Showing posts with label RHEL. Show all posts
Showing posts with label RHEL. Show all posts

Wednesday, May 8, 2019

How to view httpd.conf file or any config files in Linux without coments

Hello,

Have you ever wondered how to view the Linux configurations files without those comments? Well those comments are indeed helpful, but think about configuration files such as httpd.conf and squid.conf files. These files have good amount of commented lines.

The issue with the httpd.conf file in particular is that not all commented lines starts with #. Some commented lines start after a tab.

Example:
# Further relax access to the default document root:

    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
You could remove those tabbed comments as well using "sed" or using "egrep" with proper Regex.


# egrep -v "^$|*#" /etc/httpd/conf/httpd.conf

Or

# sed '/ *#/d; /^ *$/d' /etc/httpd/conf/httpd.conf


Hope this helps.

Regards,
Jay

Tuesday, October 7, 2014

Disk Metadata : Superblock, Directory and Inodes

Metadata
Filesystem blocks are user for 2 purposes : To store User data and Metadata
  • User data - stores actual data contained in files
  • Metadata - stores file system structural information such as superblock, inodes, directories
Metadata describes the structure of the file system. Most common metadata structure are superblock, inode and directories.

Superblocks
Every FS has a superblock which contains info about filesystems such as :
  • File system type
  • Size
  • Status
  • Information about other metadata structures
    • For filesystems with 1k blocksizes, a backup superblock can be found at block 8193
    • For filesystems with 2k blocksizes, at block 16384
    • For 4k blocksizes, at block 32768.
List backup superblocks:
# dumpe2fs /dev/hda3 | grep -i superblock

If Superblock  is corrupted, restore with backup :
# e2fsck -f -b 8193 /dev/sda3
 
Inode
 
 An inode is a data structure on a Linux Unix FS which stores stores basic information about a regular file, directory, or other file system objects.  

Monday, April 28, 2014

Recover deleted files used by any process in Linux from RAM memory.


Every thing in Linux is a File. A file in turn is actually a pointer to inode which contain the actual data on the disk, permissions, ownership. Now what happens when a file is deleted ? Only the link is removed by not the inode or the actual data. if a process is using the file, or if the file is open , the inode is not released for overwriting util the process is done with the file. Such files will remain in the server memory (RAM). 

Lets discuss how to recover such deleted files which is being used by a process.

Lets do it with an example.

Create a test file.
# touch testfile.txt

Echo some random data on it.
# cat /dev/random > testfile.txt

Open the file using some command like below.
# less  testfile.txt

# ps -ef | grep -i less
less 4607 root  4r  REG 254,4   21  
           8880214 /root/testing.txt (deleted)

All the open files remain in the memory and hence in the /proc filesystem. The important columns in the above output are the second one, which gives you the PID of the process that has the file open (4607), and the fourth one, which gives you the file descriptor (4). Now, we go look in /proc, where there will still be a reference to the inode, from which you can copy the file back.

# ls -l /proc/4607/fd/4
lr-x------ 1 root root 64 Apr  7 03:19 
             /proc/4607/fd/4 -> /root/testing.txt (deleted)
  
To recover the deleted file in memory, just copy as below.
 #cp /proc/4607/fd/4 testing.txt.bk


Hurray you got your file back. Just make sure not to use "-a" switch while copying the file as this will copy the broken softlink.

JK

 

Tuesday, April 8, 2014

Change Default MTA in RHEL 6 / Cent OS 6

By default Postfix is set as the default mail transfer agent in Redhat Enterprise Linux 6 and Cent OS 6 flavors.

However you can change the default Mail transfer Agent in RHEL 6 using the below commands.

* Install Sendmail if not yet installed.

# yum install sendmail -y

Change the default MTA.

# alternatives --config mta

There are 2 programs which provide 'mta'.
  Selection    Command
-----------------------------------------------
 + 1           /usr/sbin/sendmail.postfix
*  2           /usr/sbin/sendmail.sendmail
Enter to keep the current selection[+], or type selection number: 2
#

Congrats, now your default MTS is changed from postfix to Sendmail.

Regards,
Jk

Thursday, April 25, 2013

Set Setuid, Setgid and Sticky bit in Linux

Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.

