passwd nisuser1
----->useradd -u 60001 nisuser2
----->passwd nisuser2

Give the nisdoamin name in /etc/sysconfig/network and we can make nis services use the port we say by giving following arguments

---->echo "
    NISDOMAIN=virtual19
    YPSERV_ARGS="-p 900"
    YPPASSWRD_ARGS="-p 901"
    YPXFRD_ARGS="-p 902"
    " >> /etc/sysconfig/network

the -p argument will make the service use that port

Now to make the master nis server
----->service ypserv restart

----->/usr/lib64/yp/ypinit -m

will make the nis server and and make the needed changes

to make those changes permanent

------>make -C /var/yp

------>service ypserv restart

we can check the users by
getent passwd

-----------------------------
AT Client
-----------------------------

we neet to configure the authconfig-tui to nis

------->authconfig-tui

Now a window will be opened and we need to select the nis option,system will automatically start the needed service..you will be asked the nisdomain name and server ip  we should provide that and when the window close the clinet configuration is complete

Now at client side if we do
------->getent passwd

we would be able to see the users...
to just see the nis users we need to use ypcat

------->ypcat passwd
this will only show the nis uses from passwd file

switch to the user just like we switch to normal users

at client ------->su nisuser1

Basically nis is not that much secure we can make its client restriction in file /var/yp/securenets .the ips or network given in that file only will have entry to nis server

To change passwd of the user from client we need to use yppasswdd sevice at server and same command at client side.

Monday, October 22, 2012

More about DNS and Security in Zone sharing

More about DNS

Bogus servers which give wrong information can be blocked or to make our server not to accept any information from them

server IP {bogus yes ;};

we can also create blackhole in dns where the server will not even acknowledge the other ip

blackhole {ips;};

version bind
this can be used to make the details of dns version IE bind version safe from the outsider

version "INFORMATION ....";

chrooting the bind


By installing the bind-chroot the dns configuration file will be moved to space where only root and named group has permission to edit those files

Making DNS Zone sharing safe

we could share a key between slave and master to make sure that update are send to only correct slaves.
This method in called TSIG transaction signature configuration

1.first start from client making the key
----->dnssec-keygen -a hmac-md5 -b 128 -n HOST virtual_key

----->cat Kvirtual_key.+157+56451.private

Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: yzkKqIIa4sUPXm+Oz7VNgg==
Bits: AAA=
Created: 20121022004959
Publish: 20121022004959
Activate: 20121022004959

**copy the key part and create a key file as follows
------->vim /etc/rndc.key
key "virtual_key"
{
algorithm HMAC-MD5;
secret "yzkKqIIa4sUPXm+Oz7VNgg==";
};

------->chgrp named /etc/rndc.key

**inside /etc/named.conf add

include "/etc/rndc.key" ;

server 192.168.100.1 {
keys { virtual_key ; };
};

**and
allow-transfer { key virtul_key ;};

this forces the client to use the key we generate..

Now copy the rndc.key file to server

change the group to named at server

and include the file to /etc/named.conf and give allow-transfer at needed zones to make it more secure

at server /etc/named.conf

include "/etc/rndc.key" ;

allow-transfer { key virtual_key ;};

----------------------------------------------------------------------
master configuration

----------------------------------------------------------------------

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ; };
acl "virtual" { 192.168.100.0/24 ; 127/8 ; };

include "/etc/rndc.key" ;

options {
listen-on port 53 { 127.0.0.1; example ; virtual ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; example; virtual; };
allow-transfer { key virtual_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };

zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };

};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};

zone "virtual.com" IN {
type master;
file "forwardvir.zone";

allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update { none; };
};

};

view internal {
match-clients { example; };
zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "122.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
};

view external {
match-clients { virtual; };
zone "virtual.com" IN {
type master;
file "forwardvir.zone";
allow-update {none; };

};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "reversevir.zone";
allow-update {none ;};
};

};

#include "/etc/named.rfc1912.zones";

----------------------------------------------------------------------------
slave configuration
----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

include "/etc/rndc.key" ;

server 192.168.100.1 {
keys { virtual_key ; };
};

options {
listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;192.168.100.0/24; };
allow-transfer { key virtul_key ;};
recursion yes;
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

view external {
match-clients { 192.168.100.0/24; };
allow-transfer { key virtual_key ;};
zone "virtual.com" IN {
type slave;
file "slaves/forwardvir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};
zone "100.168.192.in-addr.arpa" IN {
type slave;

file "slaves/reversevir.zone";
masters {192.168.100.1 ; };
#allow-update {none;};
};

};

DNS Master Slave Configuration

1.Master and slave configuration
2.acl setting
3.view setting

For making the Dns a Master dns server we give the type master and for making that slave we give type slaves. And by defaults in slaves the files will be copied from master to slaves defautl /var/named/slaves/ directory.
 
Acl setting acl setting is used to group a set of networks or individual ip's under a single name.

View setting is used to isolate the dns zones for a specific network as per acl or given ip's.we could give the ip's or network or acl which has access to the view in match-client {;}; option inside the view option .


