survival – Connection to ftp server using a script and block of commands automatically
It results a bit helpful to send certain information using FTP authenticated, but automatically for scripts, as you can see highlighted.
#!/bin/bash
#
umask 002FTP_Server=”webserver.queiroz.info”
FTP_USER=cqueiroz
FTP_PASSWD=blablablaREMOTE_FTP_DIR=/home/cqueiroz/log_bkp
LOCAL_FTP_DIR=/var/log/app/
cd $LOCAL_FTP_DIR
ftp -inv $FTP_SERVER<<EOF
user $FTP_USER $FTP_PASSWD
binary
cd $REMOTE_FTP_DIR
prompt off
pwd
put *log
bye
EOF
Survival – how to remove ^M from a file
There must be many users affected when you use a file edited on Windows and once passed to Linux/Unix is common to find a character at the end of line.
Using vi editor you could fix this inconvenient.
<Esc>:%s/<Ctrl-V><Ctrl-M>//g
Bye for now.
Setting a Ldap + Samba PDC –
Throughout all my posts, I wrote too much about Ldap Authentication, therefore, Samba won’t stay out of this party.
Remember, this party is by invitation only :)
You could check out my post about Ldap whether you feel confortable or not, whatever, just follow this post and at the end
you’ll be able to set up a Samba as PDC authenticated by Ldap. This example shown here is based on a minimal installation over Centos 5.3.
Firstly, we need to install all required packages by this example, but there are other things to be done like customizing theboot process.
[root@server ~]# for i in acpid auditd anacron autofs atd avahi-daemon apmd bluetooth cups crond kudzu firstboot iptables ip6tables gpm haldaemon hidd pcscd sendmail yum-updatesd ; do chkconfig $i off ; done
[root@server ~]#
Configure /etc/hosts
[root@server ~]# vi /etc/hosts
192.168.1.3 server server.queiroz.com
Turn selinux off.
[root@server ~]# vi /etc/sysconfig/selinux
SELINUX=disabled
Setting up a PDC with SAMBA under selinux and iptables.
Samba is an emulation to NetBios, a kind of maps (names) where Windows through broadcast can talk to each other. Before that
Internet has grown, Microsoft utilized a protocol called NetBEUI to comunicate to others Windows. Throughout this process of
migration, Novel launched Netware 5 with support to TCP/IP while Microsoft was working to improve Windows NT 3.5 to 4. it’s had
support to TCP/IP.
It’s simple as sound. First of all, there are two daemons incorporated. These are smbd and nmbd.
SMBD is a main samba daemon .
NMDB is a Netbios name service daemon.
First of all, let’s give permissions to samba working behind a firewall.
you can get it running system-config-security-tui or increasing the file /etc/sysconfig/iptables. It’s much better doing the
first one choice.
[root@server ~]# system-config-securitylevel-tui
Go ahead customize option and check samba checkbox followed by OK.
How to set up a DNS server master and slave.
DNS stands for Domain Name Services which means to translate computer names to IP Address. On this post, I’ll explain step by step how to set a Primary DNS and a Secondary DNS replicated by the first one. Both of them have an interactively of syncronizing theirs bases. I’m sure how easy it can be, I hope that to be useful for you.
For this example, I used CentOS-5 as base. So, let’s get started!
PRIMARY DNS SERVER SIDE (WEBSERVER01) (192.168.1.6)
1- Install these following packages
[root@webserver01 ~]# yum install bind bind-utils bind-chroot caching-nameserver
2- Configuring bind as cache name server.
Brief summary of the majors options.
listen-on port 53 – This wanna mean that the service will be running at port 53.
directory – it appoints where it will be stored. Remember, when we install bind-chroot, this isolate BIND in a so-called “chroot jail”, which limits access if DNS is compromissed.
allow-query – it allows machines execute queries on this server
Setting up a Squid Proxy Server – playing with ACLs, passwd file and LDAP Authentication
Hello everyone! Today I’ll blog about squid. I wanna play with ACLs, permissions, authentication based on passwd-file and Ldap. It’s gonna have to be thought pretty much before to implement it, but basically I’ll assume that the ideal environment is this one.
