Friday, November 12, 2010

To Lock Users To Their Home Directories Only CentOS /RedHat


rssh support chrooting option. If you want to chroot users, use chrootpath option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/rajat normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

Configuring rssh chroot

=> Chroot directory: /users.
Tip: If possible mount /users filesystem with the noexec/nosuid option to improve security.

=> Required directories in jail:

/users/dev - Device file
/users/etc - Configuration file such as passwd
/users/lib - Shared libs
/users/usr - rssh and other binaries
/users/bin - Copy default shell such as /bin/csh or /bin/bash
=> Required files in jail at /users directory (default for RHEL / CentOS / Debian Linux):

/etc/ld.so.cache
/etc/ld.so.cache.d/*
/etc/ld.so.conf
/etc/nsswitch.conf
/etc/passwd
/etc/group
/etc/hosts
/etc/resolv.conf
/usr/bin/scp
/usr/bin/rssh
/usr/bin/sftp
/usr/libexec/openssh/sftp-server OR /usr/lib/openssh/sftp-server
/usr/libexec/rssh_chroot_helper OR /usr/lib/rssh/rssh_chroot_helper (suid must be set on this binary)
/bin/sh or /bin/bash (default shell)
Tip: Limit the binaries which live in the jail to the absolute minimum required to improve security. Usually /bin/bash and /bin/sh is not required but some system may give out error.

A note about jail file system

Note: The files need to be placed in the jail directory (such as /users) in directories that mimic their placement in the root (/) file system. So you need to copy all required files. For example, /usr/bin/rssh is located on / file system. If your jail is located at /users, then copy /usr/bin/rssh to /users/usr/bin/rssh. Following instuctions are tested on:

FreeBSD
Solaris UNIX
RHEL / Redhat / Fedora / CentOS Linux
Debian Linux
Building the Chrooted Jail

Create all required directories:
# mkdir -p /users/{dev,etc,lib,usr,bin}
# mkdir -p /users/usr/bin
# mkdir -p /users/libexec/openssh

Create /users/dev/null:
# mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:
# cd /users/etc
# cp /etc/ld.so.cache .
# cp -avr /etc/ld.so.cache.d/ .
# cp /etc/ld.so.conf .
# cp /etc/nsswitch.conf .
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/resolv.conf .

Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:
# cd /users/usr/bin
# cp /usr/bin/scp .
# cp /usr/bin/rssh .
# cp /usr/bin/sftp .
# cd /users/usr/libexec/openssh/
# cp /usr/libexec/openssh/sftp-server .

OR
# cp /usr/lib/openssh/sftp-server .
# cd /users/usr/libexec/
# cp /usr/libexec/rssh_chroot_helper

OR
# cp /usr/lib/rssh/rssh_chroot_helper
# cd /users/bin/
# cp /bin/sh .

OR
# cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:
ldd /usr/bin/sftp

Output:

linux-gate.so.1 => (0x00456000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)
libutil.so.1 => /lib/libutil.so.1 (0x008ba000)
libz.so.1 => /usr/lib/libz.so.1 (0x00110000)
libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00656000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00271000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00304000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00777000)
libdl.so.2 => /lib/libdl.so.2 (0x00123000)
libnss3.so => /usr/lib/libnss3.so (0x00569000)
libc.so.6 => /lib/libc.so.6 (0x00b6c000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00127000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00130000)
/lib/ld-linux.so.2 (0x00525000)
libplc4.so => /usr/lib/libplc4.so (0x008c9000)
libplds4.so => /usr/lib/libplds4.so (0x00133000)
libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)
libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00341000)
libsepol.so.1 => /lib/libsepol.so.1 (0x00964000)
You need to copy all those libraries to /lib and other appropriate location. However, I recommend using my automated script called l2chroot:
# cd /sbin
# wget -O l2chroot http://www.yeswedeal.biz/files/l2chroot.txt
# chmod +x l2chroot

Open l2chroot and set BASE variable to point to chroot directory (jail) location:
BASE="/users"

Now copy all shared library files
# l2chroot /usr/bin/scp
# l2chroot /usr/bin/rssh
# l2chroot /usr/bin/sftp
# l2chroot /usr/libexec/openssh/sftp-server

OR
# l2chroot /usr/lib/openssh/sftp-server
# l2chroot /usr/libexec/rssh_chroot_helper

OR
# l2chroot /usr/lib/rssh/rssh_chroot_helper
# l2chroot /bin/sh

OR
# l2chroot /bin/bash

Modify syslogd configuration

The syslog library function works by writing messages into a FIFO file such as /dev/log. You need to pass -a /path/to/chroot/dev/log option. Using this argument you can specify additional sockets from that syslogd has to listen to. This is needed if you’re going to let some daemon run within a chroot() environment. You can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS="-m 0"

Append -a /users/dev/log
SYSLOGD_OPTIONS="-m 0 -a /users/dev/log"

Save and close the file. Restart syslog:
# /etc/init.d/syslog restart

If you are using Debian / Ubuntu Linux apply changes to /etc/default/syslogd file.

Set chroot path

Open configuration file /etc/rssh.conf:
# vi /etc/rssh.conf

Set chrootpath to /users
chrootpath=/users

Save and close the file. If sshd is not running start it:
# /etc/init.d/sshd start

Add user to jail
Now rssh is installed. Next logical step is configure user to use rssh. All you have to do is set a user account shell to /usr/bin/rssh. The following examples adds user bidi to system with /usr/bin/rssh.

Create a new user with /usr/bin/rssh

Login as the root user
Type the following command to create a new user called bidi:# useradd -m -d /home/bidi -s /usr/bin/rssh bidi
# passwd bidi

Change existing user shell to /usr/bin/rssh

You don't have to edit /etc/passwd file to change your shell. You need to use chsh command. It changes the user login shell. This determines the name of the users initial login command. A normal user may only change the login shell for his/her own account, the super user i.e. root user may change the login shell for any account. Following is syntax of chsh command:chsh -s {shell-name} {user-name}
Where,
  • -s {shell-name} : Specify your login shell name. You can obtained list of avialble shell from /etc/shells file.
  • User-name: It is optional, useful if you are a root user.
First, find out available shell list:# less /etc/shells
Output:
/bin/ash
/bin/csh
/bin/sh
/usr/bin/es
/bin/ksh
/bin/tcsh
/bin/sash
/bin/zsh
/bin/dash
/usr/bin/screen
/bin/bash
/bin/rbash
Now change your shell name to /bin/tcsh:# chsh -s /bin/tcsh
Password:
When promoted for password, type your own password. If you just type chsh command, it will prompt for shell name interactively:# chsh
Output:
Password:
Changing the login shell for tv
Enter the new value, or press ENTER for the default
       Login Shell [/bin/bash]:


# usermod -s /usr/bin/rssh old-user-name
# usermod -s /usr/bin/rssh rajat
# chsh -s /usr/bin/rssh rajat

Try login via ssh or sftp

Now try login via ssh or sftp using username bidi:# sftp bidi@my.backup.server.com
OR# ssh bidi@my.backup.server.com
Output:
bidi@my.backup.server.com's password: TYPE-THE-PASSWORD
Linux my.backup.server.com 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2010 i686

Last login: Thu Nov 10 16:35:04 2010 from localhost

This account is restricted by rssh.
This user is locked out.

