Derwynd's Weblog

Derwynd's Weblog

Fedora/Redhat Kernel RPM with Xen & reiserfs

Download the src rpm

(eg. kernel-2.6.18-92.el5.src.rpm)

$ rpm -ivh kernel-2.6.18-92.el5.src.rpm

$ cd /usr/src/redhat/SPECS/

$ rpmbuild -bb kernel-2.6.spec

This will build
kernel-2.6.18-92.el5.x86_64.rpm                   kernel-devel-2.6.18-92.el5.x86_64.rpm
kernel-debug-2.6.18-92.el5.x86_64.rpm             kernel-headers-2.6.18-92.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.el5.x86_64.rpm   kernel-xen-2.6.18-92.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.el5.x86_64.rpm       kernel-xen-debuginfo-2.6.18-92.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.el5.x86_64.rpm         kernel-xen-devel-2.6.18-92.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.el5.x86_64.rpm

Install the following rpm
$ kernel-xen-2.6.18-53.el5 xen-libs

Check the grub.conf file the xen lines will be added

#boot=/dev/sda
default=2
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-53.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-53.el5
module /vmlinuz-2.6.18-53.el5xen ro root=/dev/VolGroup00/LogVol00 rhgb quiet
module /initrd-2.6.18-53.el5xen.img
title Red Hat Enterprise Linux Server (2.6.18-53.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-53.el5.img

If you list the files in /boot/ are added
vmlinuz-2.6.18-53.el5
initrd-2.6.18-53.el5.img
xen.gz-2.6.18-53.el5
xen-syms-2.6.18-53.el5

Now to build the kernel from the BUILD dir

$ cd /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.x86_64/
$ make menuconfig

——————————————————————-

Processor type and features  —>
[*] Enable Xen compatible kernel

File systems  —>
<M> Reiserfs support
[ ]   Enable reiserfs debug mode
[ ]   Stats in /proc/fs/reiserfs
[*]   ReiserFS extended attributes
[ ]     ReiserFS POSIX Access Control Lists
[ ]     ReiserFS Security Labels

XEN  —>
[*] Privileged Guest (domain 0)
<*> Backend driver support
<M>   Block-device backend driver
<M>   Block-device tap backend driver
<M>   Network-device backend driver
[ ]     Pipelined transmitter (DANGEROUS)
<M>     Network-device loopback driver
<M>   PCI-device backend driver
PCI Backend Mode (Virtual PCI)  —>
[ ]     PCI Backend Debugging
< >   TPM-device backend driver
<M> Block-device frontend driver
<M> Network-device frontend driver
<*> Framebuffer-device frontend driver
<*>   Keyboard-device frontend driver
[*] Scrub memory before freeing it to Xen
[ ] Disable serial port drivers
<*> Export Xen attributes in sysfs
Xen version compatibility (3.0.2 and later)  —>

——————————————————————-
Build the kernel (if you have not changed the Makefile the subversion is EXTRAVERSION = -92.el5debug)

This will create vmlinuz-2.6.18-92.el5debug

$ mkinitrd /boot/initrd-2.6.18-92.el5debug.img 2.6.18-92.el5debug
(For the initrd img)

Add lines to grub.conf
——————————————————————
default=2
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.18-53.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-53.el5
module /vmlinuz-2.6.18-53.el5xen ro root=/dev/VolGroup00/LogVol00 rhgb quiet
module /initrd-2.6.18-53.el5xen.img
title Red Hat Enterprise Linux Server (2.6.18-53.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-53.el5.img
title Red Hat Enterprise Linux Server (2.6.18-53.el5Debxen)
root (hd0,0)
kernel /xen.gz-2.6.18-53.el5
module /vmlinuz-2.6.18-92.el5debug ro root=/dev/VolGroup00/LogVol00 rhgb quiet
module /initrd-2.6.18-92.el5debug.img
——————————————————————