Let’s install it. yum is quite a useful tool :)
[root@webserver01 conf.d]# yum install squid
If you take a look at /etc/sysconfig/squid, you’ll see squid starts without dns resolution. It’s just -D as parameter.
SQUID_OPTS=”-D”
How to configure Virtual Hosts with LDAP and file-based authentication over apache2
Hi all folks. Today I’ll blog about Apache + ssl + VirtualHost and on top of all that I’ll describe how to increase the security based on ldap authentication and password file authentication.
It might be done either installing just the packages which are missing like below,
[root@webserver01 ~]# yum install httpd openssl mod_ssl mod_ldap
or you can try this way.
[root@webserver01 ~]# yum groupinstall WebServer
An Overview of some of the following options.
FollowSymIndex, AllowOverride(None, All, AuthConfig), include, indexoptions, order, allow, deny, DOcumentRoot, ServerAdm, ServerName, AddType, KeepAlive (keep number of conecctions, by default is off.)
FollowSymLinks allows the webserver to use symbolic link.
AllowOverride is related to directory security. It allows you to define a .htaccess to a directory. It can be defined as All, None also Authconfig.
Order defines the access order. it can be Allow and Deny.
include is useful to import others archives. if you wanna import ssl.conf file to httpd.conf, it’s just use include ssl.conf. anything else more than that.
indexoptions is an options that allows you to assign and define an order to index. you can include index.php, index.html. From the moment on a request to some directory and this directory contains one of these ones it will be loaded.
ServerName is a server which responses to this webserver. you can recognize an IP or host named-based.
DocumentRoot means Where are stored the files.
KeepAlive Keep a number of conecctions persistent (more than 1 conecction per user) and by default is off.
Review /etc/hosts, it needs looking like this. I’ll describe to set it up through hosts-based instead of a dns service.
192.168.1.3 webserver01 http://www.test1.com http://www.test2.com
It coud have been set up from the beggining using DNS servers, but don’t be angry, I’ll post something looked like it using bind.
Setting up a Ldap directory service – step by step.
I’m gonna blog and demonstrate in facts how to configure and administrate a LDAP directory services.
Actually, Ldap is a directory service which informations can be stored as a database and through these ones you may recognize you base authentication. This turns out that you could authenticate an user for multiples services.
We’re working over the following picture throughout the steps, where it indicates all our ldap tree.
picture1
Setting up a NIS server over CentOS5 working under nfs
Server side: Preparing
The /etc/hosts has to be like this. (you can replace the domain to whatever you desire, but on this exercise it was defined as “queirozpacheco.com”.
[root@server ~]# cat /etc/hosts
192.168.1.13 server server.queirozpacheco.com yum.queirozpacheco.com
192.168.1.14 host host.queirozpacheco.com
[root@server ~]#
Connecting host via ssh – let’s make the things turning out much easier for us.
[root@server ~]# ssh host
root@host’s password: (press ctrl + C)
So, in this step, press Ctrl + c and send the key pub generated by the server to the host client.
[root@server ~]# cat /root/.ssh/id_rsa.pub | ssh host “cat – > /root/.ssh/authorized_keys”
root@host’s password:
The server doesn’t ask for any password to grant access to you.
[root@server ~]# ssh host
Last login: Mon Feb 22 21:24:17 2010
[root@host ~]#
Client Side: Preparing.
[root@host etc]# cat /etc/hosts
192.168.1.14 host host.queirozpacheco.com
192.168.1.13 server server.queirozpacheco.com yum.queirozpacheco.com
[root@host etc]#
Growing a Raid 5. It has never been easier.
Add a new disk and prepare it with 3 partitions 6GB of size as well as the file system type as “fd”. It has to be like this: you can create whatever size you desire, it doesn’t matter. On one condition: It must have the same size to others partitions else of your array.