If you believe this is in error, please contact your system administrator.

Connection to my.backup.server.com closed.
By default rssh configuration locks down everything including any sort of access.

Grant access to sftp and scp for all users

The default action for rssh to lock down everything. To grant access to scp or sftp open /etc/rssh.conf file:# vi /etc/rssh.conf
Append or uncomment following two linesallowscp
allowsftp
Save and close the file. rssh reads configuration file on fly (there is no rssh service exists). Now user should able to run scp and sftp commands, but no shell access is granted:# scp /path/to/file bidi@my.backup.server.com:/.
OR# sftp bidi@my.backup.server.com:/.
Output:
Connecting to lmy.backup.server.com...
bidi@my.backup.server.com's password:
sftp> pwd
Remote working directory: /home/bidi
sftp>

Understanding command configuration options

You need to add following keywords / directives to allow or disallow scp / sftp and other commands:
  • allowscp : Tells the shell that scp is allowed.
  • allowsftp : Tells the shell that sftp is allowed.
  • allowcvs : Tells the shell that cvs is allowed.
  • allowrdist : Tells the shell that rdist is allowed.
  • allowrsync : Tells the shell that rsync is allowed.
Tip: Create a group for rssh users, and limit executable access to the binaries to users in that group to improve security. Please use standard file permissions carefully and appropriately.

# useradd -m -d /users/rajat -s /usr/bin/rssh rajat
# passwd rajat

Now rajat can login using sftp or copy files using scp:

sftp rajat@my-server.com
rajat@my-server.com's password:
sftp> ls
sftp> pwd
Remote working directory: /rajat
sftp> cd /tmp
Couldn't canonicalise: No such file or directory
User rajat is allowed to login to server to trasfer files, but not allowed to browse entier file system.
Posted by at 1 comment:

Thursday, November 4, 2010

How to install unity in ubuntu 10.04/10.10

Install unity in ubuntu 10.04/10.10

Open the terminal and run one of the following command
$sudo apt-get install ubuntu-netbook
or
$sudo apt-get install unity
after logging out you will be able to choose Ubuntu Netbook Edition

Apart from this you can expect unity in Ubuntu 11.04 alpha1
Posted by at No comments:

Speed Up Firefox web browser for Fedora / Ubuntu /CentOS /Windows

Mozilla Firefox is a graphical web browser developed by the Mozilla Corporation. Started as a fork of the browser component (Navigator) of the Mozilla Application Suite, Firefox has replaced the Mozilla Suite as the flagship product of the Mozilla project, stewarded by the Mozilla Foundation and a large community of external contributors.
Mozilla Firefox is a cross-platform browser, providing support for various versions of Microsoft Windows, Mac OS X, and Linux. Although not officially released for certain operating systems, the freely available source code works for many other operating systems, including FreeBSD,OS/2, Solaris, SkyOS, BeOS and more recently, Windows XP Professional x64 Edition.
I am providing some Very Useful Tips to speedup your Firefox.
In your location bar, type about:config
Once it Opens You should see similar to the following screen

Tip1
In the filter bar type network.http.pipelining
You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip2
In the filter bar again and type network.http.pipelining.maxrequests
Once it Opens You should see the following screen

Default it says 4 under value field and you need to change it to 8
Once you finished this you should see the following screen.

Tip3
Go to the filter bar again and type network.http.proxy.pipelining
Once it Opens You should see similar to the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip4
Go to the filter bar again and type network.dns.disableIPv6
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip5
Go to the filter bar again and type plugin.expose_full_path
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip6
Now you need to Create new Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type nglayout.initialpaint.delay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Tip7
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type content.notify.backoffcount and click ok

Now you need to enter 5 in value filed and click ok

Once you finished this you should see the following screen.

Tip8
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type ui.submenuDelay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Some more Tweaks
Enable the spellchecker for inputfields and textareas (default is textareas only)
layout.spellcheckDefault=2
Open lastfm://-links directly in amarok
network.protocol-handler.app.lastfm=amarok
network.protocol-handler.external.lastfm=true
Firefox Memory Leak Fix
Open a new tab. Type “about:config” without quotes into the address bar and hit enter/click Go.
Right-click anywhere, select New, then Integer. In the dialog prompt that appears, type:
browser.cache.memory.capacity
Click OK. Another dialog prompt will appear. This is where you decide how much memory to allocate to Firefox. This depends on how much RAM your computer has, but generally you don’t want to allocate too little (under 8MB), but if you allocate too much, you might as well not do this. A good recommended setting is 16MB. If you want 16MB, enter this value into the dialog prompt:
16384
(Why 16384 instead of 16000? Because computers use base-12 counting. Thus 16 megabytes = 16384 bytes. Likewise, if you want to double that and allocate 32MB, you’d enter 32768.)
Click OK to close the dialog box, then close all instances of Firefox and restart. If your Firefox still uses the same amount of memory, give it a few minutes and it should slowly clear up. If that fails, try a system reboot.
Now your Firefox will now be 3 - 30 times faster in loading pages.


Posted by at No comments:

Wednesday, November 3, 2010

Upgrade From Fedora 13 To Fedora 14 Desktop & Server

The commands in this article must be executed with root privileges. Open a terminal (on a Fedora 13 desktop, go to Applications > System Tools > Terminal) and log in as root, or if you log in with a regular user, type
su
to become root.

2 Upgrading To Fedora 14 (Desktop)

First we must upgrade the rpm package:
#yum update rpm
Then we install the latest updates:
#yum -y update
Next we clean the yum cache:
#yum clean all
If you notice that a new kernel got installed during yum -y update, you should reboot the system now:
reboot
(After the reboot, log in as root again, either directly or with the help of)
#su

Now we come to the upgrade process.


Install preupgrade...
#yum install preupgrade
... and call it like this:
#preupgrade
The preupgrade wizard will then start on your desktop. Select Fedora 14 (Laughlin). Afterwards the system is being prepared for the upgrade.
At the end, click on the Reboot Now button.
During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient.
Afterwards, you can log into your new Fedora 14 desktop.

