Wednesday, October 10, 2012
Apache + SSL = https
cd /apache
echo "Switching OFF httpd"
sleep 2
service httpd stop
chkconfig httpd off
echo "Installing needed packages..."
sleep 2
yum install -y pcre*
yum install -y gcc*
yum install -y libtool
yum install -y mod_ssl
yum install -y openssl*
yum install -y libxml*
updatedb
echo "Untaring apache..."
sleep 2
tar zxvf httpd-2.4.3.tar.gz
tar zxvf apr-1.4.6.tar.gz
tar zxvf apr-util-1.4.1.tar.gz
cd /apache
echo "Moving APR to directories..."
sleep 2
mv apr-1.4.6 /apache/httpd-2.4.3/srclib/apr
mv apr-util-1.4.1 /apache/httpd-2.4.3/srclib/apr-util
mkdir -p /http
cd httpd-2.4.3
echo "Compiling Apache..."
sleep 2
./configure --prefix=/http/ --enable-module=so --enable-rewrite=shared --with-included-apr --enable-cgi --enable-ssl
echo "Installing Apache..."
make
make install
echo "INSTALLATION COMPLETED...."
sleep 2
echo "Time for manual configuration..."
sleep 2
echo "Creating the SSL certificate and key"
sleep 2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "Copying the files to /http/conf"
sleep 2
cp server * /http/conf
echo "configure the ssl in apache"
gedit /http/conf/extra/httpd-ssl.conf
we should edit the ssl conf file to correct certificate and key file
echo "
#SSLEngine on
#SSLCertificateFile
#SSLCertificateKeyFile
" >> /http/conf/httpd.conf
tail -n 7 /etc/httpd/conf/httpd.conf >> /http/conf/httpd.conf
gedit /http/conf/httpd.conf
in httpd conf file we need to give the above 3 lines and path to certificate and key .we need to check whether the module is loaded or hashed ,if hashed we need to un hash it
the a proper service restart will ask for password
/http/bin/apachectl restart
Saturday, October 6, 2012
NFS Sharing
port 2049
files used are
rpc.nfsd
rpc.mountd
rpc.lockd
rpc.statd
rpc.rquotandd
@ /usr/sbin
/etc/init.d/nfs
/etc/init.d/nfslock
/etc/exports
1.Server --- place from which we need to share the directory
---->yum install -y nfs-utils*
---->service nfs restart
---->chkconfig nfs on
---->vim /etc/exports
In this file we say about files we need to share ,the mode in which the files are to shared and network to which the files are to be shared
eg:
/nfs 192.168.0.0/24(ro)
/nfs 192.168.122.0/255.255.255.0(rw,sync)
/nfs 192.168.122.0/24(ro)
some of the modes in which directories can be shared are
crossmnt
no_subtree_check
root_squarch
---->exportfs -r
----****we should set the proper context ,sebool and setfacl for needed user
---->getsebool -a | grep nfs
this will list the needed Boolean we must set it according to the needs
---->setfacl -m u:nfsnobody:rwx /nfs
this will allow the nfsnobody user to use the /nfs directory this is needed if we are giving the write option to the directory
if more problems occur while sharing the directory we should also check the context for selinux or disable the selinux
showmount -e 192.168.0.1
will list the all the nfs shared directory by the server 192.168.0.1
2.Client --- where we will mount the shared directories
there are multiple ways to mount the directory
---->yum install -y nfs*
---->service nfs restart
---->chkconfig nfs on
a.every shared folders will be available at /net every time as readonly type we use that as following ,for first example of sharing
---->cd /net
---->cd 192.168.0.1 cd nfs
b.We can also mount the directory by simple mount command
mount nfs://192.168.0.1/nfs /data
one of the main default of this system is that if we give the entry for mount in fstab and server goes down and if we restart the client ,the client will have boot break to over come this problem we use autofs mounting systems
c.using autofs mounting system
here first we will edit /etc/auto.master file
---->vim /etc/auto.master
/data /etc/auto.nfs
---->vim /etc/auto.nfs
nfs -rw 192.168.122.1:/nfs
----->service autofs reload
----->chkconfig autofs on
here after reloading the autofs service we could browse to that folder
---->cd /data
---->cd nfs
---->ls
Samba Sharing
port 137,139,138,445
configuration file /etc/samba/smb.conf
samba sharing can be of two types public and non public with username and passwd
1.public sharing
vim /etc/samba/smb.conf
74 workgroup = MYGROUP
75 server string = Samba Server Version %v
79 interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
80 hosts allow = 127. 192.168.12. 192.168.13.