[root@carlosqueiroz ~]# sfdisk -l /dev/hdd
Disk /dev/hdd: 41610 cylinders, 16 heads, 63 sectors/track
Units = cylinders of 516096 bytes, blocks of 1024 bytes, counting from 0Device Boot Start End #cyls #blocks Id System
/dev/hdd1 0+ 11905 11906- 6000592+ fd Linux raid autodetect
/dev/hdd2 11906 23811 11906 6000624 fd Linux raid autodetect
/dev/hdd3 23812 35717 11906 6000624 fd Linux raid autodetect
/dev/hdd4 0 – 0 0 0 Empty
[root@carlosqueiroz ~]#
Setting a Raid5- the party hasn’t finished.
Let’s check out the survey below. We can find here two disks and one of them there’s no partition created. This one will be our raid. I’ll define 3 partitions
of 6 GB each of them. How smallest is the size of that, Less is the waiting time to create the array, I mean, you can spend some time on it. As it is an example, I’ll set all of these partitions as 6GB.
[root@carlosqueiroz ~]# fdisk -l
Disk /dev/hda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytesDevice Boot Start End Blocks Id System
/dev/hda1 * 1 13 104391 83 Linux
/dev/hda2 14 102 714892+ 82 Linux swap / Solaris
/dev/hda3 103 1305 9663097+ 83 LinuxDisk /dev/hdb: 21.4 GB, 21474836480 bytes
16 heads, 63 sectors/track, 41610 cylinders
Units = cylinders of 1008 * 512 = 516096 bytesDevice Boot Start End Blocks Id System
[root@carlosqueiroz ~]#
RAID I – from a normal file system. This party is by invitation only :)
As we can see, the survey found is a simple server installed to use normal store file system.
[root@carlosqueiroz /]# fdisk -l
Disk /dev/hda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytesDevice Boot Start End Blocks Id System
/dev/hda1 * 1 13 104391 83 Linux
/dev/hda2 14 1215 9655065 83 Linux
/dev/hda3 1216 1304 714892+ 82 Linux swap / Solaris
[root@carlosqueiroz /]#Check out how mount points are.
[root@carlosqueiroz ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 9.0G 969M 7.6G 12% /
/dev/hda1 99M 12M 83M 12% /boot
tmpfs 172M 0 172M 0% /dev/shm
[root@carlosqueiroz ~]#
Installing a server based on LVM on Centos 5.4
This new generation gets over all what I’ve expected. When I was gonna resize a partition I used to do this task either partition magic for Windows or resize2fs for Linux ext3 file systems and sometimes it was resized for breakfast, don’t misunderstood me, but it’s not definitely the most safe way to resize partitions. I know there are many ways to implement it, but for now I’m running for LVM :P
Today there are many tools available to resize a partition, however when we’re talking about a critical server in output which it has incorporated raid and unstoppable services, we need to design better how the information will be stored as well as implementing a file system more dynamic.
Here are the steps for installing a server based on LVM.
Applying quotas on Linux file systems.
Some reasons to set up a quota disk on your server. I’ll tell some of those on the most basic way to be understood.
You could manage from the beginning the space in disk on your server applying quotas. It allows you to fix a disk quota for some user and group. It’ll determine how the size leftover a certain user could be stored.
I’ll post step by step, how to configure file systems using disk quota.
For now, we’ve got our partition disk configured like this: You definitely don’t need to follow this partition layout of course but it’s recommended apply quotas in a partition independent from root file system, although it allows you to do it.
Installing rpmforge repo over Centos 4.8
That can easyly be downloaded and you can do it throught this link below.
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el4.rf.i386.rpm
once you’ve got it, type:
rpm -ivh rpmforge-release-0.5.1-1.el4.rf.i386.rpm
Here you are. You’re ready for using this repo. I’d give some tips about that. I’d install fluxbox window manager.