-----------------------------------------------------------------------------
MASTERS-configuration file
-----------------------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "example" { 192.168.122.0/24 ; 127/8 ;  };
acl "virtual" { 192.168.100.0/24 ; 127/8 ;  };
options {
    listen-on port 53 { 127.0.0.1; example ; virtual ;};
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; example; virtual; };
    recursion yes;

#    dnssec-enable yes;
#    dnssec-validation yes;
#    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


view mixed {
match-clients { 192.168.122.2; 192.168.100.1; };
zone "example.com" IN {
        type master;
        file "forward.zone";
        allow-update { none; };
    
};
 zone "122.168.192.in-addr.arpa" IN {
        type master;
        file "reverse.zone";
        allow-update { none; };
};

zone "virtual.com" IN {
        type master;
        file "forwardvir.zone";
        allow-update { none; };
};
 zone "100.168.192.in-addr.arpa" IN {
        type master;
        file "reversevir.zone";
        allow-update { none; };
};

};

view internal {
match-clients { example; };
zone "example.com" IN {
        type master;
        file "forward.zone";
        allow-update { none; };
};
 zone "122.168.192.in-addr.arpa" IN {
        type master;
        file "reverse.zone";
        allow-update { none; };
};
};

view external {
match-clients { virtual; };
zone "virtual.com" IN {
        type master;
        file "forwardvir.zone";
        allow-update { none; };
};
 zone "100.168.192.in-addr.arpa" IN {
        type master;
        file "reversevir.zone";
        allow-update { none; };
};

};

#i:nclude "/etc/named.rfc1912.zones";



-----------------------------------------------------------------------------
SLAVES-configuration file

In salves the zones will have the entry
-----------------------------------------------------------------------------

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.100.0/24 ;};
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.100.0/24 ; };
        recursion yes;

#       dnssec-enable yes;
#       dnssec-validation yes;
#       dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

view external {
match-clients { 192.168.100.0/24; };
zone "virtual.com" IN {
        type slave;
        masters { 192.168.100.1 ; };
        file "slaves/forwardvir.zone";
        allow-update { none; };
};
 zone "100.168.192.in-addr.arpa" IN {
        type slave;
        masters { 192.168.100.1 ; };
        file "slaves/reversevir.zone";
        allow-update { none; };
};

};

Friday, October 19, 2012

Setting sendmail as default

alternatives --display mta
yum install sendmail
service postfix stop
chkconfig postfix off
vim /etc/mail/sendmail.mc
disable the line starting with DEAMON like below
dnl # DEAMON
make -C /etc/mail
alternatives --set Mta /usr/sbin/sendmail
service sendmail start
service sendmail restart
chkconfig sendmail on

Wednesday, October 10, 2012

Apache + SSL = https

Here all my package are place in /apache directory

cd /apache
echo "Switching OFF httpd"
sleep 2

service httpd stop
chkconfig httpd off

echo "Installing needed packages..."
sleep 2

yum install -y pcre*
yum install -y gcc*
yum install -y libtool
yum install -y mod_ssl
yum install -y openssl*
yum install -y libxml*

updatedb

echo "Untaring apache..."
sleep 2

tar zxvf httpd-2.4.3.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.4.1.tar.gz

cd /apache

echo "Moving APR to directories..."
sleep 2

mv apr-1.4.6 /apache/httpd-2.4.3/srclib/apr
mv apr-util-1.4.1 /apache/httpd-2.4.3/srclib/apr-util

mkdir -p /http
cd httpd-2.4.3
echo "Compiling Apache..."
sleep 2
./configure --prefix=/http/ --enable-module=so --enable-rewrite=shared --with-included-apr --enable-cgi --enable-ssl

echo "Installing Apache..."
make
make install

echo "INSTALLATION COMPLETED...."
sleep 2
echo "Time for manual configuration..."
sleep 2

echo "Creating the SSL certificate and key"
sleep 2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "Copying the files to /http/conf"
sleep 2
cp server * /http/conf

echo "configure the ssl in apache"
gedit /http/conf/extra/httpd-ssl.conf

we should edit the ssl conf file to correct certificate and key file

echo "
#SSLEngine on
#SSLCertificateFile
#SSLCertificateKeyFile
" >> /http/conf/httpd.conf
tail -n 7 /etc/httpd/conf/httpd.conf >> /http/conf/httpd.conf
gedit /http/conf/httpd.conf


in httpd conf file we need to give the above 3 lines and path to certificate and key .we need to check whether the module is loaded or hashed ,if hashed we need to un hash it
the a proper service restart will ask for password

/http/bin/apachectl restart

Saturday, October 6, 2012

NFS Sharing

Network File System Sharing is used for sharing the files/directory all through the network

port 2049

files used are
rpc.nfsd
rpc.mountd
rpc.lockd
rpc.statd
rpc.rquotandd

@ /usr/sbin
/etc/init.d/nfs
/etc/init.d/nfslock
/etc/exports

1.Server --- place from which we need to share the directory

---->yum install -y nfs-utils*
---->service nfs restart
---->chkconfig nfs on
---->vim /etc/exports