3 Upgrading To Fedora 14 (Server)

First we must upgrade the rpm package:
#yum update rpm
Then we install the latest updates:
#yum -y update
Next we clean the yum cache:
#yum clean all
If you notice that a new kernel got installed during yum -y update, you should reboot the system now:
reboot
(After the reboot, log in as root again, either directly or with the help of)
#su

Now we come to the upgrade process. We can do this with preupgrade.
Install preupgrade...
#yum install preupgrade
... and call it like this:
#preupgrade-cli
It will show you a list of releases that you can upgrade to. If all goes well, it should show something like Fedora 14 (Laughlin) in the list:
[root@rajat-fc ~]# preupgrade-cli
Loaded plugins: blacklist, whiteout
No plugin match for: rpm-warm-cache
No plugin match for: remove-with-leaves
No plugin match for: auto-update-debuginfo
Loaded plugins: presto, refresh-packagekit
please give a release to try to pre-upgrade to
valid entries include:
   "Fedora 14 (Laughlin)"
[root@rajat-fc ~]#
To upgrade, append the release string to the preupgrade-cli command:
preupgrade-cli "Fedora 14 (Laughlin)"
Preupgrade will also take care of your RPMFusion packages, so all you have to do after preupgrade has finished is to reboot:
#reboot
During the reboot, the upgrade is being performed. This can take quite a long time, so please be patient. Afterwards, you can log into your new Fedora 14 server.
Posted by at No comments:

Tuesday, November 2, 2010

Clone RedHat / Cent OS / Fedora Bare Metal Recovery

Clonesys is a Shell script that can be used to create an ISO image of your Linux system. It is not another tool that backup users files but a tool that can recreate "ex nihilo" a similar system on another hardware.

#wget http://www.trickytools.com/downloads/clonesys-1.4.0.tgz
#tar xvzf clonesys-1.4.0.tgz
#cd clonesys-1.4.0
#sh clonesys.sh
STEP 1: Configuration Summary:
----------------------------------------------------------------------
Parameters used for Image Creation:
Prompt before executing commands: n
Clean Directories before creating the backup files: y
Temporary Files Location: /tmp/clonesys
Save the Ext2 Extended Attributes (lsattr): n
Save the Extended Attributes (getfattr): n
Save the ACL (getfacl): n
Use "star" instead of "tar": y
Boot Loader method: grub
RAID Management Method: none
Filename that contains additional kernel modules to include: moremodules.list
Build a Single Image: n
    Archive Maximum Size: 650 MB
    Tar Archive Slice Size: 50 MB
ISO Image Name: /tmp/clonesys.iso
Burn the CD when process completed: n
Parameters used for System Restoration:
Write the Boot Sector on the MBR: y
Check for Badblocks when partitioning: n
Force the load of some CD-Rom kernel drivers (recommanded): y
Press to continue or to abort

star not found - it will not be used instead of tar

STEP 2: Clean the build directory:
----------------------------------------------------------------------
Done

STEP 3: Check for required commands:
----------------------------------------------------------------------
Checking existence of command pidof: OK
Checking existence of command readlink: OK
Checking existence of command ldd: OK
Checking existence of command basename: OK
Checking existence of command dirname: OK
Checking existence of command du: OK
Checking existence of command sed: OK
Checking existence of command uname: OK
Checking existence of command cut: OK
Checking existence of command mknod: OK
Checking existence of command dd: OK
Checking existence of command tr: OK
Checking existence of command tail: OK
Checking existence of command tar: OK
Checking existence of command sort: OK
Checking existence of command uniq: OK
Checking existence of command grep: OK
Checking existence of command sfdisk: OK
Checking existence of command fdisk: OK
Checking existence of command lsmod: OK
Checking existence of command mkisofs: OK
Checking existence of command modprobe: OK
Checking existence of command mount: OK
Checking existence of command umount: OK
Checking existence of command gzip: OK
Checking existence of command modinfo: OK
Checking existence of command awk: OK
Checking existence of command stat: OK
Checking existence of command bc: OK
Checking existence of command cdrecord: OK

STEP 4: Check and create needed sub-directory:
----------------------------------------------------------------------
Checking existence of directory /tmp/clonesys: OK
Checking existence of directory /tmp/clonesys/tmp: OK
Checking existence of directory /tmp/clonesys/loop: OK
Checking existence of directory /tmp/clonesys/iso/realconf: OK
Checking existence of directory /tmp/clonesys/iso/isolinux: OK
Checking existence of directory /tmp/clonesys/initrd: OK
Checking existence of directory /tmp/clonesys/iso/backup: OK

STEP 5: Copy source files to /tmp/clonesys:
----------------------------------------------------------------------
Copy ./isolinux files: OK
Copy ./initrd files: OK
Copy real basename and required libraries: OK
Copy library /lib/libc.so.6:  OK
Create the symbolic link:  OK
Copy library /lib/ld-linux.so.2:  OK
Create the symbolic link:  OK
Copy real cat and required libraries: OK
Copy library /lib/libc.so.6:  OK
Create the symbolic link:  Link already created
Create the symbolic link:  Link already created
Copy ./realconf files:  OK

STEP 6: Create configuration files under /tmp/clonesys/iso/backup:
----------------------------------------------------------------------
Copy the currently loaded modules:
Forcing module ide-cd
Forcing module isofs
Copy Module ide_cd: OK
Copy Module cdrom: OK
Copy Module iptable_filter: OK
Copy Module ip_tables: OK
Copy Module x_tables: OK
Copy Module ipv6: OK
Copy Module xfrm_nalgo: OK
Creating special node for /dev/sdj: OK
Unmounting the CD-Rom: OK
Create the mount points:
Mount point for /dev/sda3 is / (Type=ext3, Options=rw)
Mount point for /dev/sda1 is /boot (Type=ext3, Options=rw)

STEP 7: Backup the system files:
----------------------------------------------------------------------
Building the file list:
Managing Directory: /bin
Managing Directory: /sbin
Managing Directory: /usr/sbin
Managing Directory: /usr/sbin/euca_admin
Managing Directory: /usr/bin
Managing Directory: /usr/lib
Managing Directory: /usr/lib/alsa-lib
Managing Directory: /usr/lib/alsa-lib/smixer
Managing Directory: /usr/lib/anaconda-runtime
Managing Directory: /usr/lib/anaconda-runtime/boot
Managing Directory: /usr/lib/apr-util-1
Managing Directory: /usr/lib/aspell-0.60
Managing Directory: /usr/lib/audit
Managing Directory: /tmp/clonesys/
Creating the file archive (Please wait): testmade
OK

STEP 8: Prepare the Boot Loader:
----------------------------------------------------------------------
Check if file grub/grub.conf has been backup up OK
Check if file grub/menu.lst has been backup up OK
Check if file grub/device.map has been backup up OK
Check if file grub/stage1 has been backup up OK
Check if file grub/stage2 has been backup up OK
Check if file grub/e2fs_stage1_5 has been backup up OK
Check if file grub/fat_stage1_5 has been backup up OK
Check if file grub/ffs_stage1_5 has been backup up OK
Check if file grub/iso9660_stage1_5 has been backup up OK
Check if file grub/jfs_stage1_5 has been backup up OK
Check if file grub/reiserfs_stage1_5 has been backup up OK
Check if file grub/xfs_stage1_5 has been backup up OK

STEP 9: Create the Initial RAMDisk image:
----------------------------------------------------------------------
Compute the initial RAMDisk size: OK (found 22356 KBytes)
Create the initial RAMDisk file: 38740+0 records in
38740+0 records out
39669760 bytes (40 MB) copied, 0.317524 seconds, 125 MB/s
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
9696 inodes, 9685 blocks
0 blocks (0.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=12582912
1 block group
32768 blocks per group, 32768 fragments per group
9696 inodes per group