last 8 lines
[public]
comment = Public Stuff
path = /smb
public = yes
writable = yes
printable = no
write list = +staff
browseable = no
here work group must be capital
server string is the name by which we select the sambaserver
interfaces as per needed
hosts allowed as per needed
later the share name in square bracket its the name by which we select the samba share from the server
path path to the directory
public yes for the public connection
browseable yes to enable browsing
here we are sharing the /smb directory,we should set the context,sebool and setfacl as need
---->chcon -t samba_share_t /smb
---->setfacl -m u:nobody:rwx /smb
and give needed sebool
getsebool -a | grep smb
getsebool -a | grep samba
2.Non public sharing
for a non public sharing the public tag should be no and we should add following tags from lines 252 to last part
valid users = ram
and we need to setfacl for ram to the directory /smb
---->setfacl -m u:ram:rwx /smb
and we need to give smbpasswd
smbpasswd -a ram
smbpasswd -e ram
-a for adding the user to samba users and -e to enable the samba passwd
we could see the hosted samba server by
smbclient -L 192.168.122.1 <---------IP of server
client part
1.public
smbclient -L 192.168.122.1
smbclient //server_string/sharename
2.Non public users
smbclient //server_string/sharename -U username
FTP sharing
ports used
ftp-data 20/tcp
ftp-data 20/udp
ftp 21/tcp
ftp 21/udp
files are /etc/vsftpd/vsftpd.conf
We have two type of access modes anonymous and user mode
In anonymous we can enter without password & in user mode we should enter password to get access
In anonymous we mode we will be sharing /var/ftp/pub directory & in usermode we will be sharing coresponding users home directory
In anonymous mode users will normally have only read permission if we need to give write permission we need to create a directory inside the /var/ftp and change the context to public_content_rw_t and set the acl of that directory to ftp user to enable anonymous user entry we need to enable following lines as yes
anonymous_enable=YES
write_enable=YES anon_upload_enable=YES
anon_mkdir_write_enable=YES
give the write permission as per need we need to set the sebool also to get it right
getseboot-a | grep ftp
To enable user mode entry just set no to all the anonymous settings and set yes to
local_enable=YES and we need to set needed sebool getsebool -a | grep ftp
Monday, October 1, 2012
Bash Terminal shortcuts
Bash Shortcuts Quick Reference | |
Ctrl-a | Move to the start of the line. |
Ctrl-e | Move to the end of the line. |
Ctrl-b | Move back one character. |
Alt-b | Move back one word. |
Ctrl-f | Move forward one character. |
Alt-f | Move forward one word. |
Ctrl-] x | Where x is any character, moves the cursor forward to the next occurance of x. |
Alt-Ctrl-] x | Where x is any character, moves the cursor backwards to the previous occurance of x. |
Ctrl-u | Delete from the cursor to the beginning of the line. |
Ctrl-k | Delete from the cursor to the end of the line. |
Ctrl-w | Delete from the cursor to the start of the word. |
Esc-Del | Delete previous word (may not work, instead try Esc followed by Backspace) |
Ctrl-y | Pastes text from the clipboard. |
Ctrl-l | Clear the screen leaving the current line at the top of the screen. |
Ctrl-x Ctrl-u | Undo the last changes. Ctrl-_ does the same |
Alt-r | Undo all changes to the line. |
Alt-Ctrl-e | Expand command line. |
Ctrl-r | Incremental reverse search of history. |
Alt-p | Non-incremental reverse search of history. |
!! | Execute last command in history |
!abc | Execute last command in history beginning with abc |
!abc:p | Print last command in history beginning with abc |
!n | Execute nth command in history |
!$ | Last argument of last command |
!^ | First argument of last command |
^abc^xyz | Replace first occurance of abc with xyz in last command and execute it |
Wednesday, September 26, 2012
LAMP installation and configuration
#Configuring LAMP-LINUX APACHE MYSQL PHP
#1.LINUX here i use machine preinstalled with rhel 6 desktop kde gnome packages
#installing the LAMP to /LAMP folder /LAMP/http /LAMP/mysql /LAMP/php
#First remove the installed packages
#yum erase http*
#yum erase mysql*
yum erase php*
#installing and configuring APACHE----
#The Package we use are httpd-2.4.3.tar.gz
-->tarxvf httpd-2.4.3.tar.gz
-->cd httpd-2.4.3
-->./configure --prefix=/LAMP/http/ --enable-module=so
#Now an error will occur asking for apr version-1.4 or greater
#Download the apr from http://apr.apache.org/download.cgi
#here i use apr-1.4.6.tar.gz apr-util-1.4.1.tar.gz
-->tar xvf apr-1.4.6.tar.gz
-->tar xvf apr-util-1.4.1.tar.gz
-->mv apr-1.4.6 /lamp/http/httpd-2.4.3/srclib/apr
-->mv apr-util-1.4.1 /lamp/http/httpd-2.4.3/srclib/apr-util
-->./configure --prefix=/LAMP/http/ --enable-module=so--enable-rewrite=shared --with-included-apr
##now if it will ask for pcre packages
-->yum install -y pcre*
-->./configure --prefix=/LAMP/http/ --enable-module=so--enable-rewrite=shared --with-included-apr
-->make
-->make install
-->ls /LAMP/http
#lists the installed files
#to start and stop the service
-->/LAMP/http/bin/apachectl start
-->/LAMP/http/bin/apachectl stop
#
#MYSQL
#
shell> groupadd mysql
shell> useradd -r -g mysql mysql
shell> cd /usr/local
shell> tar zxvf /path/to/mysql-VERSION-OS.tar.gz
shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> chown -R mysql .