Reboot

Advertisements

November 10, 2008 Posted by | Uncategorized | Comments Off on Fedora/Redhat Kernel RPM with Xen & reiserfs

MYSQL REPLICATION

A) Master –> Slave

MASTER
-=-=-=-

mysql> GRANT REPLICATION SLAVE ON *.* TO ‘slave_user’@’%’ IDENTIFIED BY ‘slavepass’;
mysql> flush privileges;
mysql> CREATE DATABASE exampledb;

In my.cnf of Master

[mysqld]
log-bin=mysql-bin
server-id=1
max_allowed_packet=16M
binlog-do-db=exampledb

dump the database and scp to slave
mysqldump -u root –opt exampledb > /tmp/exampledb.sql

Slave
-=-=-=-

mysql> CREATE DATABASE exampledb;

Import database
mysql -u root exampledb < /tmp/exampledb.sql

In my.cnf of Slave
[mysqld]
server-id=2
master-host     =   192.168.50.81 #Master IP
master-user     =  slave_user
master-password =   slavepass
master-connect-retry= 60
max_allowed_packet=16M
replicate-do-db=exampledb
log-warnings

On Both servers restart the mysql

Test by on Master

mysql> show master status;
+——————+———-+————–+——————+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———-+————–+——————+
| mysql-bin.000002 |      270 | exampledb    |                  |
+——————+———-+————–+——————+
1 row in set (0.00 sec)

Test by on Slave
mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.50.81
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000002
Read_Master_Log_Pos: 270
Relay_Log_File: mysqlslav-relay-bin.000006
Relay_Log_Pos: 407
Relay_Master_Log_File: mysql-bin.000002
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB: exampledb
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 270
Relay_Log_Space: 407
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
1 row in set (0.00 sec)

On Master
mysql> use exampledb;
mysql> CREATE TABLE test ( `field1` varchar(8) NOT NULL default ”, `field2` tinyint(4) unsigned default NULL );

On Slave
mysql> use exampledb;
mysql> show tables;
+———————+
| Tables_in_exampledb |
+———————+
| test                |
+———————+
1 row in set (0.00 sec)
B) MASTER <—-> Master

On the
server
Under the mysqld section add
[mysqld]

# let’s make it so auto increment columns behave by having different increments on both servers
auto_increment_increment=2
auto_increment_offset=1
# Replication Master Server
# binary logging is required for replication
log-bin=master1-bin
binlog-ignore-db=mysql
binlog-ignore-db=test
# required unique id between 1 and 2^32 – 1
server-id = 1
#following is the slave settings so this server can connect to master2
master-host = 192.168.50.82
master-user = slave_user
master-password = slavepass
master-port = 3306

mysql> GRANT REPLICATION SLAVE ON *.* TO ‘slave_user’@’192.168.50.82’ IDENTIFIED BY ‘slavepass’;
mysql> flush privileges;

On the 192.168.50.82 server
Under the mysqld section add
[mysqld]

# let’s make it so auto increment columns behave by having different increments on both servers
auto_increment_increment=2
auto_increment_offset=2
# Replication Master Server
# binary logging is required for replication
log-bin=master2-bin
binlog-ignore-db=mysql
binlog-ignore-db=test
# required unique id between 1 and 2^32 – 1
server-id = 2
#following is the slave settings so this server can connect to master2
master-host = 192.168.50.81
master-user = slave_user
master-password = slavepass
master-port = 3306

mysql> GRANT REPLICATION SLAVE ON *.* TO ‘slave_user’@’192.168.50.81’ IDENTIFIED BY ‘slavepass’;
mysql> flush privileges;

Restart Mysql on both servers;
Check by creating database on one server
ie

on 192.168.50.81

mysql> create database exampledb;
mysql> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| exampledb          |
| mysql              |
| test               |
+——————–+

on 192.168.50.82
mysql> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| exampledb          |
| mysql              |
| test               |
+——————–+

mysql> use exampledb;
mysql> CREATE TABLE test ( `field1` varchar(8) NOT NULL default ”, `field2` tinyint(4) unsigned default NULL );

on 192.168.50.81
mysql> show tables;
+———————+
| Tables_in_exampledb |
+———————+
| test                |
+———————+
1 row in set (0.00 sec)