Writing inode tables: done                           
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
OK
Loopback mount of /tmp/clonesys/iso/isolinux/initrd: OK
Copy initrd files: OK
Unmounting /tmp/clonesys/iso/isolinux/initrd: OK
Compressing the initial RAMDisk: OK
Copy current Linux kernel under /tmp/clonesys/iso/isolinux directory: OK

STEP 10: Create the ISO Image:
----------------------------------------------------------------------
Do you want to enter a shell before making the ISO filesystem (y/n) ? Create the ISO images:
Preparing ISO image #1 (current archive=1, start size=10544)
Create the ISO image #1:
mkisofs: Warning: -follow-links does not always work correctly; be careful.
INFO:    UTF-8 character encoding detected by locale settings.
    Assuming UTF-8 encoded filenames on source filesystem,
    use -input-charset to override.
Size of boot image is 4 sectors -> No emulation
  1.97% done, estimate finish Tue Nov  2 16:11:42 2010
  3.93% done, estimate finish Tue Nov  2 16:11:42 2010
  5.90% done, estimate finish Tue Nov  2 16:11:42 2010
  7.86% done, estimate finish Tue Nov  2 16:11:54 2010
  9.83% done, estimate finish Tue Nov  2 16:11:52 2010
 11.79% done, estimate finish Tue Nov  2 16:11:50 2010
 13.76% done, estimate finish Tue Nov  2 16:11:49 2010
 15.72% done, estimate finish Tue Nov  2 16:11:54 2010
 17.68% done, estimate finish Tue Nov  2 16:11:53 2010
 19.65% done, estimate finish Tue Nov  2 16:11:57 2010
 21.62% done, estimate finish Tue Nov  2 16:11:55 2010
 23.58% done, estimate finish Tue Nov  2 16:11:58 2010
 25.55% done, estimate finish Tue Nov  2 16:11:57 2010
 27.51% done, estimate finish Tue Nov  2 16:12:00 2010
 29.48% done, estimate finish Tue Nov  2 16:11:58 2010
 31.44% done, estimate finish Tue Nov  2 16:12:01 2010
 33.40% done, estimate finish Tue Nov  2 16:11:59 2010
 35.37% done, estimate finish Tue Nov  2 16:11:58 2010
 37.34% done, estimate finish Tue Nov  2 16:11:58 2010
 39.30% done, estimate finish Tue Nov  2 16:11:59 2010
 41.27% done, estimate finish Tue Nov  2 16:11:58 2010
 43.23% done, estimate finish Tue Nov  2 16:11:58 2010
 45.20% done, estimate finish Tue Nov  2 16:11:57 2010
 47.16% done, estimate finish Tue Nov  2 16:11:58 2010
 49.13% done, estimate finish Tue Nov  2 16:11:58 2010
 51.09% done, estimate finish Tue Nov  2 16:11:59 2010
 53.06% done, estimate finish Tue Nov  2 16:11:58 2010
 55.02% done, estimate finish Tue Nov  2 16:12:00 2010
 56.99% done, estimate finish Tue Nov  2 16:11:59 2010
 58.94% done, estimate finish Tue Nov  2 16:12:00 2010
 60.91% done, estimate finish Tue Nov  2 16:12:00 2010
 62.87% done, estimate finish Tue Nov  2 16:12:01 2010
 64.84% done, estimate finish Tue Nov  2 16:12:02 2010
 66.81% done, estimate finish Tue Nov  2 16:12:01 2010
 68.77% done, estimate finish Tue Nov  2 16:12:02 2010
 70.73% done, estimate finish Tue Nov  2 16:12:01 2010
 72.70% done, estimate finish Tue Nov  2 16:12:02 2010
 74.66% done, estimate finish Tue Nov  2 16:12:02 2010
 76.63% done, estimate finish Tue Nov  2 16:12:02 2010
 78.60% done, estimate finish Tue Nov  2 16:12:02 2010
 80.56% done, estimate finish Tue Nov  2 16:12:03 2010
 82.53% done, estimate finish Tue Nov  2 16:12:02 2010
 84.49% done, estimate finish Tue Nov  2 16:12:03 2010
 86.45% done, estimate finish Tue Nov  2 16:12:02 2010
 88.42% done, estimate finish Tue Nov  2 16:12:03 2010
 90.38% done, estimate finish Tue Nov  2 16:12:03 2010
 92.35% done, estimate finish Tue Nov  2 16:12:02 2010
 94.31% done, estimate finish Tue Nov  2 16:12:03 2010
 96.28% done, estimate finish Tue Nov  2 16:12:02 2010
 98.24% done, estimate finish Tue Nov  2 16:12:03 2010
Total translation table size: 2048
Total rockridge attributes bytes: 4634
Total directory bytes: 8192
Path table size(bytes): 56
Max brk space used 1a000
254479 extents written (497 MB)
OK
ISO image generated as /tmp/clonesys1.iso - Ready to burn !
Error(s)  : 0
Warning(s): 1
Please, check for the errors & warnings in file /tmp/clonesys/tmp/tar.err


:D
Posted by at 4 comments:

Friday, October 29, 2010

Directories and its size for CentOS /Fedora /RedHat

which directories and trees take up all the diskspace?
du -sm $(find /start/dir/* -type d -maxdepth 1 -xdev) | sort -g

If you want more human readable output try:
du -ha /var | sort -n -r | head -n 10

you want to see ALL directories in the tree
find $1 -type d | xargs du -sm | sort -g

To show all directories size including sub directories, type

du -h

To calculate the current directory size you are in (-s stand for summary)

du -sh

To show all the 1 level sub directories size (which you are not interested at sub sub directories.)

du -sh *

To show the size of specific directory

du -sh /home

To show the size of all sub directories of a specific directory

du -sh /home/*
Posted by at No comments:

Thursday, October 28, 2010

Setup private cloud computing on Cent OS Eucalyptus 2.0

Eucalyptus is software that implements scalable IaaS-style private and hybrid clouds. The Eucalyptus architecture is highly modular with internal components consisting of Web services, which make them easy to replace and expand. Eucalyptus' flexibility enables it to export a variety of APIs towards users via client tools. Currently Eucalyptus implements the Amazon Web Service (AWS) API, which allows interoperability with existing AWS-compatible services and tools. This also allows Eucalyptus users to group resources drawn both from an internal private cloud and external public clouds to form a hybrid cloud.