# yum install fluxbox xorg-x11-xinit xorg-x11-server-Xorg
Bye for now.
Setting up a zope plataform server over Centos 4.8
Well, early I’ll post how to make a similar step under a FreeBSD system, but for now I’ll give to everybody who follows my blog a brief summary over such steps.
This steps consist besides installing a platform Zope, we’re gonna install Mysql Database and their such modules for connecting from Zope interface to Mysql Database.
So, let’s get started.
1- Install Mysql Database.
[root@darth-maul ~]# yum install mysql mysql-server
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Another yum’s troubleshooting. Cannot find a valid baseurl for repo: update
According to Centos 4.8, once installed by rpm a package called rpmforge, it came up this error after running yum update command.
#yum update
Cannot find a valid baseurl for repo: update – Error
I found this somewhere unknown and I decided to blog it just in the case where someone needs getting this. I hope that could be useful.
Follow this steps and good luck.
#rm /dev/urandom
#mknod -m 644 /dev/urandom c 1 9
#yum clean
#yum update
Cheers.
Error yum update File “/usr/bin/yum”, line 29, in ?
On these days ago, I’ve been trying to make an update in my yum repo. So I’ve got the server behind a proxy connection. I’ll report this error just either if one day I by chance forget or anyone else needs it.
# yum update
…… >> checking all the updates and settings the correct files for updating (no mirror problems!), then I get:
Traceback (most recent call last):
File “/usr/bin/yum”, line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File “/usr/share/yum-cli/yummain.py”, line 229, in user_main
errcode = main(args)
File “/usr/share/yum-cli/yummain.py”, line 145, in main
In my /etc/bashrc was looking like:
export http_proxy=10.0.0.1
but the right way is:
export http_proxy=http://10.0.0.1:3128
Cheers!
Setting Internet connection to Shell Linux behind a proxy.
On this last days I needed installing some staff in some server and in fact it hasn’t been immediately. The server was behind a proxy Internet connection.
So, here you are the steps for configuring a proxy at your linux environment.
It depends which distro you are working on.. But the concept is basically to export 2 variables to the environment shell. You can get it from several ways. I’ll quote one of those.
1- Firstly open /etc/bashrc or ~/.bash_profile or still ~/.bashrc
2- At the end of file or wherever you want, put these lines in:
export HTTP_PROXY=http://username:password@proxyserver.net:port/
export FTP_PROXY=http://username:password@proxyserver.net:port/
3- Once it has put them, quite saving and login again.
Cheers.
How to allow a certain user to execute sudo commands without typing the root password
Okay, another useless thing, but who knows some day it can become useful.
1- Edit /etc/sudoers
2- Type into a new line: user ALL=NOPASSWD:ALL, that would be like this:
Note that our user is called by machine2.
3- Exit
4- Logout from your session and try to login again with machine2 user. Then execute a command through sudo. You’ll notice that doesn’t ask it for a root password.
Setting a user without password.
Hey men!! How are you doing? I’m gonna write about users and its way of login.
There are many ways to access to the system and some reasons to implement one of those below.
On These days a big friend of mine asked me if I knew how to take the password out of a user. In other words, He didn’t want password builting into a user.
Great, It seemed to me a bit strange but I’ll post if anyone else would by chance need to implement it.
1 – open through vi command the file /etc/passwd
2- search for the user line.
3- Cut the “x” character out.
4 – Then save the file while get out of here :wq
Diversity
Outside of the corporate world, we’ve got many and different behavours imaginable related to persons.
It’s so clear when we’re able to make distinctions about how persons behave. That’s also can be called Perspection. Human Beings’ Perspections is through diferences.
We know that red color is red at all, because we really know that blue color is different from red. There was a perspection builting on our brain, if we can say on this way.