Restarting Replication if broken

Get latest mysql dump file from master and replicate on slave

on the master run
show master status;

Take the File and position values and run on slave

  stop slave;
  CHANGE MASTER TO MASTER_HOST='192.168.50.81',
  MASTER_USER='slave_user',
  MASTER_PASSWORD='password',
  MASTER_LOG_FILE='mail2-bin.00002',
  MASTER_LOG_POS=37;
  start slave;

Replace the filename and position with actual ones

restart mysql on slave

Multiple Replication

To set up replication like

 A --> B --> c

Follow the same steps to set up replication on the C server from B
Edit the my.cnf file on B server and add to what is already present

log-warnings
log-bin=mysql-bin
max_allowed_packet=16M
binlog-do-db=mail
log-slave-updates
sync-binlog=1
relay-log=<hostname>-relay-bin
log-slave-updates -- This is for the slave to write to it's log file so that C server can read the logs

On server C along with the master slave configuration add this

log-warnings
log-bin=mysql-bin
max_allowed_packet=16M
binlog-do-db=mail
sync-binlog=1
relay-log=<hostname>-relay-bin
slave_net_timeout=30
master-connect-retry=10
slave-skip-errors
slave_net_timeout -- The default for the slave_net_timeout setting is 3600,
which is 60 minutes. I've set this to 30.
It also removes a step in resuming replication of "STOP SLAVE; START SLAVE" 

master-connect-retry -- The number of seconds the slave thread will sleep before retrying
to connect to the master in case the master goes down or the connection is lost. Default is 60.

November 10, 2008 Posted by | Uncategorized | Comments Off on MYSQL REPLICATION

Installation and management of XEN on Redhat-linux

$ yum install xen kernel-xen*

Reboot with xen kernel after changes in grub

$ ps aux | grep xend

If you do not see xend in the resulting listing, you need to start it yourself by switching to root with su – and then running

$ /etc/init.d/xend start
$ free -m
             total       used       free     shared    buffers     cached
Mem:           942        332        609          0         26        239
-/+ buffers/cache:         66        875
Swap:         1996          0       1996
$ xm list

which prints out a list of all the virtual machines that are running and how much RAM they have allocated — you should see Domain-0, which is your current system, in the list.

$ xm list
Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0      942     1 r-----     55.4

The output from xm list probably shows that domain 0 is taking up all the RAM on your system, which means there is no room to create a new guest OS.

$ xm mem-set Domain-0 256
$ xm mem-max Domain-0 256

Run the command xm mem-set Domain-0 256 to have domain 0 use 256MB RAM

$ xm list
Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0      256     1 r-----     58.2
****Note that for the default setup, networking for guest OS's is bridged. This means that they will get an IP address on the same network as your host, thus, if you have a DHCP server providing addresses, you will need to ensure that it is configured to give addresses to your guests. You can change to another networking type by editing /etc/xen/xend-config.sxp
$ virt-install

What is the name of your virtual machine? test
 How much RAM should be allocated (in megabytes)? 256
 What would you like to use as the disk (file path)? /opt/test1
 How large would you like the disk (/opt/test1) to be (in gigabytes)? 4
 Would you like to enable graphics support? (yes or no) no
 What is the install location? /opt/testinst
 ERROR:  Install media location must be an NFS, HTTP or FTP network install source, or an existing local file/device
 What is the install location? http://192.168.50.50/centos52

This information can also be passed as command line options; run with an argument of –help for more details. In particular, kickstart options can be passed with

 virt-install -x ks=options
eg
 virt-install -x ks=http://192.168.50.8/rhelas.cfg
$ /usr/sbin/virt-install

The following questions about the new guest OS will be presented. This information can also be passed as command line options; run with an argument of --help for more details. In particular, kickstart options can be passed with -x ks=options.