With the help of “chmod” command  we can implement the special permissions on file and directories.

SUID / Set User ID : A program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).

SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates  directory, then the created directory has the same gid or group owner of its parent directory.

Sticky Bit :  It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.

Wednesday, January 16, 2013

Network Bonding / NIC Teaming in Linux


Network Bonding :- NIC teaming or network bonding is nothing but combining or aggregating multiple network connections in parallel. This is done to increase throughput, and to provide redundancy in case one of the links fails or Ethernet card fails. The Linux kernel comes with the bounding driver for aggregating multiple network interfaces into a single logical interface called bond0.

Bonding is nothing but Linux kernel feature that allows to aggregate multiple like interfaces (such as eth0, eth1) into a single virtual link such as bond0. The idea is pretty simple get higher data rates and as well as link failover. Steps To Configure Bonding in Linux



Step #1: Create a Bond0 Configuration File:
CentOS stores network configuration in /etc/sysconfig/network-scripts/ directory. First, we need to create a bond0 config file as follows:

# vi /etc/sysconfig/network-scripts/ifcfg-bond0
Append the following lines:
DEVICE=bond0
IPADDR=192.168.1.20
NETWORK=192.168.1.0
NETMASK=255.255.255.0
USERCTL=no
BOOTPROTO=none
ONBOOT=yes

You need to replace IP address with your actual setup. Save and close the file.


Friday, March 30, 2012

The Find command cheat sheet


The Find Command Cheat Sheet


1. Basic find command
# find -name "TestFile"

2. Find Files Using Name and Ignoring Case
# find -iname "TestFile"

3. Limit Search To Specific Directory Level Using mindepth and maxdepth
# find / -maxdepth 3 -name passwd
-maxdepth --> will go 3 directories below -- / 1st; /etc 2nd; /usr/bin 3rd

# find / -mindepth 3 -maxdepth 5 -name passwd
will go 3 depths first and upto 5 -- so will not disply under /; /usr; /usr/bin

4. Executing Commands on the Files Found by the Find Command.
user -exec {} /;
# find -iname "TestFile" -exec md5sum {} \;

5. Inverting the match.
To inver the match use the "-not" switch
# find / -not -iname "TestFile"

6. List inodes of the files
# ls -i1 test*
16187429 test-file-name
16187430 test-file-name

# find -inum 16187430 -exec mv {} new-test-file-name \;
# ls -i1 *test*
16187430 new-test-file-name
16187429 test-file-name

7. Find file based on the File-Permissions
You can :
    * Find files that match exact permission
    * Check whether the given permission matches, irrespective of other permission bits
    * Search by giving octal / symbolic representation

# find . -perm -g=r -type f -exec ls -l {} \;
Will display all files with group permission read. Not files with readonly group permission

# find . -perm g=r -type f -exec ls -l {} \;
Will dispay files with 040 permission. i.e files with group read only permisison

# find . -perm 040 -type f -exec ls -l {} \;
Will dispay files with 040 permission. i.e files with group read only permisison

Friday, February 4, 2011

TCP Wrappers: Securing Linux


This how-to describes configuring TCP Wrappers for providing Access Control for the supported services in a Linux box.TCP wrappers are supported by most of the Linux distributions such as Redhat Enterprise Linux, Ubuntu, SUSE, Debian, BSD and UNIX. TCP Wrappers work in the manner of a host-based Access Control List. They will allow host or network addresses to be used as indicators to filter and implement a layer of access control. They additionally extend the capabilities of xinetd-controlled daemons. By using this technique, connection attempts can be logged, restricted, and messages returned. This can add an extra layer of security in your environment. TCP Wrappers also allow run-time reconfiguration without restarting or reloading the services they protect.

Mount NTFS partition in Linux

Mount NTFS partition in Redhat Enterpris Linux / Ubuntu Linux


Enterprise Linux distributions like Redhat Enterprise Linux ( RHEL ) does not provide native support to Windows NTFS partitions. However you may wand to mount a NTFS formated partiiton in your RHEL box. Here is a simple howto to mount NTFS partitions in your RHEL box.