You look at towards to me and say: Hey, watch out, there’s a thing too near to your ear. So I can’t even feel, so how can he expect me to know it? It can be seen from different severals kind of angles. Engineer versus manufacture, old versus yong, who has a culture special versus how doesn’t know a thing about it. So, I mean…. Diversity is based on differences and it’s therefore absolutely the opposite of community. It’s much more comfortable living in community, it’s clear, however when you wanna gaim a strong experience and a great power of making advantages, you gotta learn to live around diversity.
C’mon, it’s can be defined by a great teamwork. Do you wanna see an exemple of teamwork at a given both collaboration and perspection? Football. How could you explain to me when such a player suddenly gives a pass to other player without even look at him and his face isn’t up to the game. Wherever position he is, he has builting on himself the perspection covered the gaps that needed to feel whenever other player will pass through his back and then he can pass the ball to him, simply to make a goal!
Well folks, that’s all for today. Cheers! Greatings from Carlos! bye
Configuring a wlan under wpa key
Forget iwconfig command, that only used on wep-key authentication.
For configuring a wpa you have to edit
/etc/wpa_supplicant/wpa_supplicant.conf
We will get something like that. if there’s any line left cut it out. Everything what don’t look like the context below is therefore unecessary.
ap_scan=1
fast_reauth=1
network= {
ssid = “my essid”
psk = “my wpa key”
}
For getting up the interface we have to type:
iw_suplicant -c /etc/wpa_suplicant/wpa_suplicant.conf -i wlan0
This method works independent from NetworkManager service. Although you get it with NetworkManager service, sometimes you’d rather to configure a simple and functional process. I’m used to work over fluxbox at minimal configuration.
Greetings from Carlos, I hope that it can be useful.
Have a fun, enjoying by awk, part 1
Let’s learn a bit of awk command once for all. SO HERE WE GO!!!!
Here I wanna describe some certain command sentences where there’s people that find it useful. I’m right one of them.
So, let’s say if you someday need to put in action a simple command line which can be able to get part of a command out and implement it whatever you want.
For exemple.
Have a look right down on this content
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:09:6B:7F:FA:29
inet addr:10.0.46.66 Bcast:10.0.46.95 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:414766283 errors:0 dropped:0 overruns:0 frame:0
TX packets:329442281 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Now you predict to catch all of your servers and workstations IPs and Masks up, once they’ve been put in a file list.
ifconfig eth0 | grep inet |awk {‘print $2’} >> /tmp/foobars.txt
addr:10.0.46.66
ifconfig eth0 | grep inet |awk {‘print $4’} >> /tmp/foobars.txt
Mask:255.255.255.224
Don’t be afraid, I’ll make a quick explanation about the command above.
Well, ifconfig command comes out all that description lines previously. After that, everything what came out from the ifconfig command will be redirected to other command in order. The second one (grep) will get the ifconfig output and it must return a line like this:
“inet addr:10.0.46.66 Bcast:10.0.46.95 Mask:255.255.255.224”.
We can notice some gaps after each information, awk (our next command) will get that information and split by gap.
Actually, each gap consists an information stored by a variable starting for $1.
So if you just wanna get the IP’s number and Netmask’s number information based on the list returned (inet addr:10.0.46.66 Bcast:10.0.46.95 Mask:255.255.255.224). where we’ve found:
inet ($1)
addr:10.0.46.66($2),
Bcast:10.0.46.95 ($3),
Mask:255.255.255.224 ($4).
So, here you are.
Now it’s just redirect its output to a file with “>> / tmp/foobars.txt”
Until next time!!!
A great and usually useful command to capture the graphical screen (X) through a shell.
If you sometimes have to be connected on a Linux Station through ssh connection and you by chance want to see what the user currently is doing. I’m convinced at all that kind of problem what is using up too much of your time (wasting time as it is called here). It’s due to an effort of a big friend of mine. DiDi Pena :)
Just type:
import -display :0 -window root printscreenfromblablabla.jpg
I think that’s all for today!
Have you all a good weekend.
Cheers!
Carlos Queiroz's blog. 