#yum install -y java-1.6.0-openjdk-devel ant ant-nodeps libvirt-devel curl-devel httpd httpd-devel apr-devel openssl-devel dhcp libxml2 libxml2-devel gnutls gnutls-devel xen-devel libgcrypt-devel zlib-devel perl-Convert-ASN1 perl-Crypt-OpenSSL-RSA perl-Crypt-OpenSSL-Random chkfontpath scsi-target-utils fuse-libs swig gcc ntp

First, make sure JAVA_HOME is defined. For example, on Centos 5: 
export JAVA_HOME="/usr/lib/jvm/java-openjdk/"
export JAVA="$JAVA_HOME/jre/bin/java"
 
reboot server in xen-kernel


  • run system-config-securitylevel-tui
  • select Security Level: Disabled
  • select OK
 
#vi /etc/xend/xend-config.sxp
(xend-http-server yes)
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-address localhost)
(network-script network-bridge)
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)
(vncpasswd '')
download from http://open.eucalyptus.com/downloads


aoetools-21-1.el4.i386.rpm

eucalyptus-walrus-2.0.0-1.i386.rpm
euca2ools-1.3-1.i386.rpm

euca-rampartc-1.3.0-1.i386.rpm


euca-axis2c-1.6.0-1.i386.rpm

lzo2-2.02-3.el5.rf.i386.rpm

eucalyptus-2.0.0-1.i386.rpm

perl-Crypt-OpenSSL-Random-0.04-1.el5.rf.i386.rpm


eucalyptus-cc-2.0.0-1.i386.rpm

perl-Crypt-OpenSSL-RSA-0.25-1.el5.rf.i386.rpm


eucalyptus-cloud-2.0.0-1.i386.rpm

perl-Crypt-X509-0.32-1.el5.rf.noarch.rpm


eucalyptus-common-java-2.0.0-1.i386.rpm

python25-2.5.1-bashton1.i386.rpm


eucalyptus-gl-2.0.0-1.i386.rpm

python25-libs-2.5.1-bashton1.i386.rpm


eucalyptus-nc-2.0.0-1.i386.rpm

vblade-14-1mdv2008.1.i586.rpm


eucalyptus-sc-2.0.0-1.i386.rpm

vtun-3.0.2-1.el5.rf.i386.rpm


#yum localinstall eucalyptus*


Now start up your Eucalyptus services. On the front-end: 




/etc/init.d/eucalyptus-cloud start
/etc/init.d/eucalyptus-cc start

On the node: 




/etc/init.d/eucalyptus-nc start


At this point you should be ready to go through the first-time
configuration. 


Point your browser to, 
https://front-end-ip:8443


Since Eucalyptus is using a self-signed certificate, your browser
is likely to prompt you to accept the certificate. On some machines
it may take few minutes after the starting of the Cloud Controller
for the URL to be responsive the first time you run Eucalyptus. You
will be prompted for a user and password both of which are set to
admin initially. 



Upon logging in the first time you will be asked to 



    

  1. 
change the admin password, 
 
    

    2. 

  2. 
set the admin's email address, and
 
    

    3. 

  3. confirm the IP of the Cloud Controller host.


    

    

    

    

    

    

    #mkdir $HOME/.euca
    #unzip euca2-admin-x509.zip -d $HOME/.euca 

    #. $HOME/.euca/eucarc
    

    

    

    

    

    

    

    

    4. 

  4. 

    

    

    

    

    

    

    

    

    

    

    

    

    

Adding Images 
    
To enable a VM image as an executable entity, a user/admin must add a 
root disk image, a kernel/ramdisk pair (ramdisk may be optional) to 
Walrus and register the uploaded data with Eucalyptus. Each is added to 
Walrus and registered with Eucalyptus separately, using three EC2 
commands. The following example uses the test image that we provide. 
Unpack it to any directory:



#wget http://open.eucalyptus.com/sites/all/modules/pubdlcnt/pubdlcnt.php?file=http://eucalyptussoftware.com/downloads/releases/euca2ools-1.2-centos-i386.tar.gz&nid=3088

#cd euca-centos-5.3-i386


    #euca-bundle-image -i  --kernel true
#euca-upload-bundle -b  -m /tmp/.manifest.xml
#euca-register /.manifest.xml
    
Next, add the root filesystem image to Walrus:

#euca-bundle-image -i  
#euca-upload-bundle -b  -m /tmp/.manifest.xml
#euca-register /.manifest.xml

Our test kernel does not require a ramdisk to boot.  If the 
administrator would like to upload/register a kernel/ramdisk pair, the 
procedure is similar to the above:


#euca-bundle-image -i  --ramdisk true
#euca-upload-bundle -b  -m /tmp/.manifest.xml
#euca-register /.manifest.xml

    

    :)
    

    5. 













Posted by



at





2 comments:
  














































Sending mails from command line














Sending mails using mail:


mail (mailx is the newer version) is a fantastic program that can
be used for sending email from command line or from within scripts.


The following example will send an email to admin@yeswedeal.com,
with subject “Apache is down” and text “Please check Apache at
host name of the server”


echo “Please check Apache at `hostname`” | mail -s “Apache
is down” admin@yeswedeal.com


We can cat the contents of any text file, for example, log file
and it will be sent to the recipient specified


cat “/var/log/apache2/error.log” | mail -s “Apache is
down” admin@yeswedeal.com


To attach a file, other than a text one, we need to uuencode (unix
to unix encode) it before sending


uuencode banner.jpg banner_out.jpg | mail
webmaster@yeswedeal.com


The banner.jpg is the name of input file and banner_out.jpg is the
output uuencoded file that we will be sent by mail.


To have text sent alogwith the attachment, we can cat or echo that
text too


(cat /var/log/apache2/error.log;uuencode banner.jpg
banner.jpg) | mail -s pic webmaster@yeswedeal.com






Sending mails from using mutt:


With mutt, its same as using mail.


echo “Please check Apache at `hostname`” | mutt -s “Apache
is down” admin@yeswedeal.com


or we can cat the contents of a text file to show as body text


cat /var/log/apache2/error.log | mutt -s “Apache is down”
admin@yeswedeal.com


OR


mutt -s “Apache is down” admin@yeswedeal.com 



To send an empty body mail, use an empty line as the mail body:


echo | mutt -s “Software upgrades for `hostname`”
admin@yeswedeal.com


To attach a binary file, its even easier with mutt, just use the
-a option


echo | mutt -s “New logo for the company” -a logo.gif
webmaster@yeswedeal.com

















Posted by



at





No comments:
  






































          

        

          

        

Wednesday, October 27, 2010


          

        









Linux Find FC ID WWNN of a disk/LUN














If your server is connected to more than two SANs of the same type it is
 really hard to find what disk is on what SAN and how it is connected to
 your server. You can get  the Fiber Channel addresses of the HBAs by 
typing the following commands:
# systool -c fc_host -v

Type the following command to determine the fibre channel target WWN:
# systool -c fc_transport -v












Posted by



at





No comments:
  






































          

        

          

        

Monday, October 25, 2010


          

        