In this file we say about files we need to share ,the mode in which the files are to shared and network to which the files are to be shared

eg:
/nfs 192.168.0.0/24(ro)
/nfs 192.168.122.0/255.255.255.0(rw,sync)
/nfs 192.168.122.0/24(ro)
some of the modes in which directories can be shared are
crossmnt
no_subtree_check
root_squarch


---->exportfs -r

----****we should set the proper context ,sebool and setfacl for needed user

---->getsebool -a | grep nfs

this will list the needed Boolean we must set it according to the needs

---->setfacl -m u:nfsnobody:rwx /nfs

this will allow the nfsnobody user to use the /nfs directory this is needed if we are giving the write option to the directory

if more problems occur while sharing the directory we should also check the context for selinux or disable the selinux


showmount -e 192.168.0.1
will list the all the nfs shared directory by the server 192.168.0.1

2.Client --- where we will mount the shared directories
there are multiple ways to mount the directory

---->yum install -y nfs*
---->service nfs restart
---->chkconfig nfs on

a.every shared folders will be available at /net every time as readonly type we use that as following ,for first example of sharing

---->cd /net
---->cd 192.168.0.1 cd nfs


b.We can also mount the directory by simple mount command
mount nfs://192.168.0.1/nfs /data

one of the main default of this system is that if we give the entry for mount in fstab and server goes down and if we restart the client ,the client will have boot break to over come this problem we use autofs mounting systems


c.using autofs mounting system

here first we will edit /etc/auto.master file

---->vim /etc/auto.master

/data /etc/auto.nfs

---->vim /etc/auto.nfs

nfs -rw 192.168.122.1:/nfs

----->service autofs reload
----->chkconfig autofs on

here after reloading the autofs service we could browse to that folder
---->cd /data
---->cd nfs
---->ls

Samba Sharing

Samba sharing use for sharing between linux and windows machines

port 137,139,138,445

configuration file /etc/samba/smb.conf

samba sharing can be of two types public and non public with username and passwd

1.public sharing

vim /etc/samba/smb.conf

74 workgroup = MYGROUP
75 server string = Samba Server Version %v

79 interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
80 hosts allow = 127. 192.168.12. 192.168.13.

last 8 lines
[public]
comment = Public Stuff
path = /smb
public = yes
writable = yes
printable = no
write list = +staff
browseable = no


here work group must be capital
server string is the name by which we select the sambaserver
interfaces as per needed
hosts allowed as per needed
later the share name in square bracket its the name by which we select the samba share from the server
path path to the directory
public yes for the public connection
browseable yes to enable browsing




here we are sharing the /smb directory,we should set the context,sebool and setfacl as need
---->chcon -t samba_share_t /smb
---->setfacl -m u:nobody:rwx /smb
and give needed sebool
getsebool -a | grep smb
getsebool -a | grep samba



2.Non public sharing

for a non public sharing the public tag should be no and we should add following tags from lines 252 to last part

valid users = ram

and we need to setfacl for ram to the directory /smb
---->setfacl -m u:ram:rwx /smb

and we need to give smbpasswd

smbpasswd -a ram
smbpasswd -e ram

-a for adding the user to samba users and -e to enable the samba passwd



we could see the hosted samba server by
smbclient -L 192.168.122.1 <---------IP of server

client part
1.public
smbclient -L 192.168.122.1

smbclient //server_string/sharename

2.Non public users

smbclient //server_string/sharename -U username



FTP sharing

File Sharing Protocol

ports used

ftp-data 20/tcp

ftp-data 20/udp

ftp 21/tcp

ftp 21/udp

files are /etc/vsftpd/vsftpd.conf

We have two type of access modes anonymous and user mode

In anonymous we can enter without password & in user mode we should enter password to get access

In anonymous we mode we will be sharing /var/ftp/pub directory & in usermode we will be sharing coresponding users home directory

In anonymous mode users will normally have only read permission if we need to give write permission we need to create a directory inside the /var/ftp and change the context to public_content_rw_t and set the acl of that directory to ftp user to enable anonymous user entry we need to enable following lines as yes

anonymous_enable=YES

write_enable=YES anon_upload_enable=YES

anon_mkdir_write_enable=YES

give the write permission as per need we need to set the sebool also to get it right

getseboot-a | grep ftp

 

To enable user mode entry just set no to all the anonymous settings and set yes to

local_enable=YES and we need to set needed sebool getsebool -a | grep ftp

Monday, October 1, 2012

Bash Terminal shortcuts



Bash Shortcuts Quick Reference



Ctrl-a



Move to the start of the line.



Ctrl-e



Move to the end of the line.



Ctrl-b



Move back one character.



Alt-b



Move back one word.



Ctrl-f



Move forward one character.



Alt-f



Move forward one word.



Ctrl-] x



Where x is any character, moves the cursor forward to the next occurance of x.