   1. What is the name of your virtual machine? This is the label that will identify the guest OS. This label will be used for various xm commands and also appear in virt-manager the Gnome-panel Xen applet. In addition, it will be the name of the /etc/xen/<name> file that stores the guest's configuration information.
   2. How much RAM should be allocated (in megabytes)? This is the amount of RAM to be allocated for the guest instance in megabytes (eg, 256). Note that installation with less than 256 megabytes is not recommended.
   3. What would you like to use as the disk (path)? The local path and file name of the file to serve as the disk image for the guest (eg, /home/joe/xenbox1). This will be exported as a full disk to your guest.
   4. How large would you like the disk to be (in gigabytes)? The size of the virtual disk for the guest (only appears if the file specified above does not already exist). 4.0 gigabytes is a reasonable size for a "default" install
   5. Would you like to enable graphics support (yes or no): Should the graphical installer be used?
   6.  What is the install location? This is the path to a Fedora Core 6 installation tree in the format used by anaconda. NFS, FTP, and HTTP locations are all supported. Examples include:
          * nfs:my.nfs.server.com:/path/to/test2/tree/
          * http://my.http.server.com/path/to/tree/
          * ftp://my.ftp.server.com/path/to/tree

      {i} Installation must be a network type. It is not possible to install from a local disk or CDROM. It is possible, however, to set up an installation tree on the host OS and then export it as an NFS share.

The xen config files are usually found under /etc/xen

to restart a console with a mc

$ xm create -c <configfile>

You can connect to the console of any virtual machine by running

$ xm list
$ xm console <yourvmname>

Xen request the VM to shutdown

$ xm shutdown <yourvmname>

On Linux, this goes through the whole shutdown sequence properly, ensuring that the machine is cleanly terminated. If you want an immediate shutdown, use

$ xm destroy yourvm

but make sure the virtual machine is in a safe state first — if you have a text file open and unsaved, for example, it will be lost.

The xm command can also be used to save snapshots of a virtual machine, rather than just switching them off. To do this, use

$ xm save yourvm yourvm.state

That command essentially saves the RAM of the yourvm VM (change yourvm to whatever you called your virtual machine) to a file and then turns off the VM. To restore a saved state, just use

$ xm restore yourvm.state

To display top-like statistics for all running machines:

$ /usr/sbin/xm top

On the virtualization host server, open a terminal and enter

xm delete vm_name

to delete the virtual machine’s reference in xenstore so it is no longer managed.

Hacks

For CDROM

open the xen config under /ect/xen/mc-name and add

eg if the xm machine is called relay1 under /ect/xen/relay1
add 

disk = [ "tap:aio:/opt/relay1,xvda,w",
'phy:/dev/cdrom,hdc:cdrom,r']

After starting the mc try

mount /dev/hdc /media/

To mount a iso in place of cdrom

disk = [ "tap:aio:/com_xen/atoq,xvda,w",'file:/tmp/fedorax.iso,hdc:cdrom,r' ]

After starting the mc try 

mount /dev/hdc /media/

Or in rc.local add 

ln -s /dev/hdc /dev/cdrom to be able to mount /dev/cdrom

To automatically run the guest after a system (Dom0) reboot, we have to create the following link:

$ ln -s /etc/xen/[guest_name] /etc/xen/auto/

For 2 network-interfaces

Shut down the xen m/c first

in /etc/xen/xend-config.sxp
find (network-script network-bridge) line
replace with
(network-script network-multi-bridge)
$ cd /etc/xen/scripts
$ vi network-multi-bridge
#!/bin/sh
dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0 bridge=xenbr0 netdev=eth0
"$dir/network-bridge" "$@" vifnum=1 bridge=xenbr1 netdev=eth0 (or eth1)

