DNS configuration on CentOS /RedHat 6.2

Step 1
#ifconfig

 Step 2
# vi /etc/hosts

Step3
# vi /etc/sysconfig/network

Step 4
#vi /etc/resolv.conf

Step 5
#service network restart

Step 6
#yum install bind* -y

Step 7
#vi /etc/named.conf

 Step 8
#vi /etc/named.rfc1912

Step 9
#cd /var/named/
#ls
#cp named.localhost forward.zone
#cp named.loopback reverse.zone

Step 10
# vi forward.zone 

Step 11
#vi reverse.zone

Step 12
# dig dns.mydns-setup.com

Server’s Serial Number from command line – RedHat/CentOS

To get service/serial number from command in linux run command below. The first result is the service tag which usually in alphanumeric.


[server@dev-test ~] # dmidecode | egrep -i “serial|product”
output example:
Product Name: PowerEdge R710
Serial Number: 378CDE1
……..
Product Name: 0DCR13
Serial Number: ..ABC980CDE4545XYZ.
Serial Number: AB66X66
Serial Number: Not Specified
Serial Number: Not Specified
Port Type: Serial Port 11204A Compatible
……

Postfix Mail Server on RedHat 6 /CentOS 6

In this setup:
IP address of server = 161.101.234.62
Hostname = mail
Domain Name = yeswedeal.com
Full Computer name (FQDN) = mail.yeswedeal.com

Note: Make sure DNS Server is properly configured.

Install Required package:
yum install postfix dovecot squirrelmail http  -y

# vim  /etc/postfix/main.cf
inet_interface   =   all
# inet_interface   =  localhost
mydestination =  $myhostname,  localhost.$mydomain, localhost,  $mydomain
home_mailbox =  Maildir/


vim  /etc/dovecot.conf
protocols  =  imap  imaps  pop3  pop3s
mail_location  = maildir:~/Maildir
pop3_uidl_format  =  %09Xu%09Xv
imap_client_workarounds = outlook-idle  delay-newmail  netscape-eoh
pop3_client_workarounds = outlook-no-nuls    oe-ns-eoh

vim  /etc/squirrelmail/config.php
$domain                       = ‘yeswedeal.com’;
$imapServerAddress    = ‘161.101.234.62’;
$smtpServerAddress    = ‘161.101.234.62’;
$default_folder_prefix   = ‘Maildir/’;

service  postfix  restart
service   dovecot   restart
service httpd  restart

Linux Easy Admin Utilities For RHEL, FEDORA, CENTOS, OPENSUSE, UBUNTU, DEBIAN, SLACKWARE

The IT Infrastructure Analyst, IT Ops Engg., Systems Admin, IT Support Engg., IT Helpdesk Engg. Companies changes and Job titles change but the responsibilities over lap and mix. My quest to make work fun, simple, joy and easy has lead to write, collect, source and use various scripts and tools that will help in a very easy and fun filled work flow with computers and IT systems.

This project is to write and collect tools and utilities that make System Administration easy and simple. If a hard working Admin cannot have a beautiful wallpaper on his screen then the Admin can at least have one complete set utility tools that make the brow sweat free and achieve deadlines.

The current list of tools:

Password Generator<br> Network & Firewall Auditor<br> Disk Auditor<br> FS Auditor<br> General System Auditor

Download at:

http://code.google.com/p/linux-easy-admin-utilities/
http://sourceforge.net/projects/lnxesyadmutil/

 # wget http://linux-easy-admin-utilities.googlecode.com/files/linux-easy-admin-util-v0.2.tar.gz
# tar -zxvf linux-easy-admin-util-v0.2.tar.gz
# cp easy-admin/* /usr/local/bin/
# adtdepchk

genadtchk - General Audit Checker: This script generates a simple information information about your system. Basic system, Memory, Disk, File System, Network data is audited.
dksadtchk - Disk Audit Checker: This script generates a complete and compressive information about your systems disk and storage. Total disks at boot time, contained partitions, partitions used, removable disks, capacity and free capacity etc.
fsadtchk - File System Audit Checker: This script generates a complete and compressive information about the systems FS usage and current mounted, total available, type, size, free, and space occupying number one folder or file from the FS.
netadtchk - Network Audit Checker: This script  generates a complete and compressive information about the network interfaces - hardware, virtual, local and other , firewall and its status, outgoing firewall status, current process that are having listening processes, port - ip - process - executable table, IPV4/6 feature, forwarding, masquerading for the system.

