Archive for August, 2010

Generate SSL Certificate For VSFTPD Server:

$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Add this lines to vsftpd.conf:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Useful debug/rescue commands
history
grep
diff
find /dir -cmin -60
strace command
tail -f logfile
Generate additional information
*.debug in syslog
–debug option in application

Things to Check: Boot Process
Bootloader configuration
Kernel
Starting init
/sbin/init
/etc/rc.d/rc.sysinit
Entering runlevel [0-6]
/etc/rc.d/rc, /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual Consoles
X Display Manager

LVM

Creating Logical Volumes
1.
Prepare underlying block devices
Can use partitions of type 0x8e or software RAID devices
2.
Create physical volumes
# pvcreate /dev/hda3
3.
Create volume group containing physical volume
# vgcreate vg0 /dev/hda3
4.
Create logical volumes inside volume groups
# lvcreate -L 256M -n data vg0
5.
Format and mount logical volume (/dev/vg0/data)

Resizing Logical Volumes
Growing logical volumes and filesystems
lvextend can grow logical volumes
resize2fs can grow ext3 filesystems online or offline
Shrinking filesystems and logical volumes
Must be done offline (umount)
Requires a filesystem check (e2fsck) first
Filesystem then reduced (resize2fs)
Lastly, lvreduce can then reduce the volume

Resizing Volume Groups
Volume Groups can be enlarged with:
# vgextend vg0 /dev/sdb1
Volume Groups can be reduced with:
# pvmove /dev/hda3
# vgreduce vg0 /dev/hda3

Logical Volume Manager Snapshots
Snapshots are special Logical Volumes that are an exact copy of an existing Logical Volume at the time the snapshot is created
Snapshots are perfect for backups and other operations where a temporary copy of an existing dataset is needed
Snapshots only consume space where they are different from the original Logical Volume
Snapshots are allocated space at creation but do not use it until changes are made to the original Logical Volume or the Snapshot
When data is changed on the original Logical Volume the older data is copied to the Snapshot
Snapshots contain only data that has changed on the original Logical Volume or the Snapshot since the Snapshot was created.

Using LVM Snapshots
1. Create snapshot of existing Logical Volume
# lvcreate -l 64 -s -n datasnap /dev/vg0/data
2. Mount snapshot
# mkdir -p /mnt/datasnap
# mount -o ro /dev/vg0/datasnap /mnt/datasnap
3. Perform backup
4. Remove snapshot
# umount /mnt/datasnap
# lvremove /dev/vg0/datasnap

Software RAID Recovery
To simulate disk failure
# mdadm /dev/md0 -f /dev/sda1
Recovering from a software RAID disk failure
1.
Replace and reboot, or hot-remove if hardware supports it
# mdadm /dev/md0 -r /dev/sda1
2.
Add replacement partition into array
# mdadm /dev/md0 -a /dev/sda1
To disassemble/stop a disk array
# mdadm -S /dev/md0

Configuring the Quota System
Implemented within the kernel
Enabled on a per-filesystem basis
Individual policies for groups or users
Limit by the number of 1K-blocks or inodes
Implement both soft and hard limits
Initialization
Partition mount options: usrquota, grpquota
Initialize database: quotacheck -cugm /filesystem
Start or stop quotas: quotaon, quotaoff

Managing Quotas
Implementation
Edit quotas directly: edquota username
From a shell: setquota username 4096 5120 40 50 /foo
Define prototypical users: edquota -p user1 user2
Reporting
User inspection: quota
Quota overviews: repquota
Miscellaneous utilities: warnquota

GRUB Components and Configuration
1st Stage
Small, added to MBR or boot sector during installation
Use /sbin/grub-install to repair
2nd Stage
Loaded from filesystem containing /boot
Configured in /boot/grub/grub.conf
To boot Linux: title, kernel, root filesystem, and initial ramdisk

Kernel Initialization
Kernel boot time functions
Device detection
Device driver initialization (modules loaded from initrd-.img)
Mounts root filesystem read only
Loads initial process (init, PID 1)
Logged to /var/log/dmesg

init Initialization
init reads its config: /etc/inittab
Initial runlevel
System initialization scripts
Runlevel specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in runlevel 5