Be sure to make the script executable

$ chmod +x network-multi-bridge

In my /etc/xen/test config I’v added a second interface

name = "test"
uuid = "44147e5d-a9a1-dfa5-24a5-646b9543ccbb"
maxmem = 256
memory = 256
vcpus = 1
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [  ]
disk = [ "tap:aio:/opt/test1,xvda,w" ]
vif = [ "mac=00:16:3e:1e:83:6e,bridge=xenbr0",
        "mac=00:16:3e:1e:83:7e,bridge=xenbr1" ]

Please restart

xend

service
To generate a unique mac address for use

echo "#! /usr/bin/python
# macgen.py script generates a MAC address for Xen guests
#
import random
mac = [ 0x00, 0x16, 0x3e,
random.randint(0x00, 0x7f),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff) ]
print ':'.join(map(lambda x: '%02x' % x, mac))" > /tmp/macgen

$ python /tmp/macgen

The configuration files in /etc/xen are in text format and so are easily edited.
For example, if you want to change the number of CPUs a VM sees, look for the vcpus setting.
Note that these are virtual CPUs rather than real ones —
you can set this to 8 and have your guest see eight CPUs, even if your actual machine has just one

November 10, 2008 Posted by | Uncategorized | Comments Off on Installation and management of XEN on Redhat-linux

Prevent kernel Panic on kernel compilation

This is how you can insure that after compiling a kernel on a remote system you can still have a running system without much bother about kernel panic

This is what the original grub.conf looks like

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.9-prep)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-prep ro root=LABEL=/ 
        initrd /initrd-2.6.9-prep.img

Ok so now we have compiled a new kernel (for example 2.6.18-prep) and the grub looks like I’ve added the command of panic=5 (can have panic=* where * is the number of seconds it waits on a panic) at the end this is to reboot the computer in 5 seconds if kernel panics and will boot with default=1 kernel.

default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-prep)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-prep ro root=LABEL=/ panic=5
        initrd /initrd-2.6.18-prep.img

title CentOS (2.6.9-prep)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-prep ro root=LABEL=/ panic=5
        initrd /initrd-2.6.9-prep.img

or run

perl -pi -e's/LABEL\=\//LABEL\=\/ panic\=5/g' /etc/grub.conf

But we need to test the default=0 kernel to do this before reboot type

echo "savedefault --default=0 --once" | grub --batch

And then reboot. It will boot once with new kernel. you can check it by uname -r

If the m/c successfully boots with the new kernel go ahead and change the grub to defaults to 0 and reboot once more.

November 10, 2008 Posted by | Uncategorized | Comments Off on Prevent kernel Panic on kernel compilation

RHEL securely mount remote Linux / UNIX directory or file system using SSHFS

Make sure you have the rpmforge repo installed. If not add

$ echo “# Name: RPMforge RPM Repository for Red Hat Enterprise 5 – dag
# URL: http://rpmforge.net/
[rpmforge]
name = Red Hat Enterprise $releasever – RPMforge.net – dag
#baseurl = http://apt.sw.be/redhat/el5/en/$basearch/dag
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1″ > /etc/yum.repos.d/rpmforge.repo

Install
$ yum –enablerepo=rpmforge install fuse fuse-ntfs-3g dkms dkms-fuse$ insmod /lib/modules/2.6.18-8.el5/extra/fuse.ko

Now you have working setup, all you need to do is mount a filesystem under Linux. First create a mount point:

$ mkdir /data

Now mount a remote server filesystem using sshfs command:

$ sshfs root@192.168.50.87:/what2mount /data
check if mounted by the mount command

Now you can access your filesystem securely using Internet or your LAN

$ cd /data

$ touch blah

To umount cd to home folder

$ umount /data

November 10, 2008 Posted by | Uncategorized | Comments Off on RHEL securely mount remote Linux / UNIX directory or file system using SSHFS