Alt-Ctrl-] x



Where x is any character, moves the cursor backwards to the previous occurance of x.



Ctrl-u



Delete from the cursor to the beginning of the line.



Ctrl-k



Delete from the cursor to the end of the line.



Ctrl-w



Delete from the cursor to the start of the word.



Esc-Del



Delete previous word (may not work, instead try Esc followed by Backspace)



Ctrl-y



Pastes text from the clipboard.



Ctrl-l



Clear the screen leaving the current line at the top of the screen.



Ctrl-x Ctrl-u



Undo the last changes. Ctrl-_ does the same



Alt-r



Undo all changes to the line.



Alt-Ctrl-e



Expand command line.



Ctrl-r



Incremental reverse search of history.



Alt-p



Non-incremental reverse search of history.



!!



Execute last command in history



!abc



Execute last command in history beginning with abc



!abc:p



Print last command in history beginning with abc



!n



Execute nth command in history



!$



Last argument of last command



!^



First argument of last command



^abc^xyz



Replace first occurance of abc with xyz in last command and execute it


Wednesday, September 26, 2012

LAMP installation and configuration

#Configuring LAMP-LINUX APACHE MYSQL PHP
#1.LINUX here i use machine preinstalled with rhel 6 desktop kde gnome packages
#installing the LAMP to /LAMP folder /LAMP/http /LAMP/mysql /LAMP/php
#First remove the installed packages
#yum erase http*
#yum erase mysql*
yum erase php*

#installing and configuring APACHE----

#The Package we use are httpd-2.4.3.tar.gz

-->tarxvf httpd-2.4.3.tar.gz
-->cd httpd-2.4.3
-->./configure --prefix=/LAMP/http/ --enable-module=so

#Now an error will occur asking for apr version-1.4 or greater

#Download the apr from http://apr.apache.org/download.cgi
#here i use apr-1.4.6.tar.gz apr-util-1.4.1.tar.gz

-->tar xvf apr-1.4.6.tar.gz
-->tar xvf apr-util-1.4.1.tar.gz
-->mv apr-1.4.6 /lamp/http/httpd-2.4.3/srclib/apr
-->mv apr-util-1.4.1 /lamp/http/httpd-2.4.3/srclib/apr-util
-->./configure --prefix=/LAMP/http/ --enable-module=so--enable-rewrite=shared --with-included-apr

##now if it will ask for pcre packages

-->yum install -y pcre*
-->./configure --prefix=/LAMP/http/ --enable-module=so--enable-rewrite=shared --with-included-apr

-->make
-->make install

-->ls /LAMP/http

#lists the installed files

#to start and stop the service

-->/LAMP/http/bin/apachectl start
-->/LAMP/http/bin/apachectl stop

#
#MYSQL
#

shell> groupadd mysql
shell> useradd -r -g mysql mysql
shell> cd /usr/local
shell> tar zxvf /path/to/mysql-VERSION-OS.tar.gz
shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> chown -R mysql .
shell> chgrp -R mysql .
shell> scripts/mysql_install_db --user=mysql
shell> chown -R root .
shell> chown -R mysql data
# Next command is optional
shell> cp support-files/my-medium.cnf /etc/my.cnf
shell> bin/mysqld_safe --user=mysql &
# Next command is optional
shell> cp support-files/mysql.server /etc/init.d/mysql.server

 

#Package- mysql-5.5.16.tar.gz

-->tar -xvf mysql-5.5.16.tar.gz
-->cd mysql-5.5.16
-->yum install make
-->yum install cmake
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->yum install -y *curses*
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->rm -rf CMakeCache.txt
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->yum install bison
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->rm -rf CMakeCache.txt
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->make
-->make install

-->updatedb
-->locate mysql_install_db
-->cd /LAMP/mysql/
-->./scripts/mysql_install_db
-->./scripts/mysql_install_db --user mysql
-->cat /etc/ld.so.conf
-->echo "/LAMP/mysql/lib/" >> /etc/ld.so.conf
--->cat /etc/ld.so.conf
-->ldconfig

-->cd /LAMP/
-->cd mysql/
-->ls
-->cp support-files/mysql.server /etc/rc.d/init.d/mysql
-->/etc/rc.d/init.d/mysql start

-->touch /tmp/mysql.sock
-->chown mysql:mysql /tmp/mysql.sock
-->./support-files/my-medium.cnf /etc/my.cnf

##in case of any error like cannot manage pid file etc do as following

-->/LAMP/mysql/scripts/mysql_install_db --user=mysql --ldata=/LAMP/mysql/data
-->/LAMP/mysql/bin/mysqld_safe --datadir=/LAMP/mysql/data --user-mysql
#that should solve the error

testing
mysqladmin -u root password new-password

mysql -u root -p

mysql>

drop database test;
use mysql;
delete from db;
delete from user where not (host="localhost" and user="root");
flush privileges;

update user set user="sqladmin" where user="root";
flush privileges;

create database foo;

You should see the result:

Query OK, 1 row affected (0.04 sec)

mysql>

Delete the database:

drop database foo;

You should see the result:

Query OK, 0 rows affected (0.06 sec)

mysql>

To exit from mysql enter \q:

\q

#
#PHP
#

#Package php-5.4.7.tar.gz

-->tar xvf php-5.4.7.tar.gz
-->cd php-5.4.7
-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs=/LAMP/http/bin/apxs

-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs2=/LAMP/http/bin/apxs

-->yum install libxml
-->yum install libxml*
-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs2=/LAMP/http/bin/apxs

-->make
-->232 make test
-->make install

-->cp php.ini-development /LAMP/php/lib/php.ini

-->ln -s /LAMP/php/lib/php.ini /etc/php.ini
#
#Adding php to apache
#

-->vim /LAMP/http/conf/httpd.conf

#To ensure your PHP files are properly interpreted add in httpd.conf

------AddType application/x-httpd-php .php
------AddType application/x-httpd-php-source .phps
------AddType application/x-tar .tgz

-->/LAMP/http/bin/apachectl restart

-->/LAMP/http/bin/apachectl start

-->touch /LAMP/http/htdocs/index.php
-->rm -rf /LAMP/http/htdocs/index.html

-->/LAMP/http/bin/apachectl restart

Tuesday, September 25, 2012

Amanda 3.3 configuration in Rhel 6

#Configuring AMANDA 3.3 FOR RHEL 6 SERVER AND CLIENT ,fedora
#first configure dhcp and dns before this
#packages needed are amanda and xinetd
#steps are
#1.setting up the server
#2.setting up the client
#3.verifying the connection
#4.taking the backup
#5.recovering the backup


#package installations
#xinetd packages are available in the package set of the os cd/DVD
#you can get the amanda server and client rpm from Following link

http://www.zmanda.com/downloads/community/Amanda/3.3.2/Redhat_Enterprise_6.0/

#there will be two files one for server and another for client
#amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm
#amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm


#1.setting up the server
#->install the rpm
-------->yum -y install amanda-backup-server-3.3.2-1.rhel6.x86_64.rpm
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Examining /root/Downloads/amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm: amanda-backup_server-3.3.2-1.rhel6.x86_64
Marking /root/Downloads/amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package amanda-backup_server.x86_64 0:3.3.2-1.rhel6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================
Package Arch Version Repository Size
=========================================================
Installing:
amanda-backup_server
x86_64 3.3.2-1.rhel6 /amanda-backup_server-3.3.2-1.rhel6.x86_64 8.8 M

Transaction Summary
===========================================================
Install 1 Package(s)

Total size: 8.8 M
Installed size: 8.8 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : amanda-backup_server-3.3.2-1.rhel6.x86_64 1/1
Amanda installation log can be found in '/var/log/amanda/install.log'.
duration: 196(ms)
Installed products updated.

Installed:
amanda-backup_server.x86_64 0:3.3.2-1.rhel6

Complete!

#-------->set password for the amandabackup user
passwd amandabackup
****
****
#Create a directory for our vtapes, and set its ownership and permissions:

mkdir -p /data/amanda/vtape/DailySet1

chown amandabackup:disk /data/amanda/vtape/DailySet1

chmod -R 750 /data/amanda/vtape/DailySet1

# Change to the amandabackup user:

su – amandabackup

# As amandabackup user, run amserverconfig to create a vtape configuration:
#the backup will be at /data/amanda/vtape/DailySet1

-bash-4.1$ amserverconfig DailySet1 –template harddisk –tapedev /data/amanda/vtape/DailySet1 –mailto root@localhost –dumpcycle 1week –runspercycle 5 –tapecycle 12 –runtapes 1

Logging to /var/log/amanda/amserverconfig.20120925120547.debug
mkdir /etc/amanda/DailySet1
mkdir /etc/amanda/template.d
/etc/amanda/template.d directory created
/var/lib/amanda/gnutar-lists directory exists
/etc/amanda/DailySet1/advanced.conf created and updated
mkdir /etc/amanda/DailySet1/curinfo
mkdir /etc/amanda/DailySet1/index
curinfo and index directory created
tapelist file created
disklist file created
Creating custom configuration using templates
custom amanda.conf created
creating vtape directory
amlabel vtapes
mkdir slot1
mkdir slot11
mkdir slot12
changer is reset
/var/lib/amanda/example/xinetd.amandaserver contains the latest Amanda server daemon configuration.
Please merge it to /etc/xinetd.d/amandaserver.
/var/lib/amanda/.ssh/client_authorized_keys created. Please append to /var/lib/amanda/.ssh/authorized_keys file on Amanda clients
DONE.