shell> chgrp -R mysql .
shell> scripts/mysql_install_db --user=mysql
shell> chown -R root .
shell> chown -R mysql data
# Next command is optional
shell> cp support-files/my-medium.cnf /etc/my.cnf
shell> bin/mysqld_safe --user=mysql &
# Next command is optional
shell> cp support-files/mysql.server /etc/init.d/mysql.server
#Package- mysql-5.5.16.tar.gz
-->tar -xvf mysql-5.5.16.tar.gz
-->cd mysql-5.5.16
-->yum install make
-->yum install cmake
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->yum install -y *curses*
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->rm -rf CMakeCache.txt
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->yum install bison
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->rm -rf CMakeCache.txt
-->cmake -DCMAKE_INSTALL_PREFIX=/LAMP/mysql
-->make
-->make install
-->updatedb
-->locate mysql_install_db
-->cd /LAMP/mysql/
-->./scripts/mysql_install_db
-->./scripts/mysql_install_db --user mysql
-->cat /etc/ld.so.conf
-->echo "/LAMP/mysql/lib/" >> /etc/ld.so.conf
--->cat /etc/ld.so.conf
-->ldconfig
-->cd /LAMP/
-->cd mysql/
-->ls
-->cp support-files/mysql.server /etc/rc.d/init.d/mysql
-->/etc/rc.d/init.d/mysql start
-->touch /tmp/mysql.sock
-->chown mysql:mysql /tmp/mysql.sock
-->./support-files/my-medium.cnf /etc/my.cnf
##in case of any error like cannot manage pid file etc do as following
-->/LAMP/mysql/scripts/mysql_install_db --user=mysql --ldata=/LAMP/mysql/data
-->/LAMP/mysql/bin/mysqld_safe --datadir=/LAMP/mysql/data --user-mysql
#that should solve the error
testing
mysqladmin -u root password new-password
mysql -u root -p
mysql>
drop database test;
use mysql;
delete from db;
delete from user where not (host="localhost" and user="root");
flush privileges;
update user set user="sqladmin" where user="root";
flush privileges;
create database foo;
You should see the result:
Query OK, 1 row affected (0.04 sec)
mysql>
Delete the database:
drop database foo;
You should see the result:
Query OK, 0 rows affected (0.06 sec)
mysql>
To exit from mysql enter \q:
\q
#
#PHP
#
#Package php-5.4.7.tar.gz
-->tar xvf php-5.4.7.tar.gz
-->cd php-5.4.7
-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs=/LAMP/http/bin/apxs
-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs2=/LAMP/http/bin/apxs
-->yum install libxml
-->yum install libxml*
-->./configure --prefix=/LAMP/php/ --with-zlibs-dir=/usr/lib --with-xml --enable-mm=shared --with-apxs2=/LAMP/http/bin/apxs
-->make
-->232 make test
-->make install
-->cp php.ini-development /LAMP/php/lib/php.ini
-->ln -s /LAMP/php/lib/php.ini /etc/php.ini
#
#Adding php to apache
#
-->vim /LAMP/http/conf/httpd.conf
#To ensure your PHP files are properly interpreted add in httpd.conf
------AddType application/x-httpd-php .php
------AddType application/x-httpd-php-source .phps
------AddType application/x-tar .tgz
-->/LAMP/http/bin/apachectl restart
-->/LAMP/http/bin/apachectl start
-->touch /LAMP/http/htdocs/index.php
-->rm -rf /LAMP/http/htdocs/index.html
-->/LAMP/http/bin/apachectl restart
Tuesday, September 25, 2012
Amanda 3.3 configuration in Rhel 6
#first configure dhcp and dns before this
#packages needed are amanda and xinetd
#steps are
#1.setting up the server
#2.setting up the client
#3.verifying the connection
#4.taking the backup
#5.recovering the backup
#package installations
#xinetd packages are available in the package set of the os cd/DVD
#you can get the amanda server and client rpm from Following link
http://www.zmanda.com/downloads/community/Amanda/3.3.2/Redhat_Enterprise_6.0/
#there will be two files one for server and another for client
#amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm
#amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm
#1.setting up the server
#->install the rpm
-------->yum -y install amanda-backup-server-3.3.2-1.rhel6.x86_64.rpm