Change location on Cent OS / RedHat /Fedora










[root@convirt kitbag]# tzselect 
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
 1) Africa
 2) Americas
 3) Antarctica
 4) Arctic Ocean
 5) Asia
 6) Atlantic Ocean
 7) Australia
 8) Europe
 9) Indian Ocean
10) Pacific Ocean
11) none - I want to specify the time zone using the Posix TZ format.
#? 5
Please select a country.
 1) Afghanistan          18) Israel            35) Palestine
 2) Armenia          19) Japan            36) Philippines
 3) Azerbaijan          20) Jordan            37) Qatar
 4) Bahrain          21) Kazakhstan        38) Russia
 5) Bangladesh          22) Korea (North)        39) Saudi Arabia
 6) Bhutan          23) Korea (South)        40) Singapore
 7) Brunei          24) Kuwait            41) Sri Lanka
 8) Cambodia          25) Kyrgyzstan        42) Syria
 9) China          26) Laos            43) Taiwan
10) Cyprus          27) Lebanon            44) Tajikistan
11) East Timor          28) Macau            45) Thailand
12) Georgia          29) Malaysia            46) Turkmenistan
13) Hong Kong          30) Mongolia            47) United Arab Emirates
14) India          31) Myanmar (Burma)        48) Uzbekistan
15) Indonesia          32) Nepal            49) Vietnam
16) Iran          33) Oman            50) Yemen
17) Iraq          34) Pakistan
#? 14

The following information has been given:

    India

Therefore TZ='Asia/Kolkata' will be used.
Local time is now:    Mon Oct 25 14:52:34 IST 2010.
Universal Time is now:    Mon Oct 25 09:22:34 UTC 2010.
Is the above information OK?
1) Yes
2) No
#? 1

You can make this change permanent for yourself by appending the line
    TZ='Asia/Kolkata'; export TZ
to the file '.profile' in your home directory; then log out and log in again.

Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
Asia/Kolkata










Posted by



at





No comments:
  














































Installing Postfix Admin on Cent OS / RedHat / Fedora










1. Install the Postfix Admin requirements using the command below.



#yum install mysql-server php-mysql php-imap httpd postfix dovecot


 


2. Download the latest stable version of Postfix Admin in .tar.gz format. 


Assuming you got the file postfixadmin-2.3.2.tar.gz and it is located on your Desktop,


 type in the commands below to extract and to put it into its proper directory.
 


#tar xvfz postfixadmin-2.3.2.tar.gz


#mv postfixadmin-2.3.2 /usr/share/postfixadmin 


#vim /etc/httpd/conf.d/postfixadmin.conf


 


#
#  Web application to manage Postfix email server
#

Directory "/usr/share/postfixadmin"
Order Allow,Deny
Allow from all
Directory

Alias /postfixadmin /usr/share/postfixadmin
Alias /PostFixAdmin /usr/share/postfixadmin
Alias /PostfixAdmin /usr/share/postfixadmin




3. Edit the file /usr/share/postfixadmin/config.inc.php and update the following lines below.
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = '/postfixadmin';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'your_password';
$CONF['database_name'] = 'postfix';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['encrypt'] = 'cleartext';
$CONF['emailcheck_resolve_domain] = 'NO';




#service mysqld start




4.Launch the MySQL command line tool using the command below.
mysql -u root -p

The default root password of MySQL is a blank password. Next, create a 
new MySQL database for Postfix Admin using the commands below.
mysql> CREATE DATABASE postfix;
mysql> CREATE USER postfix@localhost IDENTIFIED BY 'your_password';
mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix;




#service httpd start


 


5.Go to the Postfix Admin setup page at http://localhost/postfixadmin/setup.php and fill in the setup password. Next, click the Generate password hash.



6.Get the generated setup password hash and put it into the file /usr/share/postfixadmin/config.inc.php. Next, fill in the Setup password,  Admin and Password and Password (again). Finally, click Add Admin to create a new admin account.



7. Go to the Postfix Admin login page at http://localhost/postfixadmin/ and login using your newly created admin account.


 


:)










Posted by



at





1 comment:
  















































Fedora / Redhat / CentOS Install Memcached Caching System











    
    








How do I install memcached  a high-performance, distributed memory object caching system,
 generic in nature, but intended for use in speeding up dynamic web 
applications by alleviating database load under CentOS / RHEL / Fedora /
 Redhat Linux?








Memcached is very fast caching system for MySQL. It uses libevent or 
epoll (Linux runtime) to scale to any number of open connections and 
uses non-blocking network I/O.








Required Packages


    

  1. memcached : High Performance, Distributed Memory Object Cache.
    2. 

  2. memcached-selinux : SELinux policy module supporting memcached.
    3. 

  3. perl-Cache-Memcached : Perl client for memcached.
    4. 

  4. php-pecl-memcache : Php client / extension to work with the Memcached caching daemon.
    5. 

  5. python-memcached : A Python memcached client library.
    6. 




Step # 1: Turn on EPEL Repo

Type the following command to enable EPEL repo which carries required memcache packages.

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm.




Step # 2: Install memcached

Type the following command to install memcached with php extension:

# yum install memcached php-pecl-memcache 





Step # 3: Configure memcached
Edit /etc/sysconfig/memcached, enter:

# vi /etc/sysconfig/memcached

Update it as follows:



PORT="11211"
USER="memcached"
# max connection 2048
MAXCONN="2048"
# set ram size to 2048 - 2GiB
CACHESIZE="4096"
# listen to loopback ip 127.0.0.1, for network connection use real ip e.g., 10.0.0.4
OPTIONS="-l 127.0.0.1"

The above will starts memcached up as a daemon, using 4GB of memory, 
and listening on IP 127.0.0.1, port 11211. Save and close the file. 




Step # 4: Run memcached

Type the following command to start memcached, enter:

# chkconfig memcached on

# service memcached start

To stop / restart use the following commands:

# service memcached stop

# service memcached restart




How Do I See Memory Memcached Slabs?

Type the following command:

# memcached-tool IP_ADDRESS:Port

# memcached-tool IP_ADDRESS:Port display

# memcached-tool 127.0.0.1:11211






  #  Item_Size   Max_age  1MB_pages Count   Full?
  1     104 B     5134 s       1      10      no
  2     136 B     5135 s       1      40      no
  3     176 B        0 s       1       0      no
  4     224 B     2648 s       1       7      no
  8     552 B     1810 s       1      12      no
  9     696 B     1810 s       1       6      no
 10     872 B     2935 s       1       8      no
 11     1.1 kB    4262 s       1      18      no
 12     1.3 kB    2990 s       1      23      no
 13     1.7 kB    2434 s       1      22      no
 14     2.1 kB    3489 s       1      11      no
 15     2.6 kB    2964 s       1      16      no
 16     3.3 kB    2861 s       1      14      no
 17     4.1 kB    2076 s       1       5      no
 18     5.2 kB    2981 s       1       5      no
 20     8.1 kB      64 s       1       1      no
 21    10.1 kB    1865 s       1       3      no
 29    60.2 kB    1550 s       1       2      no



How Do I See Memory Memcached Stats?