First of all you need to install a couple of packages. You can use YUM for installing the packages. The rpmforge yum repo contains required rpm packages for mounting NTFS partitions on Linux server. The packages are fuse and fuse-ntfs-3g.

              # yum install fuse fuse-ntfs-3g
Yes, you are done now you can mount ntfs partitions on your rhel server using the mount commandas follows.

             # mount -t ntfs-3g /dev/device-name /mount-point

For example:
           # mount -t ntfs-3g /dev/sdb1 /media

This one also works!!!!!

          # mount.ntfs-3g /dev/sdb1 /media
Newer Ubuntu distributions like Ubuntu 10.04 LTS natively supports NTFS partiitons, so in a Ubuntu server you can mount NTFS partition by just using the above mount commnad.



Friday, June 4, 2010

The system-config-firewall

secuThe firewall rules in the kernel can be configured by using iptables since 2.4 kernel. There are number of tools for configuring the firewall like command line tool, Shorewall, and a number of other GUIs. The default firewall configuration tool in Fedora systems is called “Firewall Configuration”, which can be accessed from Systemà Administration à Firewall in GNOME or from command line via, “system-config-firewall”.


This GUI allows you to set which services are allowed to be accessed via the Internet using a very simple interface. It defines a set of trusted services to be configured. To allow access, you simply need to check the box next to the entry. Each entry lists the service name, the port and protocol, and any additional iptables modules it uses. So if you wanted to allow Samba access to the system, you would check off the box next to the Samba and Samba Client service as in figure below.

Tuesday, May 4, 2010

RedHat Enterprise Linux 6 Beta released.

Good news for all the RedHat enthusiasts: Red Hat Enterprise Edition 6 Beta has released. This beta release is the first step forward to the next major release of the Red Hat Enterprise Edition platform 6. Red Hat Enterprise Linux is expected to address the modern IT requirements and diminish the gap between virtual, physical and cloud computing. This first beta release of the RHEL 6 features updated core technology from the kernel to the application infrastructure to the development tool chain. RHEL 6 is going to meet the needs of the coming generations of hardware and software technologies.

The major themes of the release include pervasive virtualization, improved scalability and availability, increased power efficiency, and delivery of some of the latest software technologies. Now I will describe the highlights and noteworthy improvements in this RHEL 6 beta release.

  • Comprehensive power management capabilities:

RedHat Enterprise Linux 6 is more focused on power consumption by improving the 'Time-keeping' within the kernel. It helps to transit the processors which don't have active tasks to idle state frequently. The result is cooler CPUs and greater power savings. The new monitoring tools like 'powertop' and tuning tools like 'tuned' are also worth mentioning.

Tuesday, April 13, 2010

Set multiple IPs in single nic.

Hello guys...
Ever wondered how to set multiple IPs in a single network card? Here is the solution.

Multiple IP binded in a single network card allows you run different services in different IPs, for example you can run HTTP on one IP and SMTP on another IP or a private LAN using a local IP and the alias holding your Public IP. The major benifit here is that you do not need an additional physical adaptor, you can bind many virtual IPs to a single network card. Here I have explained the procedure for creating multiple IPs for RedHat based and Debian bases systems

Redhat based systems.

Let me assume that your NIC is bound with a static IP address. Go to the folder /etc/sysconfig/network-scripts/, there you will find your network configuration files.

# cd /etc/sysconfig/network-scripts/

Let me also guess that your machine has only one network card (can be onboard too!!!), then you will find a file ifcfg-eth0 in the folder. This file holds the IP information for the first nic. If your machine has more nics you will have ifcfg-eth1, ifcfg-eth2 and so on... Now open the ifcfg-eth0 file, you can view the network configuration as below:

# cat ./ifcfg-eth0# File: ifcfg-eth0


DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.120
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
NETWORK=192.168.1.0
HWADDR=xx:xx:xx:xx:xx:xx


Now to bind another IP address to the same network card, you just have to copy the ifcfg-eth0 file to ifcfg-eth0:1.
 
# cp ./ifcfg-etho ./ifcfg-eth0:1

RHEL 5.5 Released

Yea guys, the Red Hat Inc. has launched its 5th iteration of the Red Hat Enterprise Linux 5, RHEL 5.5 on March 29, 2010. There is no doubt that it would be a great release.