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Examining /root/Downloads/amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm: amanda-backup_server-3.3.2-1.rhel6.x86_64
Marking /root/Downloads/amanda-backup_server-3.3.2-1.rhel6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package amanda-backup_server.x86_64 0:3.3.2-1.rhel6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================
Package Arch Version Repository Size
=========================================================
Installing:
amanda-backup_server
x86_64 3.3.2-1.rhel6 /amanda-backup_server-3.3.2-1.rhel6.x86_64 8.8 M
Transaction Summary
===========================================================
Install 1 Package(s)
Total size: 8.8 M
Installed size: 8.8 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : amanda-backup_server-3.3.2-1.rhel6.x86_64 1/1
Amanda installation log can be found in '/var/log/amanda/install.log'.
duration: 196(ms)
Installed products updated.
Installed:
amanda-backup_server.x86_64 0:3.3.2-1.rhel6
Complete!
#-------->set password for the amandabackup user
passwd amandabackup
****
****
#Create a directory for our vtapes, and set its ownership and permissions:
mkdir -p /data/amanda/vtape/DailySet1
chown amandabackup:disk /data/amanda/vtape/DailySet1
chmod -R 750 /data/amanda/vtape/DailySet1
# Change to the amandabackup user:
su – amandabackup
# As amandabackup user, run amserverconfig to create a vtape configuration:
#the backup will be at /data/amanda/vtape/DailySet1
-bash-4.1$ amserverconfig DailySet1 –template harddisk –tapedev /data/amanda/vtape/DailySet1 –mailto root@localhost –dumpcycle 1week –runspercycle 5 –tapecycle 12 –runtapes 1
Logging to /var/log/amanda/amserverconfig.20120925120547.debug
mkdir /etc/amanda/DailySet1
mkdir /etc/amanda/template.d
/etc/amanda/template.d directory created
/var/lib/amanda/gnutar-lists directory exists
/etc/amanda/DailySet1/advanced.conf created and updated
mkdir /etc/amanda/DailySet1/curinfo
mkdir /etc/amanda/DailySet1/index
curinfo and index directory created
tapelist file created
disklist file created
Creating custom configuration using templates
custom amanda.conf created
creating vtape directory
amlabel vtapes
mkdir slot1
mkdir slot11
mkdir slot12
changer is reset
/var/lib/amanda/example/xinetd.amandaserver contains the latest Amanda server daemon configuration.
Please merge it to /etc/xinetd.d/amandaserver.
/var/lib/amanda/.ssh/client_authorized_keys created. Please append to /var/lib/amanda/.ssh/authorized_keys file on Amanda clients
DONE.
--------->cp /var/lib/amanda/example/xinetd.amandaserver /etc/xinetd.d/amandaserver
###
#####Go to client machine and install client rpm
####
---->>yum -y install amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Examining /root/Downloads/amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm: amanda-backup_client-3.3.2-1.rhel6.x86_64
Marking /root/Downloads/amanda-backup_client-3.3.2-1.rhel6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package amanda-backup_client.x86_64 0:3.3.2-1.rhel6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================
Package Arch Version Repository Size
========================================================
Installing:
amanda-backup_client
x86_64 3.3.2-1.rhel6 /amanda-backup_client-3.3.2-1.rhel6.x86_64 8.2 M
Transaction Summary
===================================================
Install 1 Package(s)
Total size: 8.2 M
Installed size: 8.2 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : amanda-backup_client-3.3.2-1.rhel6.x86_64 1/1
Non-fatal POSTIN scriptlet failure in rpm package amanda-backup_client-3.3.2-1.rhel6.x86_64
Amanda installation log can be found in '/var/log/amanda/install.log'.
warning: %post(amanda-backup_client-3.3.2-1.rhel6.x86_64) scriptlet failed, exit status 4
uration: 1112(ms)
Installed products updated.