Install Xserver(windows) and Gnome on Centos/RedHat using Yum

# yum groupinstall "X Window System" "GNOME Desktop Environment"

# yum groupinstall "X Window System" "KDE (K Desktop Environment)"  


#yum groupinstall gnome
 
#yum groupinstall kde

ext3 or ext4 partition recover deleted files Centos /Fedora

Extundelete is a utility that can recover deleted files from an ext3 or ext4 partition. The ext3 file system is the most common file system when using Linux, and ext4 is its successor. extundelete uses the information stored in the partition's journal to attempt to recover a file that has been deleted from the partition. There is no guarantee that any particular file will be able to be undeleted, so always try to have a good backup system in place, or at least put one in place after recovering your files!

Download and Install Extundelete:
Download the latest version of Extundelete - http://extundelete.sourceforge.net/

To compile and install Extundelete, you should first install the binary and development packages for e2fsprogs and e2fslibs.  You must also have a C++ compiler and a make utility to compile extundelete.
Go to terminal and type following command to install Extundelete:

#yum install -y gcc-c++ autoconf automake

#tar -xjf extundelete-0.2.0.tar.bz2

 

#cd extundelete-0.2.0

 

#./configure

 

#make

The extundelete program may be run as-is from the build directory, or you may wish to install it to a directory that is shared with other executable programs, which you may do by running the following command: make install

Using extundelete:
Assume you have deleted a file called /home/rajat/snap. Also assume the output of the 'mount' command shows this line (among others):

/dev/sda3 on /home type ext3 (rw)

This line shows that the /home directory is on the partition named /dev/sda3, so then run: 
umount /dev/sda3 and check that it is now unmounted by running the mount command again and seeing it is not listed.Now, with this information, run extundelete:
 
# extundelete /dev/sda3 --restore-file /home/rajat/snap/

If you have deleted the directory 'important', you can run: 
 
# extundelete /dev/sda3 --restore-directory /home/rajat/video

Or if you have deleted everything, you can run: 
 
# extundelete /dev/sda3 --restore-all

Installation TAR lates version on Cent OS /RedHat 4 /5

wget http://ftp.gnu.org/gnu/tar/tar-1.26.tar.gz

tar zxvf tar-1.26.tar.gz

cd tar-1.26

./configure FORCE_UNSAFE_CONFIGURE=1

make

make install

cp -f src/tar /usr/local/bin/tar

once log off and login 

Ports for RHEV-M

Red Hat Enterprise Virtualization Manager  required following ports.

Port(s)	Purpose	Remote End
22	ssh	Used for maintenance of the virtualization hosts.
80	http	Administration Portal clients User Portal clients Virtualization hosts REST API clients
443	https	Administration Portal clients User Portal clients Virtualization hosts REST API clients
25285	netconsole	Virtualization hosts
54321	xml-rpc	Virtualization hosts
8006-8009	xbap	Administration Portal clients

Open the Command Prompt (Run --> cmd ) on your windows machine and run these below script that will open all the required ports .

c:\> for /D %p in 

(25285,54321,22,8006,8007,8008,8009,80,443) 

do (netsh firewall add portopening protocol 

= TCP port = %p name = RHEVM%p) 

c:\> netsh firewall set icmpsetting 8 enable

EMC PowerPath basic commands RedHat /CentOS

PowerPath is a multipathing software for Unix operating systems from EMC. If you have ever worked or you are going to work in an environment that includes EMC storage systems it is more than sure that Powerpath will be installed in the Unix hosts.
Following are some notes and tips I’ve been creating since the very first time I found Powerpath, of course this isn’t a full user guide but a sort of personal quick reference. I decide to put it here in the hope that it will be helpful to anyone and for my personal use.

Show powermt command version

Display PowerPath configuration.

 Check for death paths and remove them. List all devices.

Cluster How to CentOS / RedHat 6.2

Step # 1: Mount an ISO file.

# mkdir -p /media/centos
# mount -o loop /dev/centos6X.iso /media/centos

Step # 2: Create repo config file on both the node.

# vi /etc/yum.repos.d/iso.repo
[ISO]
baseurl=file:///media/centos
enabled=1

Save and close the file

Step # 3: Stop firewall on both node.