Added Hardware support in RHEL 5.5
It features support for modern Intel Nehalem EX, AMD Opteron 6000 amd IBM Power 7 processor based servers. These processors above specified are the promissing releases from said vendors. Intel has just released the Nehalam EX series in the same week and the other two, AMD Opteron 6000 series and Power 7 from IBM were released in last February 2010. Opteron 6000 series processosr boasts of 12 cores and IBM has equipped their Power7 with eight cores.

Wednesday, March 3, 2010

Labeling a Linux partition - Volume Labels

Here we shall discuss about labeling a Linux partition and its advantages. 

You might have seen labeled partitions if you have opened and viewed the /etc/fstab file. There you can see that the 'root', 'home', 'boot, and other system partitions are labeled and are mounted using the label rather than referring the device name. The advantage is that, the root partition will be the same even if the device name got changed in an unlikely event during the system startup. The volume labels make the partition retain a consistent name regardless of where they are connected and what else are connected. And for your information such an unlikely event of changing the device name is quiet often if you are mounting mounting multiple iSCSI drives to your system. 

Hope you know about the iSCSI target and initiator stuffs, it is the low cost, high efficient alternative for costly storage solutions. Hope I could give you an elaborate post about iSCSI soon coz that too is one of my hot favorite topic.  However here we will discuss about labeling the Linux partition labeling.

setuid File Permission in UNIX/Linux

In this post I am going to describe you about the 'setuid' in UNIX and Linux.

setuid or 'set user ID upon execution' and setgid or 'set group ID upon execution' are UNIX access right flags which are used to allow users to run an executable file with the permission of the executable file's owner or group. If the setuid is enabled for an executable file, the user executing the file will get permissions of the user or group that owns the executable file. This is very useful for allowing users on a computer system to run programs with temporarily elevated privileges for performing a particular task. 

These programs are needed for performing some tasks like 'ping' from an unprivileged user. The ping executable in /usr/bin folder is set with setuid bit on and consider its owner is root. So that whenever the ping command is used it is executed with elevated privileges and hence all the unprivileged users can use the ping command unless they are explicitly blocked form using it via some other means. By this hope you got the concept of setuid. Please continue reading for knowing more about setting, listing and more about setuid. 

Tuesday, March 2, 2010

SSH login to remote servers without password.

Hello guys this time I give you a how-to for logging into a remote server/desktop without being prompted for password.

SSH or Secure Shell is a program that allows you to log into a remote machine over a network and execute commands. It also allows you to move files from one computer to another. All the communication including password transmission are highly encrypted. Hence it can be used to create a secure communication over insecure channels. It protects a network from attacks like DNS spoofing, IP spoofing and IP source routing. Thats the reason why the SSH has effectively replaced older remote log in protocols like rlogin, rsh, rcp, telnet etc.

While using SSH log in entire communication including password transmission is is encrypted. SSH uses 3DES, Blowfish, AES and arcfour as encryption algorithms. So it is virtually impossible for a hacker to eavesdrop your password. Here I will describe how to create a secure communication channel between two servers securely and enable password-less login between them. This would be quiet useful while using scripts for logging into remote machines and executing commands. You don't have to store the remote machine's password in the script and also it is quiet annoying to type in password every time you log in to the remote machine via SSH.

Saturday, February 27, 2010

How to install Windows XP in an existing Linux machine.

Intro:
Installing Linux in an existing Windows Machine is not at all a big deal, rather it is quiet straight forward. You just have to leave some hard disk space for Linux and install it on the remaining hard disk space. The Linux boot loader is INTELLIGENT enough to identify that a Windows OS is already installed there and it will automatically adjust the boot loader "GRUB" for dual booting.

However our famous Windows operating systems are not that intelligent but clumsy and it will delete the whole boot loader "GRUB" completely. We will reinstall the GRUB and edit the /etc/grub/grub.conf file to correct it.

I want to go generalized and this how-to is applicable for any version of Linux using GRUB bootloader and windows os. However here I used Ubuntu 9.1 and Windows Server 2003 both 32 bit.