Monday, February 28, 2011

LINUX Password Policy

cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
vi /etc/pam.d/system-auth
password    requisite     pam_cracklib.so try_first_pass retry=3 minlen=10 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
difok=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=26

cp /etc/login.defs /etc/login.defs.bak
vi /etc/login.defs
PASS_MAX_DAYS   45
PASS_MIN_DAYS   0
PASS_MIN_LEN    10
PASS_WARN_AGE   7


chage -d 0 xyz
chage -d 0 abc

LINUX LVExtend With Storage LUN Finding

/opt/dyDynamicLinkManager/bin/dlnkmgr -view -drvpath

Paths:000440 OnlinePaths:000440
   17746991          0    0 sddlmnk
000439 0003.0000.0000000000000000.00DC HITACHI .OPEN-V          .0048422          001353           4F      Online     Own     5397754          0    0 sddlmnl
KAPL01001-I The HDLM command completed normally. Operation name = view, completion time = 2010/07/30 12:58:13
[root@localserver ~]# /opt/DynamicLinkManager/bin/dlnkmgr view -path | grep 13:54

pwdlscd /usr/openv/netbackup/bin
\pwd./vmoprcmd -dlscd /usr/openv/volmgr/bin/
exitecho - - -> /sys/class/scsi_host/host1/scan
[root@localserver ~]# echo - - -> /sys/class/scsi_host/host1/scan
[root@localserver ~]# echo - - -> /sys/class/scsi_host/host2/scan
[root@localserver ~]# echo - - -> /sys/class/scsi_host/host3/scan
[root@localserver ~]# echo - - -> /sys/class/scsi_host/host4/scan
[root@localserver ~]# echo - - -> /sys/class/scsi_host/host5/scan

[root@localserver ~]# dlm
dlmcfgmgr           dlmgetomtrace       dlmguiinst.sh       dlmmgr              dlmsetopt           dlmupdatesysinit   
dlm_controld        dlmgetras           dlmguiuninst.sh     dlmmkinitrd         dlmstart            dlmwebgui_setup.sh 
dlmdlp              dlmglcl             dlminsadrv          dlmrmadrv           dlm_tool           

[root@localserver ~]# dlmcfgmgr -r
KAPL10339-I This operation will change the configuration of HDLM devices. Do you want to continue? [y/n]: y
KAPL10341-I The HDLM device configurations have been changed.
KAPL10302-I /sbin/dlmcfgmgr completed normally.

[root@localserver ~]# dlmcfgmgr -r
KAPL10339-I This operation will change the configuration of HDLM devices. Do you want to continue? [y/n]: y
KAPL10302-I /sbin/dlmcfgmgr completed normally.

[root@localserver ~]# dlmcfgmgr -recho - - -> /sys/class/scsi_host/host5/scan4/scan3/scan2/scan1/scan5/scan4/scan3/scan2/scan1/scan5/scan4/scan3/scan2/scan1/scan5/scan4/scan3/scan2/scan1/scan5/scan4/scan3/scan2/scan1/scan5/scan4/scan3/scan2/scan1/scan
/opt/DynamicLinkManager/bin/dlnkmgr view -path | grep 13:5654
df -hlscd binlscd /usr/openv/netbackup/
logoutbash./update_dbclients oracle -ClientList test12345O
cd ..more test12345 ./bpplclients -allunique -noheader > test12345
more test12345 cd .../update_dbclients Oracle -ClientList test12345o
bashlogoutcd /usr/openv/netbackup/
lscd binlsdf -h/opt/DynamicLinkManager/bin/dlnkmgr view -path | grep 13:54