Installed:
amanda-backup_client.x86_64 0:3.3.2-1.rhel6
Complete!
#------------>set password for amandabackup
passwd amandabackup
* * *
* * *
##To recover on a Linux client, you must first specify the tape device on the server to use. In each Linux clients we change the file /etc/amanda/amanda-client.conf. Change this line:
tapedev “tape:/dev/YOUR-TAPE-DEVICE-HERE” # your tape device
to this:
tapedev “file://data/amanda/vtape/DailySet1″ # your tape device
#---------->add the amanda server to clients /etc/hosts
192.168.122.1 server.example.com
###NOW got to server and add the client
##at server.example.com
#we are going to add the client 192.168.122.99 to backup the /root for #client to DailySet1 tapes
----->-bash-4.1$ amaddclient --config DailySet1 --client 192.168.122.99 --diskdev /root --dumptype comp-user-tar
Logging to /var/log/amanda/amaddclient.20120925122047.debug
/etc/amanda/DailySet1/disklist updated
updating /var/lib/amanda/.amandahosts on server.example.com
Attempting to update /var/lib/amanda/.amandahosts on 192.168.122.99
#The authenticity of host '192.168.122.99 (192.168.122.99)' cant be established.
RSA key fingerprint is a3:be:8d:07:a8:f8:0b:af:25:bb:a5:b2:57:55:c5:14.
Are you sure you want to continue connecting (yes/no)? yes
#Warning: Permanently added '192.168.122.99' (RSA) to the list of known hosts.
#amandabackup@192.168.122.99's password:
amandahosts 100% 72 0.1KB/s 00:00
#amandabackup@192.168.122.99's password:
amandahosts.tmp 100% 112 0.1KB/s #00:00
192.168.122.99:/var/lib/amanda/.amandahosts updated successfully
#Creating amanda-client.conf for 192.168.122.99
Creating /etc/amanda/DailySet1 on 192.168.122.99
#amandabackup@192.168.122.99's password:
#amandabackup@192.168.122.99's password:
amanda-client.conf-192.168.122.99 100% 388 0.4KB/s 00:00
Copy /var/lib/amanda/amanda-client.conf-192.168.122.99 to 192.168.122.99 successfully
File /var/lib/amanda/example/xinetd.amandaclient contains the latest Amanda client daemon configuration.
Please merge it to /etc/xinetd.d/amandaclient.
------>cp /var/lib/amanda/example/xinetd.amandaclient /etc/xinetd.d/amandaclient
##adding client to servers amandahost
---->echo "client99.example.com root amindexd amidxtaped" >> /var/lib/amanda/.amandahosts
##adding cliennt to servers /etc/hosts
--->echo "192.168.122.99 client99.example.com" >> /etc/hosts
##
##
##Verifying the connection
##
---->-bash-4.1$ amcheck DailySet1
Amanda Tape Server Host Check
-----------------------------
found in slot 1: volume 'DailySet1-1'
slot 1: volume 'DailySet1-1'
Will write to volume 'DailySet1-1' in slot 1.
NOTE: skipping tape-writable test
NOTE: host info dir /etc/amanda/DailySet1/curinfo/192.168.122.99 does not exist
NOTE: it will be created on the next run.
NOTE: index dir /etc/amanda/DailySet1/index/192.168.122.99 does not exist
NOTE: it will be created on the next run.
Server check took 0.189 seconds
Amanda Backup Client Hosts Check
---------------------------------
Client check: 1 host checked in 2.101 seconds. 0 problems found.
(brought to you by Amanda 3.3.2)
##if its 0 problem found then its correct
####taking the backup
-bash-4.1$ amdump DailySet1
##it will be at /data/amanda/vtape/DailySet1/
###
###to recove a file
###
#adding client to servers amandahosts
--->echo "client99.example.com root amindexd amidxtaped" >> /var/lib/amanda/.amandahosts
###got to client
# backup will be at /data/amanda/vtape/DailySet1/
as user root
--->>
---->> amrecover DailySet1
AMRECOVER Version 3.1.0. Contacting server on server.example.com …
#to list the back up
amrecover> listdisk
#use set disk to load the folder
amrecover> setdisk /srv/www/htdocs/
# list the file
amrecover> ls
#add the needed file
amrecover> add *
#extract the added files
amrecover> extract
#exiting
amrecover> exit
200 Good bye.