--------->cp /var/lib/amanda/example/xinetd.amandaserver /etc/xinetd.d/amandaserver
###
#####Go to client machine and install client rpm

####
---->>yum -y install amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm

Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Examining /root/Downloads/amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm: amanda-backup_client-3.3.2-1.rhel6.x86_64
Marking /root/Downloads/amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package amanda-backup_client.x86_64 0:3.3.2-1.rhel6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================
Package Arch Version Repository Size
========================================================
Installing:
amanda-backup_client
x86_64 3.3.2-1.rhel6 /amanda-backup_client-3.3.2-1.rhel6.x86_64 8.2 M

Transaction Summary
===================================================
Install 1 Package(s)

Total size: 8.2 M
Installed size: 8.2 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : amanda-backup_client-3.3.2-1.rhel6.x86_64 1/1
Non-fatal POSTIN scriptlet failure in rpm package amanda-backup_client-3.3.2-1.rhel6.x86_64
Amanda installation log can be found in '/var/log/amanda/install.log'.
warning: %post(amanda-backup_client-3.3.2-1.rhel6.x86_64) scriptlet failed, exit status 4
uration: 1112(ms)
Installed products updated.

Installed:
amanda-backup_client.x86_64 0:3.3.2-1.rhel6

Complete!


#------------>set password for amandabackup
passwd amandabackup
* * *
* * *

##To recover on a Linux client, you must first specify the tape device on the server to use. In each Linux clients we change the file /etc/amanda/amanda-client.conf. Change this line:

tapedev “tape:/dev/YOUR-TAPE-DEVICE-HERE” # your tape device

to this:

tapedev “file://data/amanda/vtape/DailySet1″ # your tape device

#---------->add the amanda server to clients /etc/hosts
192.168.122.1 server.example.com

###NOW got to server and add the client
##at server.example.com
#we are going to add the client 192.168.122.99 to backup the /root for #client to DailySet1 tapes

----->-bash-4.1$ amaddclient --config DailySet1 --client 192.168.122.99 --diskdev /root --dumptype comp-user-tar



Logging to /var/log/amanda/amaddclient.20120925122047.debug
/etc/amanda/DailySet1/disklist updated
updating /var/lib/amanda/.amandahosts on server.example.com
Attempting to update /var/lib/amanda/.amandahosts on 192.168.122.99
#The authenticity of host '192.168.122.99 (192.168.122.99)' cant be established.
RSA key fingerprint is a3:be:8d:07:a8:f8:0b:af:25:bb:a5:b2:57:55:c5:14.
Are you sure you want to continue connecting (yes/no)? yes
#Warning: Permanently added '192.168.122.99' (RSA) to the list of known hosts.
#amandabackup@192.168.122.99's password:
amandahosts 100% 72 0.1KB/s 00:00
#amandabackup@192.168.122.99's password:
amandahosts.tmp 100% 112 0.1KB/s #00:00
192.168.122.99:/var/lib/amanda/.amandahosts updated successfully
#Creating amanda-client.conf for 192.168.122.99
Creating /etc/amanda/DailySet1 on 192.168.122.99
#amandabackup@192.168.122.99's password:
#amandabackup@192.168.122.99's password:
amanda-client.conf-192.168.122.99 100% 388 0.4KB/s 00:00
Copy /var/lib/amanda/amanda-client.conf-192.168.122.99 to 192.168.122.99 successfully
File /var/lib/amanda/example/xinetd.amandaclient contains the latest Amanda client daemon configuration.
Please merge it to /etc/xinetd.d/amandaclient.

------>cp /var/lib/amanda/example/xinetd.amandaclient /etc/xinetd.d/amandaclient

##adding client to servers amandahost

---->echo "client99.example.com root amindexd amidxtaped" >> /var/lib/amanda/.amandahosts
##adding cliennt to servers /etc/hosts
--->echo "192.168.122.99 client99.example.com" >> /etc/hosts


##
##
##Verifying the connection
##
---->-bash-4.1$ amcheck DailySet1

Amanda Tape Server Host Check
-----------------------------
found in slot 1: volume 'DailySet1-1'
slot 1: volume 'DailySet1-1'
Will write to volume 'DailySet1-1' in slot 1.
NOTE: skipping tape-writable test
NOTE: host info dir /etc/amanda/DailySet1/curinfo/192.168.122.99 does not exist
NOTE: it will be created on the next run.
NOTE: index dir /etc/amanda/DailySet1/index/192.168.122.99 does not exist
NOTE: it will be created on the next run.
Server check took 0.189 seconds

Amanda Backup Client Hosts Check
---------------------------------
Client check: 1 host checked in 2.101 seconds. 0 problems found.

(brought to you by Amanda 3.3.2)


##if its 0 problem found then its correct

####taking the backup
-bash-4.1$ amdump DailySet1

##it will be at /data/amanda/vtape/DailySet1/


###
###to recove a file
###
#adding client to servers amandahosts

--->echo "client99.example.com root amindexd amidxtaped" >> /var/lib/amanda/.amandahosts

###got to client
# backup will be at /data/amanda/vtape/DailySet1/
as user root
--->>
---->> amrecover DailySet1

AMRECOVER Version 3.1.0. Contacting server on server.example.com …

#to list the back up

amrecover> listdisk
#use set disk to load the folder

amrecover> setdisk /srv/www/htdocs/
# list the file

amrecover> ls
#add the needed file

amrecover> add *
#extract the added files

amrecover> extract

#exiting
amrecover> exit
200 Good bye.