#chkconfig iptables off
#chkconfig ip6tables off

Step # 4: Disable Selinux.

#vi /etc/selinux/config
disbale selinux

reboot (if you want)

Step # 5: Add hosts entery on both node.

#vi /etc/hosts
192.168.1.10 node1.clustering.com
192.168.1.11 node2.clustering.com (add this entery to both the node)

Step # 6: Create a ricci user & passwd.

#useradd ricci
#passwd ricci

Step # 7: Install Cluster software.

#yum install cman rgmanager luci ricci (on 1st node)
#yum install cman rgmanager ricci

Step # 8: Start service on both node

#service ricci start (on both the node)

Shutting down ricci:
Starting oddjobd:                                          [  OK  ]
generating SSL certificates...  done
Generating NSS database...  done
Starting ricci:                                            [  OK  ]

#service luci start (on 1st node only)
service luci restart
Stop luci...                                               [  OK  ]
Start luci...                                              [  OK  ]
Point your web browser to https://centos1.clsutering.com:8084 (or equivalent) to access luci

Step # 9: Open the firefox.

https://192.168.1.10:8084/

login as root & root passwd

Follow the snap short or you watch youtube to create a Cluster on following link

http://www.youtube.com/watch?v=Cegjvhr7m2s 

RedHat / CentOS Cluster, Which ports need to be open within iptables

cman (Cluster Manager) UDP Ports 5404, 5405

# iptables -I INPUT -m state --state NEW -m multiport -p udp -s 192.168.1.0/24 -d 192.168.1.0/24 --dports 5404,5405 -j ACCEPT

# iptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 192.168.1.0/24 --dports

 dlm (Distributed Lock Manager) TCP Port 21064

# iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 21064 -j ACCEPT

 ricci (part of Conga remote agent) TCP Port 11111

# iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 11111 -j ACCEPT

 modclusterd (part of Conga remote agent) TCP Port 16851

# iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 16851 -j ACCEPT

 luci (Conga User Interface server) TCP Port 8084

# iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 8084 -j ACCEPT

 igmp (Internet Group Management Protocol)

# iptables -I INPUT -p igmp -j ACCEPT

Linux LVM

1. create LVM partition:

fdisk /dev/[disk]

change partition type from LINUX to LVM

2. initialization LVM partition:

pvcreate /dev/[disk_partiton1] /dev/[disk_partition2]

check commands:

pvs
pvdisplay

3. create LVM group:

vgcreate [group_name] /dev/[disk_partition1] /dev/[disk_partition2]

check commands:

vgs
vgdisplay

4. create logical volumes which is attached to group:

lvcreate -L[size]M -n [vol_name] [group_name]

check commands:

lvs
lvdisplay

5. format volumes:

mkfs.ext3 [LV_name_from_lvdisplay]

---

EXTEND
change size volume:

lvextend -L +[size]M [LV_name_from_lvdisplay]

change size partition:

resize2fs [LV_name_from_lvdisplay]

REDUCE

fsck -f [LV_name_from_lvdisplay]

change size partition:

resize2fs [LV_name_from_lvdisplay] [size]G

change size volume:
lvreduce -L -[size]G [LV_name_from_lvdisplay]

Force User to Change Password at First Login Fedora /Centos /Suse /Ubuntu

To setup this there are various ways, but I believe one of the very simplest one is the one I am going to explain below.

For ex: You created a new user “fake”:

# useradd fake

Create password for the user

# passwd fake
Changing password for user foo.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:

Then to force the user to change the password at the first login, simply set the password to expiry:

#chage -d 0 foo

This command will set the password to expiry and will force user to change their password at the next login.

Setting it default for all new Users:

A system admin is one which who can do the work but a efficient system admin is the one who do the work manually first time and then make computer to work for him next time for same task. Same thing is true over here. You want all the new users added to your system, to be forced to change their password at the first login, update this file

#vi /etc/default/useradd

 GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=0 #(need to add zero "0")
SHELL=/bin/bash
SKEL=/etc/skel
GROUPS=video
CREATE_MAIL_SPOOL=no
UMASK=022

This file contains the details, what all settings will be applied to the new users created into the system with useradd command.