Partition Percentage wise in ks.cfg

Step 1:

Put the following lines in ks.cfg file in the %pre section
%pre

#!/bin/bash

# Check the disk size value and store in diskval
diskval=`fdisk -l | grep Disk | awk -F ” ” ‘{print $3}’| awk -F “.” ‘{print $1}’`

# for root as 20%
let “Partroot=($diskval*20/100)”
# for home as 20 %
let “Parthome=($diskval*20/100)”
# for usr as 50 %
let “Partusr=($diskval*50/100)”
# Swap space
let “Partswap=(`cat /proc/meminfo | grep ‘MemTotal:’ | awk -F ‘ ‘ ‘{print $2}’`*2/1024)”

echo “clearpart –all” >> /tmp/part-include
echo “part / –fstype ext3 –size $Partroot –ondisk sda” >> /tmp/part-include
echo “part swap –size=$Partswap –ondisk sda” >> /tmp/part-include
echo “part /home –fstype ext3 –size $Parthome –ondisk sda” >> /tmp/part-include
echo “part /usr –fstype ext3 –size $Partusr –grow –ondisk sda” >> /tmp/part-include

Step 2:

Just above the %packages section add the following line

clearpart –all
# Now in your ks file put the following line for partition
%include /tmp/part-include
%packages

November 10, 2008 Posted by | Uncategorized | Comments Off on Partition Percentage wise in ks.cfg

Installation Of Plone + Zope on RHEL/CentOS/Fedora

Plone is a ready-to-run content management system that is built on the powerful and free Zope application server. Plone is easy to set up, extremely flexible, and provides you with a system for managing web content that is ideal for project groups, communities, web sites, extranets and intranets.

eWeek

* Plone is easy to install. You can install Plone with a a click and run installer, and have a content management system running on your computer in just a few minutes.
* Plone is easy to use. The Plone Team includes usability experts who have made Plone easy and attractive for content managers to add, update, and mantain content.
* Plone is international. The Plone interface has more than 35 translations, and tools exist for managing multilingual content.
* Plone is standard. Plone carefully follows standards for usability and accessibility. Plone pages are compliant with US Section 508, and the W3C’s AAA rating for accessibility.

OSI

* Plone is Open Source. Plone is licensed under the GNU General Public License, the same license used by Linux. This gives you the right to use Plone without a license fee, and to improve upon the product.
* Plone is supported. There are close to a hundred developers in the Plone Development Team around the world, and a multitude of companies that specialize in Plone development and support.
* Plone is extensible. There is a multitude of add-on products for Plone to add new features and content types. In addition, Plone can be scripted using web standard solutions and Open Source languages.
* Plone is technology neutral. Plone can interoperate with most relational database systems, open source and commercial, and runs on a vast array of platforms, including Linux, Windows, Mac OS X, Solaris and BSD.

Download and Install resolving dependenciescf
python-imaging-1.1.4-2.2.el4.rf.i386.rpm
plone-2.0.4-0.1.2.el4.rf.noarch.rpm
zope-2.7.2-0.1.2.el4.rf.i386.rpm
Got these from http://rpmfind.net

This site was helpfull for configuring http://www.howtoforge.com/debian_plone
This will show you what you can do with plone http://plone.org/about/movies

mkdir -p /home/zopy/zinstance/

Ok so install the rpm’s and go to

cd /usr/lib/zope/bin

Run

python mkzopeinstance.py

When I ran this command it gave me an error of /usr/lib/zope/skel not found
So I mkdir -p /usr/lib/zope/skel

You choose this install directory:
Directory: /home/zopy/zinstance/
You must choose a username and password.
Username = admin
Passwd = ******

Now, you run zope
/etc/init.d/zope start

Start a web browser on the same machine on which you installed Zope and visit the URL
http://localhost:8080/
If your Zope is properly installed and you’re visiting the correct URL, you will be presented with the Zope “QuickStart” screen.