Type the following command:

# memcached-tool IP_Address:Port stats

# memcached-tool 127.0.0.1:11211 stats






#127.0.0.1:11211   Field       Value
         accepting_conns           1
                   bytes      399395
              bytes_read      504797
           bytes_written    17313658
               cmd_flush           0
                 cmd_get        1141
                 cmd_set         248
   connection_structures           9
        curr_connections           5
              curr_items         205
               evictions           0
                get_hits         898
              get_misses         243
          limit_maxbytes  1073741824
     listen_disabled_num           0
                     pid       40159
            pointer_size          64
           rusage_system    0.227965
             rusage_user    0.034994
                 threads           5
                    time  1255803547
       total_connections         344
             total_items         259
                  uptime        5829
                 version       1.2.8












Posted by



at





1 comment:
  






































          

        

          

        

Sunday, October 24, 2010


          

        









Find out non-system users











alias lsusers='getent passwd | tr ":" " " | awk "\$3 >= $(grep UID_MIN /etc/login.defs | cut -d " " -f 2) { print \$1 }" | sort'


 


Above command to list non-system users. It should be portable though won't work on systems without the getent command.










Posted by



at





1 comment:
  














































Changing file extensions










#rename 's/.html$/.php/' *.html



This will change the extension of every .html file in your PWD to .php.









Posted by



at





No comments:
  






































          

        

          

        

Friday, October 22, 2010


          

        









Configure AIDE












What is AIDE?

AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
There are other free replacements available so why build a new one?
All the other replacements do not achieve the level of Tripwire.
And I wanted a program that would exceed the limitations of
Tripwire.



AIDE is not installed by default. Install it with the command: 
# yum install aide 


Customize /etc/aide.conf to meet your requirements. The default configuration is acceptable for many 
environments. 


Generate a new database: 
# /usr/sbin/aide --init 
By default, the database will be written to the file /var/lib/aide/aide.db.new.gz. 
The database, as well as the configuration file /etc/aide.conf and the binary /usr/sbin/aide (or hashes 
of these files) should be copied and stored in a secure location. Storing these copies or hashes on read-only 
media may provide further confidence that they will not be altered. 
Install the newly-generated database: 
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz 
Run a manual check: 
# /usr/sbin/aide --check 
If this check produces any unexpected output, investigate. 



Implement checking with whatever frequency is required by your security policy. A once-daily check may be 
suitable for many environments. For example, to implement a daily execution of AIDE at 4:05am, add the 
following line to /etc/crontab: 
05 4 * * * root /usr/sbin/aide --check 










Posted by



at





No comments:
  














































phpBB on CentOS /RedHat /Fedora












THE #1 FREE, OPEN SOURCE BULLETIN BOARD SOFTWARE

phpBB is a free flat-forum bulletin board software solution that can
 be used to stay in touch with a group of people or can power your 
entire website.  With an extensive database of user-created modifications and styles database containing hundreds of style and image packages to customise your board, you can create a very unique forum in minutes.





Requirements




  



  



 phpBB3 has a few requirements which must be met before you are able to install and use it.



 
    

  • A webserver or web hosting account running on any major Operating System with support for PHP
    • 

  • A SQL database system, one of:
  
      

    • MySQL 3.23 or above (MySQLi supported)
      • 

    • PostgreSQL 7.3+
      • 

    • SQLite 2.8.2+
      • 

    • Firebird 2.1+
      • 

    • MS SQL Server 2000 or above (directly or via ODBC)
      • 

    • Oracle
      • 

    

    • 

  • PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
    • 

  • getimagesize() function need to be enabled.
    • 

  • These optional presence of the following modules within PHP will 
provide access to additional features, but they are not required.
  
      

    • zlib Compression support
      • 

    • Remote FTP support
      • 

    • XML support
      • 

    • Imagemagick support
      • 

    • GD Support
      • 

    

    • 


If your server or hosting account does not meet the requirements above we are afraid phpBB3 is not for you.



#yum install  mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin



#service httpd start

#service mysqld start

#mysql_secure_installation (set up root password)

 #wget http://sourceforge.net/projects/phpbb/files/phpBB%203/phpBB%203.0.7-PL1/phpBB-3.0.7-PL1.zip/download

http://www.mydomain.com/phpBB3/install/



:D 

 



  














Posted by



at





No comments:
  






































          

        

          

        

Thursday, October 21, 2010


          

        









ERP, CRM, E-Business / E-Commerce, SCM, MRP, CMMS/EAM










The Apache Open For Business Project is an open source enterprise
        automation software project licensed under the Apache License Version 2.0. By open source enterprise automation we mean:
        Open Source ERP, Open Source CRM, Open Source E-Business / E-Commerce, Open Source SCM, Open Source MRP,
        Open Source CMMS/EAM, and so on.




    

  • advanced e-commerce
    • 

  • catalog management
    • 

  • promotion & pricing management
    • 

  • order management (sales & purchase)
    • 

  • customer management (part of general party management)
    • 

  • warehouse management
    • 

  • fulfillment (auto stock moves, batched pick, pack & ship)
    • 

  • accounting (invoice, payment & billing accounts, fixed assets)
    • 

  • manufacturing management
    • 

  • general work effort management (events, tasks, projects, requests, etc)
    • 

  • content management (for product content, web sites, general content, blogging, forums, etc)
    • 

  • a maturing Point Of Sales (POS) module using XUI as rich client interface
    • 

  • and much more all in an open source package!
    • 


#wget http://mirror.nyi.net/apache//ofbiz/apache-ofbiz-09.04.zip

 #unzip apache-ofbiz-09.04.zip  -d /opt/project

#cd /opt/project

#ant run-install

#java -Xms128M -Xmx512M -jar ofbiz.jar 

#sh startofbiz.sh

Once OFBiz starts, you can look at the demo storefront at:
http://localhost:8080/ecommerce/

and the administration interface at:
http://localhost:8080/webtools/

You can log in with the user "admin" and password "ofbiz".













Posted by



at





1 comment:
  















































Boot Processes Fedora / CentOS /RedHat














The Boot Process

It is also easy to break. 




    

  1. 
The BIOS loads the Boot Sector
 (Grub) from Sector 0 
 
    

    2. 

  2. 
The Grub (root line in grub.conf)
 points to the partition containing the kernel (Linux). 
 
    

    3. 

  3. 
The kernel loads and initializes
 the devices and runs /sbin/init (process 1) 
 
    

    4. 

  4. 
/sbin/init runs
 /etc/rc.d/rc.sysinit to initilize devices. 
 
    

    5. 

  5. 
/sbin/init reads /etc/inittab 
 
    

    6. 

  6. /etc/rc.d/rc.sysinit run all the scripts int the approach run
 level directory.
    7. 




GRUB

Grub is the first step in the boot process and has the greatest Oh
---- factor. But it really doesn't have to be a big problem. You may
not need to boot from a live CD to fix this. There are three main
parts to boot step 




    

  • 
root 
 
    

    • 

  • 
kernel 
 
    

    • 

  • initrd 
 
    


    • 


Try booting and editing each of these lines in GRUB. Purposely
make mistakes to learn what errors are produced. 



The TAB key will do auto completions when you are editing a GRUB
options. 