Just set the value of EXPIRE=0 in this file, and after that, every time when a new user will be created, they will be forced to change the password at the next login.

password duration:
for new accounts default settings are in /etc/login.defs
settings for current accounts are in /etc/shadow but we edit by command chage
chage -l [user] #check settings for user
chage -E "YYYY-MM-DD" [user] #set date when account expire, -1 means never
chage -M [nr] [user] #set maximum number of days between password change from last password change, -1 means never expire
chage -d "YYYY-MM-DD" [user] #set last password change
chage -W [nr] [user] #number of days of warning before password expires
chage -i [nr] [user] #set password inactive, when account is blocked after password expire

RedHat / CentOS 6 Bonding

Bonding

Bonding (also known as “Ethernet bonding”) is a computer networking arrangement in which two or more network interfaces on a host computer are combined for redundancy or increased throughput.
mode=0 (Balance-rr) – This mode provides load balancing and fault tolerance.
mode=1 (active-backup) – This mode provides fault tolerance.
mode=2 (balance-xor) – This mode provides load balancing and fault tolerance.
mode=3 (broadcast) – This mode provides fault tolerance.
mode=4 (802.3ad) – This mode provides load balancing and fault tolerance.
mode=5 (balance-tlb) – Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.
mode=6 (Balance-alb) – Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.

Note: Always append extra configuration in case of a rollback.

Configuring  Bonding

# cd /etc/sysconfig/network-scripts/

# vi ifcfg-bond0

1 2 3 4 5 6 7 8 9 10

DEVICE=bond0 USERCTL=no BOOTPROTO=none ONBOOT=yes IPADDR=10.0.0.10 NETMASK=255.255.0.0 NETWORK=10.0.0.0   TYPE=Unknown IPV6INIT=no

# vi ifcfg-eth0

1 2 3 4 5 6

DEVICE=eth0 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no

# vi ifcfg-eth1

1 2 3 4 5 6

DEVICE=eth1 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no

# vi ifcfg-eth2

1 2 3 4 5 6

DEVICE=eth2 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no

Due to the fact that /etc/modprobe.conf has been deprecated in RedHat / CentOS 6, the process of bonding network interfaces has changed a bit.
Now instead of defining your bond in your /etc/modprobe.conf, you define it in /etc/modprobe.d/bonding.conf

# vi /etc/modprobe.d/bonding.conf

We’ll be using mode=6 (Balance-alb)
Append the following onto the end out your modprobe config file

1 2	alias bond0 bonding options bond0 mode=6 miimon=100

# servive network restart

P2P P2V V2V V2P or Clone RedHat /CentOS /Fedora /Ubuntu

Using dd Clone Server or P2P P2V V2V V2P

 Exactly same hardware.

 Different hardware.
 Virtual  Machian

In my case 2 HP ProLiant DL385, one server is year old and seen come to DC is it on from there we have clone using following.

HP ProLiant DL385 = studyhat.com which is in live for production.
HP ProLiant DL385 = new brought to DC we want to create clone of studyhat.com
We have created on XEN virtualization one clone of HP ProLiant DL385  

* Boot with Live CD's new server where you want clone.

* Give IP Address to eth0 .

* Ping to the server from where you want to clone.

* dd if=/dev/sda | ssh root@ipaddress "dd of=/dev/sdb"

* ssh <ipaddress of running server> 'dd if=/dev/sda' | dd of=/dev/sda

* ssh <ipaddress of running server> 'dd if=/dev/sdb' | dd of=/dev/sdb 

* # dd if=/dev/sda | ssh root@xxx.xxx.xxx.xxx (target ip address )'dd of=/dev/sda'

*#dd if=/dev/sda |gzip -c --fast| ssh root@target ip address 'gzip -d | dd of=/dev/sda'

* Once you get # <console> 

* #vi /etc/sysconfig/network

* #vi /etc/hosts /

* #vi /etc/sysconfig/network-scripts/ifcfg-bond0

*  #vi /etc/sysconfig/network-scripts/ifcfg-eth0

*    * #vi /etc/resolv.conf

*    * # reboot

 

Linux Directory Structure

/bin - This directory contains most of your non-privileged system commands such as ls, mkdir, rm, etc.