System Initialization
/etc/rc.d/rc.sysinit
Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount read-write
Activate RAID and LVM devices
Enable disk quotas
Check and mount other local filesystems
Cleans up stale locks and PID files

Standalone Service Initialization
/etc/rc.d/rc defines which standalone services to start
l5:5:wait:/etc/rc.d/rc 5
Each runlevel has a corresponding directory:
/etc/rc.d/rc5.d/
K* symbolic links called with a stop argument
S* symbolic links called with a start argument
The System V init scripts reside in:
/etc/rc.d/init.d/
Behavior configured with files under /etc/sysconfig/

Non-Service Startup
/etc/rc.d/rc.local
Runs near the end of the runlevel specific scripts (S99local)
Common place for custom modification
Better practice:
Create a System V init script
Existing /etc/rc.d/init.d/ scripts can be used as a starting point
List all current settings: sysctl -a
Reprocess settings from sysctl.conf: sysctl -p
Set a /proc value dynamically: sysctl -w net.ipv4.ip_forward=1

Can be OR’d or negated with -o or -not
find -user joe -not -group joe
find -user joe -o -user jane
find -not \( -user joe -o -user jane \)

Can match ownership by name or id
find / -user joe -o -uid 500
Can match octal or symbolic permissions
find -perm 755
matches if mode is exactly 755
find -perm +222
matches if anyone can write
find -perm -222
matches if everyone can write
find -perm -002
matches if other can write

Many find criteria take numeric values
find -size 10M
Files with a size of exactly 10 megabytes
find -size +10M
Files with a size over 10 megabytes
find -size -10M
Files with a size less than 10 megabytes
Other modifiers are available such as k for KB, G for GB, etc.

find can match by inode timestamps
-atime when file was last read
-mtime when file data last changed
-ctime when file data or metadata last changed
Value given is in days
find /tmp -ctime +10
Files changed more than 10 days ago
Can use a value of minutes
-amin
-mmin
-cmin
find /etc -amin -60

Commands can be executed on found files
Command must be preceded with -exec or -ok
-ok prompts before acting on each file
Command must end with Space\;
Can use {} as a filename placeholder
find -size +100M -ok mv {} /tmp/largefiles/ \;

Back up configuration files, adding a .orig extension
$ find -name ‘*.conf’ -exec cp {} {}.orig \;
Prompt to remove Joe’s tmp files that are over 3 days old
$ find /tmp -ctime +3 -user joe -ok rm {} \;
Fix other-writable files in your home directory
$ find ~ -perm -002 -exec chmod o-w {} \;
Do an ls -l style listing of all directories in /home/
$ find /home -type d -ls
Find files that end in .sh but are not executable by anyone. For each file, ask to make it executable by everyone
$ find -not -perm +111 -name ‘*.sh’ -ok chmod 755 {} \;

vim

vi/vim commands:

A append to end of line
a append after current symbol
I insert at beginning of line
o insert new a line (below)
O insert new line (above)
Move by word: w, b
Move by sentence: ), (
Move by paragraph: }, {
Jump to line x: xG or : x
Jump to end: G
Change (replace) Delete (cut) Yank (copy)
Line cc dd yy
Letter cl dl yl
Word cw dw yw
Sentence ahead c) d) y)
Sentence behind c( d( y(
Paragraph above c{ d{ y{
Paragraph below c} d} y}
p -> paste below(after)
P -> paste above(before)
ctrl+r -> redo last undo
ctrl+u -> undo
ctrl+U – > undo all
Multiple documents can be viewed in a single vim screen
Ctrl-w, s splits the screen horizontally
Ctrl-w, v splits the screen vertically
Ctrl-w, Arrow moves between windows

Standard input (STDIN) – keyboard by default
Standard output (STDOUT) – terminal window by default
Standard error (STDERR) – terminal window by default
> Redirect STDOUT to file
2> Redirect STDERR to file
&> Redirect all output to file
2>&1: Redirects STDERR to STDOUT
(): Combines STDOUTs of multiple programs
$ ( cal 2007 ; cal 2008 ) | less