[root@localserver ~]# /opt/DynamicLinkManager/bin/dlnkmgr view -path | grep 1354
PathID HDevName Device    LDEV
000000 sddlmaa  /dev/sda  USP_V.0048422.002A20
000436 sddlmni  /dev/sdpw USP_V.0048422.001350
000437 sddlmnj  /dev/sdpx USP_V.0048422.001351
000438 sddlmnk  /dev/sdpy USP_V.0048422.001352
000439 sddlmnl  /dev/sdpz USP_V.0048422.001353
000440 sddlmnm  /dev/sdqa USP_V.0048422.001354
000441 sddlmnn  /dev/sdqb USP_V.0048422.001355
000442 sddlmno  /dev/sdqc USP_V.0048422.001356
000443 sddlmnm  /dev/sdqd USP_V.0048422.001354
000444 sddlmnn  /dev/sdqe USP_V.0048422.001355
000445 sddlmno  /dev/sdqf USP_V.0048422.001356

KAPL01001-I The HDLM command completed normally. Operation name = view, completion time = 2010/07/30 13:02:49

[root@localserver ~]# /opt/DynamicLinkManager/bin/dlnkmgr view -drvpath | grep 1354
000440 0002.0000.0000000000000000.00DD HITACHI .OPEN-V          .0048422          001354           3F      Online     Own           0          0    0 sddlmnm
000443 0003.0000.0000000000000000.00DD HITACHI .OPEN-V          .0048422          001354           4F      Online     Own           0          0    0 sddlmnm

[root@localserver ~]# pvcreate pvcraeate /dev/sddlmnm /dev/sddlmnn /dev/sddlmno
  WARNING: Locking disabled. Be careful! This could corrupt your metadata.
  Physical volume "/dev/sddlmnm" successfully created
  Physical volume "/dev/sddlmnn" successfully created
  Physical volume "/dev/sddlmno" successfully created

[root@localserver ~]# vgdiskplay
-bash: vgdiskplay: command not found

[root@localserver ~]# vgdisplay
  WARNING: Locking disabled. Be careful! This could corrupt your metadata.

[root@localserver ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      25G   18G  5.4G  77% /
/dev/cciss/c0d0p6     9.7G  4.7G  4.5G  52% /home
/dev/cciss/c0d0p5      15G  484M   14G   4% /var
/dev/cciss/c0d0p1     494M   26M  444M   6% /boot
/dev/cciss/c0d0p7      29G  9.5G   18G  36% /oracle
tmpfs                  32G     0   32G   0% /dev/shm
/dev/mapper/fmsvg-fmsvol
                      1.9T  916G  903G  51% /fmsdata

[root@localserver ~]# vgextend fmsvg /dev/sddlmnm /dev/sddlmnn /dev/sddlmno
  WARNING: Locking disabled. Be careful! This could corrupt your metadata.
  Volume group "fmsvg" successfully extended

[root@localserver ~]# lvextend -L +400G /dev/mapper/fmsvg-fmsvol
  WARNING: Locking disabled. Be careful! This could corrupt your metadata.
  Extending logical volume fmsvol to 2.29 TB
  Logical volume fmsvol successfully resized

[root@localserver ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      25G   18G  5.4G  77% /
/dev/cciss/c0d0p6     9.7G  4.7G  4.5G  52% /home
/dev/cciss/c0d0p5      15G  477M   14G   4% /var
/dev/cciss/c0d0p1     494M   26M  444M   6% /boot
/dev/cciss/c0d0p7      29G  9.5G   18G  36% /oracle
tmpfs                  32G     0   32G   0% /dev/shm
/dev/mapper/fmsvg-fmsvol
                      1.9T  923G  896G  51% /fmsdata

[root@localserver ~]# resize2fs /dev/mapper/fmsvg-fmsvol
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/mapper/fmsvg-fmsvol is mounted on /fmsdata; on-line resizing required

Performing an on-line resize of /dev/mapper/fmsvg-fmsvol to 614885376 (4k) blocks.
The filesystem on /dev/mapper/fmsvg-fmsvol is now 614885376 blocks long.