/boot - Contains the systems boot image, bootloader, and the kernel

/dev - Symbolic links to system devices such as optical and removable drives

/etc - Contains all system configuration files and most configurations for installed packages

/home - Contains a directory for each user and contains profile information

/lib - Contains dynamic libraries and modules for the Linux system and installed packages

/media - Contains mount points for optical drives and removable media

/mnt - Used as a location for mounted drives and shares

/opt - Contains user installed packages and custom software not handled by the system or package manager

/proc - An interface between the kernel and the system, useful for diagnostics and system information

/root - The root superuser's home directory

/sbin - Contains privileged commands that are usually run as superuser (root/sudo)

/sys - An interface between the kernel and the system, used for modifying system settings

/tmp - A location for temporary files such as sessions on a web server

/usr - Contains most installed packages that are not part of the system, user installed programs

/usr/bin - Contains commands related to user installed packages in /usr

/usr/sbin - Contains privileged commands related to user installed packages in /usr

/var - Contains files that change often or accessed frequently

/var/log - Contains all system logs and most logs generated by installed packages

Linux NAT

If you are running a recent 2.6 Linux Kernel this four step process should work for you. This has been specifically tested on Fedora Core 3, 4, 5, and 6, but should work on any modern Linux distribution. All of these commands must be executed as the root user. First you need to tell your kernel that you want to allow IP forwarding.

echo 1 > /proc/sys/net/ipv4/ip_forward

Then you'll need to configure iptables to forward the packets from your internal network, on /dev/eth1, to your external network on /dev/eth0. You do this will the following commands:

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

You should now be NATing. You can test this by pinging an external address from one of your internal hosts. The last step is to ensure that this setup survives over a reboot. Obviously you should only do these last two steps if your test is a success.

Search Engine Installation and Configaration

Introduction
htdig is a webpage search engine licensed under the GNU Public License. It uses a very simple configuration file to allow it to search only the webpages you specify. For example, you can exclude the cgi-bin or a testing directory from the search engine. In addition to installing it on a webserver, some programs use it as a search engine plugin such as Glade, the GTK+ User Interface Builder. In addition, it will create a searchable database of any website. You just supply to URL.
Installing htdig

1. Download the latest version from the htdig ftp server.
2. tar -xvfz htdig-3.1.5.tar.gz
3. cd htdig-3.1.5
4. ./configure
5. make
6. make install

Configuring htdig

Once you have htdig installed, you must make a few changes to the configuration file and the HTML templates into which the search results are embedded.

Configuration File

The configuration file for htdig is located at /opt/www/htdig/conf/htdig.conf. It is pretty self-explanitory. The main attributes you need to configure are as follows. It will work if you leave the defaults for the other options or change them if you wish.

Attribute	Value	Example
start_url	URL of your site	http://www.mywebsite.com
exclude_urls	Directories you do not want searched separated by white spaces	/cgi-bin/ /testing/
adminstrator	Email address of administrator	admin@mywebsite.com
search_results_header	HTML file to be used as header of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/header.html	/home/httpd/search/header.html
search_results_footer	HTML file to be used as footer of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/footer.html	/home/httpd/search/footer.html
nothing_found_file	HTML file to be displayed if there is no match to search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/nomatch.html	/home/httpd/search/nomatch.html
syntax_error_file	HTML file to be displayed if there is a syntax error in the search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/syntax.html	/home/httpd/search/syntax.html

HTML Templates

If you don’t want to use the default look-and-feel of htdig, you can edit the following files to use the look-and-feel of your website. The paths may be different if you choose to change the paths of them in your configuration file.

• /opt/www/htdig/common/header.html
• /opt/www/htdig/common/footer.html
• /opt/www/htdig/common/nomatch.html
• /opt/www/htdig/common/syntax.html

Post-installation and configuration

1. Next, you must setup the search database by running the script /opt/www/htdig/bin/rundig.
2. Copy the default search.html and images from /opt/www/htdocs/htdig to a directory named htdig off of your webRoot. If the images are not in this directory, they will not appear unless you configure it otherwise it htdig.conf.
3. Copy /opt/www/cgi-bin/htsearch to the cgi-bin for your webserver.
4. Test the search engine by opening search.html in your browser and entering a search string.
5. Because the search engine uses a database to return results, the database must be rebuilt with the rundig command used in step 1 every time any pages are added to the website.
6. If you want to configure anything else, refer the the htdig website. Pretty much everything is configurable with htdig.