Tuesday, September 18, 2012

Virtual installation in Rhel ,Fedora

#!/bin/bash
#configuring install-vserver
#kickstart configuration and adding entry into the pxelinux.0/default for virtual
echo"
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=\"http://192.168.122.1/RHEL\"
repo --name=\"Red Hat Enterprise Linux\" --baseurl=http://192.168.122.1/RHEL --cost=100

# Root password
rootpw --iscrypted $1$kUpEHfw2$tJfHCPSVuVvMn7NwcwzJG/
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Kolkata
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --append=\"crashkernel=auto rhgb quiet\" --location=mbr --driveorder=\"vda\"
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype=\"ext4\" --size=200
part pv.01 --grow --size=1
volgroup myclient --pesize=4096 pv.01
logvol / --fstype=\"ext4\" --vgname=myclient --size=10240 --name=redhat

%post --interpreter=/bin/bash
sed -ie 's/id:3:initdefault:/id:5:initdefault:/g' /etc/inittab
%end
repo --name=\"Red Hat Enterprise Linux\" --baseurl=http://192.168.122.1/RHEL --cost=100
%packages
@base
@basic-desktop
@client-mgmt-tools
@core
@debugging
@desktop-debugging
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@input-methods
@internet-browser
@java-platform
@kde-desktop
@legacy-x
@network-file-system-client
@perl-runtime
@print-client
@remote-desktop-clients
@server-platform
@server-policy
@x11
abrt-gui
alacarte
audit-viewer
bitmap-fixed-fonts
bitmap-lucida-typewriter-fonts
bltk
certmonger
cjkuni-fonts-ghostscript
dvgrab
firstaidkit-gui
gconf-editor
gedit-plugins
genisoimage
gnome-games
gnome-pilot
gnome-pilot-conduits
kdebase-workspace-akonadi
kdebase-workspace-python-applet
krb5-auth-dialog
krb5-workstation
libXmu
libXp
mtools
oddjob
openmotif
openmotif22
oprofile-gui
pam_krb5
pax
perl-DBD-SQLite
policycoreutils-gui
python-dmidecode
qt-mysql
qt-odbc
qt-postgresql
qt3-MySQL
qt3-ODBC
qt3-PostgreSQL
rdesktop
rhythmbox-upnp
sabayon
sabayon-apply
seahorse-plugins
setroubleshoot
sgpio
spice-client
spice-xpi
squashfs-tools
system-config-kickstart
system-config-lvm
systemtap-grapher
tigervnc
tigervnc-server
totem-upnp
tsclient
vim-X11
vinagre
wacomcpl
wodim
xguest
xorg-x11-fonts-75dpi
xorg-x11-fonts-ISO8859-1-75dpi
xorg-x11-fonts-ISO8859-14-100dpi
xorg-x11-fonts-ISO8859-14-75dpi
xorg-x11-fonts-ISO8859-15-75dpi
xorg-x11-fonts-ISO8859-2-100dpi
xorg-x11-fonts-ISO8859-2-75dpi
xorg-x11-fonts-ISO8859-9-100dpi
xorg-x11-fonts-ISO8859-9-75dpi
xorg-x11-fonts-cyrillic
xorg-x11-fonts-ethiopic
xorg-x11-twm
xorg-x11-xdm
xrestop
xterm

%end"> /var/www/html/ks.cfg

#restarting the dhcp server
service dhcpd restart

#virtual sh command to install virtual machine ---all packages of virtual must be installed
yum install -y *virt*

virt-install -n client -r 1500 --disk path=/var/lib/libvirt/images/client,size=12 --graphics spice --pxe --os-type=linux


virt-install -n client1 -r 1000 --disk path=/var/lib/libvirt/images/client1,size=12 -l http://192.168.122.2/RHEL --os-type=linux -x "ks=http://192.168.122.2/client.cfg"

Setting up a PXE BOOT server @RHEL,FEDORA

#This is a configuration script for making a pxe boot server for rhel
#Packages needed are
#1.sylinux
#2.any server to share rhel cd/dvd source and kickstarts ---here ve use httpd
#3.kickstart
#4.tftp-server
#5.xinet
#6.dhcp






#---------------------------------------------------------------
#configuring syslinux
yum install -y syslinux

#--------------------------------------------------------------
#configuring the httpd
yum install -y httpd
service httpd restart
chkconfig httpd on
#mount the rhel iso to /var/www/html/RHEL

#---------------------------------------------------------------
#creating the correct kickstart file in the httpd server
echo "
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=\"http://192.168.122.1/RHEL\"
repo --name=\"Red Hat Enterprise Linux\" --baseurl=http://192.168.122.1/RHEL --cost=100