[root@localserver ~]#

[root@localserver ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      25G   18G  5.4G  77% /
/dev/cciss/c0d0p6     9.7G  4.7G  4.5G  52% /home
/dev/cciss/c0d0p5      15G  477M   14G   4% /var
/dev/cciss/c0d0p1     494M   26M  444M   6% /boot
/dev/cciss/c0d0p7      29G  9.5G   18G  36% /oracle
tmpfs                  32G     0   32G   0% /dev/shm
/dev/mapper/fmsvg-fmsvol
                      2.3T  1.1T  1.2T  48% /fmsdata
[root@localserver ~]# exit
logout
[c817767@localserver ~]$ exit
logout

1.)    How To configure HOST name in RHEL

[root@localhost ~]# Vi /etc/sysconfig/network
HOSTNAME = station1.example.com
2.)    How to configure Network IP in RHEL
            [root@localhost ~]#  system-config-network-tui

Select your Ethernet card (eth0 or eth1) and hit Enter key


[root@localhost ~]#  Service network restart
  

Linux Failover Bonding

1. Add the below lines to /etc/modprobe.conf
                alias bond0 bonding
                options bond0 mode=1 miimon=100
2. Create bond0 device file, /etc/sysconfig/network-scripts/ifcfg-bond0 with the following content:
                DEVICE=bond0
                BOOTPROTO=none
                ONBOOT=yes
                NETWORK=192.168.122.0
                NETMASK=255.255.255.0
                IPADDR=192.168.122.118
                USERCTL=no
3. Create /etc/sysconfig/network-scripts/ifcfg-eth0 with content:
                DEVICE=eth0
                MASTER=bond0
                SLAVE=yes
                USERCTL=no
                BOOTPROTO=dhcp
                IPV6INIT=yes
                IPV6_AUTOCONF=yes
                ONBOOT=yes
4. Create /etc/sysconfig/network-scripts/ifcfg-eth1 with content:
                DEVICE=eth1
                MASTER=bond0
                SLAVE=yes
                USERCTL=no
                BOOTPROTO=dhcp
                IPV6INIT=yes
                IPV6_AUTOCONF=yes
                ONBOOT=yes
5.[root@localhost ~]# service network restart
6.[root@localhost ~]# cat /proc/net/bonding/bond0
                Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)
                Bonding Mode: fault-tolerance (active-backup)
                Primary Slave: None
                Currently Active Slave: eth0
                MII Status: up
7.[root@localhost ~]# ifdown eth0
8.[root@localhost ~]# cat /proc/net/bonding/bond0
                Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)
                Bonding Mode: fault-tolerance (active-backup)
                Primary Slave: None
                Currently Active Slave: eth1

SSH login without password

SSH login without password
Your aim
You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
b@B's password:
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password:
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B hostname
B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
·                            Put the public key in .ssh/authorized_keys2
·                            Change the permissions of .ssh to 700
·                            Change the permissions of .ssh/authorized_keys2 to 640

LINUX PXE Boot Server

1) The next step is to choose a box to be the PXE boot server. This can really be any box at all, as long as you have a NIC in it that works reliably under Linux. For the purposes of this documentation, I'm going to assume that you've loaded RHEL on this box (do that now, if you've not already). Get this box onto the network with DHCP (just like a normal installation).

2) Next you'll need to install the following packages
tftp-server
dhcp
httpd
syslinux

If you use yum to install them, then it will be generally alot easier:
yum install tftp-server dhcp httpd syslinux
answer Y to all dependency/installation questions.

3) Now you need to setup the DHCP server. With the RPM for dhcp, all you need to do is create
/etc/dhcpd.conf with the following contents:
ddns-update-style interim;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.254;
default-lease-time 3600;
max-lease-time 4800;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name "llama.net";
option time-offset -8;
}

host llama0 {
hardware ethernet 04:4B:80:80:80:03;
fixed-address 192.168.0.254;
option host-name "llama0";
filename "pxelinux.0";
}


In a nutshell, this sets up a DNS server that will assign IP address 192.168.0.254 to your client box that has MAC address 04:4B:80:80:80:03 assigned to its PXE-boot capable NIC. Another thing to note is that we're reserving the private 192.168 subnet for this setup. The only thing you need to change in the above, is the MAC address to match that of the NIC on your client box.

4) Next you need to activate tftp within xinetd. All that is neccesary is to change
disable=yes to disable=no in /etc/xinetd.d/tftp . Then restart xinetd. For future reference, the tftp RPM for FC4 stores its servable content under /tftpboot.