Rescure Mode

Using the first CD to boot into Rescue mode. You can then search
for the root file system and mount it to the directory /mnt/sysimage.




  chroot /mnt/sysimage
  grub

Following this command you need to show grub where to read the grub
configuration. If the drive type may have changed, maybe because you
changed from IDE to SCSI disks you will need to do a --recheck. Then
install grub with the install command. 




  grub-install --recheck /dev/hda
  grub-install /dev/hda

Redhat will ask if you want to mount the root file system. If you say
no you will need to mount the root file system your self. Here are
the commands to do this with the VMware system. 




  mkdir /mnt/root
  mkdir /mnt/root/boot
  mount /dev/md1 /mnt/root
  mount /dev/md0 /mnt/root/boot




Fixing INITRD Modules

If the kernel is missing or corrupt you will need to reload it
from the install CD. 



If the initrd file is missing you you can also reload it with the
kernel. 



Adding missing modules to initrd: 




  rm -f /boot/initrd-2.6.18-194.17.1.el5.img
  mkinitrd --preload=xor --preload=raid456 /boot/initrd-2.6.18-194.17.1.el5.img
  2.6.20-1.2320.fc5

Manually changing initrd: 




  mkdir /root/initrd-tmp
  cd /root/initrd-tmp
  cp -a /boot/initrd-2.6.18-194.17.1.el5.img ..
  mv ../initrd-2.6.18-194.17.1.el5.img ../initrd-2.6.18-194.17.1.el5.img.gz
  gunzip ../initrd-2.6.18-194.17.1.el5.img.gz
  cpio -i --make-directories < ../initrd-2.6.18-194.17.1.el5.img
  vi init
  find . -depth | cpio -o > ../initrd-2.6.18-194.17.1.el5.img
  cd ..
  rm -rf initrd-tmp
  gzip -9 initrd-2.6.18-194.17.1.el5.img
  mv initrd-2.6.18-194.17.1.el5.img.gz initrd-2.6.18-194.17.1.el5.img
  mv initrd-2.6.18-194.17.1.el5.img /boot






SYSINIT






INITTAB

The file /etc/inittab controls the runlevel the system boots into.



You can override this by added the runlevel you want to the end of
the kernel line in GRUB. 




id:3:initrdefault:

Changing the 3 in this line will change the default runlevel to the
one you want. 









Runlevels

Here are the runlevels and what they mean. You should know the by
heart too. 




    

  • 
Run level 1 is single user 
 
    

    • 

  • 
Run level 2 is Multiuser without
 NFS 
 
    

    • 

  • 
Run level 3 is Full Multiuser 
 
    

    • 

  • 
Run level 4 is unused 
 
    

    • 

  • 
Run level 5 is X11 windows 
 
    

    • 

  • Run level 6 will reboot the system 
 
    


    • 


/etc/inittab not only starts rc.sysinit it also starts processes
that shouldn't die. One of these is the system console/s. It controls
which run level the system automatically boots to. The directory
/etc/sysconfig hold config files for process started at this level. 



RC scripts are kept in /etc/rc.d. The program that run the RC
scripts is rc.sysinit. These scripts are what is done when you change
run level with the init command. 



The fastest to set runlevel services is to use the command 'ntsysv
and tell it the runlevels you want to set. For example, this will
display and change runlevels 3 and 5. 




  ntsysv --level 35

Image:ntsysv.png



To turn on or off a RC script you can also use the command: 




  chkconfig --level command on/off

The option --level sets the run level to be change for the command
that is turned on or off. This can also be done with the GUI
system-config-services. 




  chkconfig --list

This command will list all the services and if they are on or off for
each run level. 




  chkconfig --add/--del command

This command will add or delete a new command from the RC start-up
scripts. 



After configuring a system like Apache it is easy to forget make
it start at boot time. Don't forget to reboot you system before the
test is over. 



You can debug the RC process by booting into single user mode and
running the RC scripts in the run level by hand. You can also bypass
init by adding init=/bin/bash the kernel line in GRUB. 









CLONING
or RESTORING a System

THIS IS NOT NEEDED FOR THE TEST 



Here are some of the issues if you are cloning or restoring a
system by copy all the files into empty directories and then
restoring the boot process. This process involves creating all the
required root directories (/ /etc /usr /bin /var /opt /home) and
coping all the files back into place with their ownership and
permissions maintained. Directories that are not copied include /tmp
/dev /proc /mnt. The directories that are not copied do need to be
created. 




    

  • 
The partitions and/or e2 labels
 may not be the same. This will require changing /etc/fstab 
 
    

    • 

  • 
Some directories will/may not be
 copied. This may include /dev. In witch case mounting the root file
 system with the chroot command will leave you without any devices. 
 
    

    • 

  • 
Grub.conf (/etc/grub/grub.conf and
 menu.lst) may also need editing. Both the root and kernel lines may
 contain references to the wrong partitions. 
 
    

    • 

  • /etc/mtab needs to be edited to match the new disk. Partition
 numbers can change and sometimes the type, like from IDE to SCSI
 (hda to sda). 
 
    


    • 


After booting into recover mode with the install CD. You will need
to mount all of the file systems into their place under
/mnt/sysimage. You can them mount the live proc and dev inplace with
the command: 




  mount -o bind /dev /mnt/sysimage/dev
  mount -o bind /proc /mnt/sysimage/proc

With the file systems in place you can use the chroot command to
create the write environment for fixing the master boot record and
Grub. 




  chroot /mnt/sysimage

















Posted by



at





No comments:
  














































RedHat / Centos minimal services










I always disable most of the services witch are activated by a default Centos 5.3 instalation.

 

 To disable them, run the following commands:

 
chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off

And you might consider disable this:

 
chkconfig sendmail off
chkconfig xinetd off
chkconfig acpid off
chkconfig microcode_ctl off
chkconfig irqbalance off
chkconfig haldaemon off
chkconfig messagebus off
chkconfig mdmonitor off













Posted by



at





No comments:
  















































osCommerce Installation on CentOS/ Fedora /RedHat












Welcome to osCommerce!

osCommerce has attracted a large growing e-commerce community that 
consists of over 239,200 store owners and developers who support each 
other and extend osCommerce Online Merchant with add-ons being 
contributed on a daily basis. To date there are over 6,100 add-ons that 
are available for free to customize osCommerce Online Merchant online 
stores and to help increase sales.


osCommerce Online Merchant is an Open Source online shop e-commerce 
solution that is available for free under the GNU General Public 
License. It features a rich set of out-of-the-box online shopping cart 
functionality that allows store owners to setup, run, and maintain 
online stores with minimum effort and with no costs, fees, or 
limitations involved.



#yum install  mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin



#service httpd start

#service mysqld start

#mysql_secure_installation (set up root password) 

#wget http://www.oscommerce.com/redirect.php/go,45

#unzip oscommerce-3.0a5.zip -d /var/www/html/oscommerce/

http://youdomain.com




































































Posted by



at





3 comments:
  






































        

      









Subscribe to:
Posts (Atom)