# Root password
rootpw --iscrypted $1$kUpEHfw2$tJfHCPSVuVvMn7NwcwzJG/
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone  Asia/Kolkata
# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --append=\"crashkernel=auto rhgb quiet\" --location=mbr --driveorder=\"sda\"
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype=\"ext4\" --size=200
part pv.01 --grow --size=1
volgroup myclient --pesize=4096 pv.01
logvol / --fstype=\"ext4\" --vgname=myclient --size=50240 --name=redhat

%post --interpreter=/bin/bash
sed -ie 's/id:3:initdefault:/id:5:initdefault:/g' /etc/inittab
touch /usr/bin/install-client < "
virt-install -n client -r 1500  --disk path=/var/lib/libvirt/images/client,size=12  --pxe --os-type=linux"
install-client
%end

repo --name=\"Red Hat Enterprise Linux\" --baseurl=http://192.168.122.1/RHEL --cost=100
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@hardware-monitoring
@input-methods
@java-platform
@kde-desktop
@large-systems
@legacy-x
@network-file-system-client
@performance
@perl-runtime
@remote-desktop-clients
@server-platform
@server-policy
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@x11
mtools
pax
python-dmidecode
oddjob
squashfs-tools
sgpio
genisoimage
wodim
sabayon-apply
xguest
tigervnc-server
oprofile-gui
abrt-gui
xrestop
systemtap-grapher
bltk
qt-mysql
qt3-ODBC
qt-odbc
qt-postgresql
qt3-PostgreSQL
qt3-MySQL
certmonger
pam_krb5
krb5-workstation
cjkuni-fonts-ghostscript
bitmap-fixed-fonts
bitmap-lucida-typewriter-fonts
krb5-auth-dialog
gnome-pilot-conduits
gconf-editor
dvgrab
alacarte
seahorse-plugins
rhythmbox-upnp
gnome-games
gedit-plugins
gnome-pilot
totem-upnp
vim-X11
sabayon
system-config-lvm
audit-viewer
setroubleshoot
firstaidkit-gui
system-config-kickstart
policycoreutils-gui
kdebase-workspace-akonadi
kdebase-workspace-python-applet
xorg-x11-twm
openmotif
xorg-x11-fonts-ISO8859-1-75dpi
xterm
xorg-x11-fonts-cyrillic
xorg-x11-xdm
xorg-x11-fonts-ISO8859-9-100dpi
xorg-x11-fonts-ISO8859-14-100dpi
xorg-x11-fonts-75dpi
xorg-x11-fonts-ISO8859-9-75dpi
libXmu
xorg-x11-fonts-ISO8859-15-75dpi
libXp
openmotif22
xorg-x11-fonts-ISO8859-14-75dpi
xorg-x11-fonts-ISO8859-2-75dpi
xorg-x11-fonts-ethiopic
xorg-x11-fonts-ISO8859-2-100dpi
perl-DBD-SQLite
spice-xpi
tsclient
rdesktop
vinagre
tigervnc
spice-client
qemu-kvm-tools
fence-virtd-serial
fence-virtd-multicast
libvirt-java
libvirt-cim
fence-virtd-libvirt
perl-Sys-Virt
libvirt-qpid
libguestfs-java
virt-v2v
libguestfs-tools
libguestfs-mount
wacomcpl

%end"> /var/www/html/pxe.cfg
#------------------------------------------------------------------------------

#configure the tftp server
yum install -y tftp-server

#copying the needed file file pxelinux.0 from syslinux to /var/lib/tftpboot
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

#making a directory pxelinux.cfg to store the default menu
mkdir -p /var/lib/tftpboot/pxelinux.cfg

#making the default file with kernal to load and correct shared kickstart file
touch /var/lib/tftpboot/pxelinux.cfg/default
echo "
default menu.c32
menu title BOOT MENU

label redhat
kernel rhel/vmlinuz
append  initrd=rhel/initrd.img ks=http://192.168.122.1/pxe.cfg

" > /var/lib/tftpboot/pxelinux.cfg/default


vim /var/lib/tftpboot/pxelinux.cfg/default
#copying menu.c32 into /var/lib/tftpboot/
cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot/

#copiying splash image for boot menu

cp /boot/grub/splash.xpm.gz /var/lib/tftpboot/
#---------------------------------------------------------------------------
#configure xinet files

yum install -y xinetd

#change the disabled paremeter form yes to no in /etc/xinet.d/tftp
echo "diable = no ">> /etc/xinetd.d/tftp

vim /etc/xinetd.d/tftp

service xinetd restart
chkconfig xinetd on

#----------------------------------------------------------------------------
# Before starting this script you must configure the dhcp server properly
#do the needed dhcp setting for the pxe
yum install -y dhcp

echo "
option domain-name \"server.example.com\";
option routers 192.168.122.1;
Allow booting;
Allow bootp;
next-server 192.168.122.1; <<---------pxe server ip
filename \"pxelinux.0\";
" >> /etc/dhcp/dhcpd.conf
#Openeing the dhcp file for editing
vim /etc/dhcp/dhcpd.conf
#dhcpd service is restarted and chkconfig is done

service dhcpd restart
chkconfig dhcpd on