5) Now we need to setup your PXE server to use a static IP on the new private subnet. Create the file
/etc/sysconfig/network-scripts/ifcfg-eth0.static with the following contents:
DEVICE=eth0
BOOTPROTO=STATIC
ONBOOT=no
TYPE=Ethernet
IPADDR=192.168.0.2
NETMASK=255.255.255.0
GATEWAY=192.168.0.1


6) Now we need to setup the PXE boot environment on the server. To do this, you need to have either the Linux distribution that you wish to install over PXE either in CD format, or all the content of the CDs available on the network.
On the first CD of every RH/FC distribution there is a subdirectory called 'isolinux'. In that directory you will find two files, vmlinuz and initrd.img. These are the kernel & initrd.img that the RH/FC bootable CDs use to get the installer (anaconda) booted for performing the installation. Copy both of those files into /tftpboot and make sure that they are world readable. If you are planning to allow more than one version/distribution to be PXE boot installable, then you should rename both files so that its clear that they are for whatever version/distribution they came from (such as vmlinuz-RHEL4, initrd-RHEL4).

Next, you need the actual pxe boot linux kernel (what is actually run immediately after your PXE boot client box gets a DHCP lease). In this case, that file is pxelinux.0, and is part of the syslinux RPM. For FC4, you can find it at
/usr/lib/syslinux/pxelinux.0. Copy that file into /tftpboot and make sure that it is world readable.

7) Next we need to configure pxelinux. First create the directory /tftpboot/pxelinux.cfg (and make it world readable). Inside that directory you need to create a number of zero size files (use touch):
01-04-4B-80-80-80-03
C
C0
C0A
C0A8
C0A80
C0A800
C0A800F
C0A800FE
01-04-4B-80-80-80-03


The first 8 are the hex representation of the 192.168.0.254 IP address that your PXE boot client will be assigned. The permutations allow a broader IP subnet to be searched first for matches. The last entry is the MAC address of your PXE boot client's NIC (with dashes substituted for the colons), with '01' pre-pended. The "01" at the front represents a hardware type of Ethernet, so pxelinux.0 see's the configuration string as an IP address.

8) Now create the default pxelinux configuration inside the new file
/tftpboot/pxelinux.cfg/default:
prompt 1
default linux
timeout 100

label linux
kernel vmlinuz
append initrd=initrd.img ramdisk_size=9216 noapic acpi=off



9) Now you need to put the full contents of your Linux distro (all CDs) somewhere on disk. I put it under
/tftpboot/RHEL4U1. In order to allow for installation over HTTP (apache), edit /etc/httpd/conf/httpd.conf and add the following:<Directory /tftpboot/RHEL4U1>
Options Indexes
AllowOverride None
</Directory>
Alias /linux /tftpboot/RHEL4U1



10) At this stage, you're ready to hook up the switch. You should have CAT5 running between the switch & the PXE boot server, and the client box.

11) On the PXE boot server, bring down your DHCP network connected eth0 (
ifdown eth0), disconnect the CAT5 connected to the network, and plug in the cat5 connected to your private switch. Now bring up the static IP for the PXE server with (ifup eth0.static). You can verify that it came up successfully by verifying that you have IP address 192.168.0.2 in ifconfig.

12) Now start dhcpd & apache and activate tftp by running the following:
service dhcpd start
service xinetd restart
service httpd start


and verify that they are all in your process list.

13) Plug the PXE client box's CAT5 into the switch, and verify that the NIC appears first in the BIOS boot order. (re)boot and you should get a DHCP lease, and start booting successfully off the network.

14) When you get into the RH/FC installer which asks you for the install method, choose HTTP. Fill in 192.168.0.2 for the name, and 'linux' for the path, and you should be all set.

15) If you run into any problems, check
/var/log/messages for errors (that's where all dhcp & tftp stuff will get logged). /var/log/httpd is where apache logs, but if you get that far, your problem is an apache configuration/setup issue, and not a PXE boot issue.