/etc/init.d/zope stop

To add users to zope
zopectl adduser uname passwd

/etc/init.d/zope start

Logging In

To do anything remotely interesting with Zope, you need to use its “management interface”. Zope is completely web-manageable. To log into the Zope management interface, use your web browser to navigate to Zope’s management URL. Assuming you have Zope installed on the same machine from which you are running your web browser, the Zope management URL will be
http://localhost:8080/manage or http://192.X.X.X:8080/manage

You can create a plone site:
At the List box on the manage screen choose Plone Site and Click add button
Refer to Screen shots on (http://www.howtoforge.com/debian_plone)

Add Plone Site
Enter an ID and click the button below to create a new Plone site.
Id
Plone
Title
Portal Of Plone
Membership source
XXXXX
Description
Any Thing You Like
Button –> Add Plone Site <– Button

http://localhost:8080/plone

You Should Get the Welcome to Plone screen

November 10, 2008 Posted by | Uncategorized | Comments Off on Installation Of Plone + Zope on RHEL/CentOS/Fedora

Playing With Tar Files

I once wanted to create a empty tar file….
tar -czfv empty-archive.tar.gz /dev/null

To append to tar files….

tar –append –file=empty-archive.tar.gz filename
If you now use the –list (-t) operation, you will see that rock has been added to the archive:

less empty-archive.tar.gz

To untar at a specific location add the -C operator

tar -czfv empty-archive.tar.gz -C /home/

November 10, 2008 Posted by | Uncategorized | Comments Off on Playing With Tar Files

Security Section

In general, many new Linux System Administrators create only two partitions / (root) and swap for entire hard drive. This is really a bad idea. You always need to consider following points:
-Performance
-Security
-Stability
-Backup

Let us assume you have 120 GB SCSI hard disk with / and swap partitions only. Then here comes a user (may be internal or external or cracker user) and runs something which eats up all hard disk (DoS attack). For example, consider the following tiny script that such user can run in /tmp directory:

#!/bin/sh
man bash > $(mktemp)
$0

Anyone can run above script via cron (if allowed), or even with nohup command:
$nohup bad-script&
Result is disaster! Your entire file system comes under Denial of Service attack. It will even bypass the disk quota restriction. A Linux sys admin created only two partition. Later, poorly written application eats up all space in /var/log/. End result was memo for him as he did not followed internal docs that has guidelines for partition setup for clients server.

Youcan create partition as follows:
/ – Root partition
/home – Users home directory
/usr – Linux/BSD binary programs are installed here
/tmp – Temporary files partition
/var – Stores files which keep changing size, e.g. log, or squid caching files

If you don’t have partitions like this then following attack can take place:
1. Denial of Service attack against disk space (example is the script above)
2. Users can download or compile SUID programs in /tmp or even in /home
3. Performance tunning is not possible

However, all of this attack can be stopped by adding following option to /etc/fstab file:
nosuid – Do not set SUID/SGID access on this partition
nodev – Do not character or special devices on this partition.
noexec – Do not set execution of any binaries on this partition
ro – Mount file system as readonly
quota – Enable disk quota
Please note that above options can be set only if you have separate partitions. Make sure you create partition as above with special option set on each partition
/home – Set option nosuid, and nodev with diskquota option
/usr – Set option nodev
/tmp – Set option nodev, nosuid, noexec option must be enabled

For example entry in /etc/fstab for /home should look like as follows:
/dev/sda1 / ext3 defaults,nosuid,nodev,noexec,ro 0 0
/dev/sda2 /home ext3 defaults,nosuid,nodev 1 0
/dev/sda3 /usr ext3 defaults,nodev 2 0
/dev/sda4 /tmp ext3 defaults,nosuid,nodev,noexec 3 0

For more info please read man pages of fstab, mount, fdisk.

Apply the Secure Linux Kernel Patch http://www.openwall.com/linux. Read the directions to install the diff.
Don’t forget to make the changes under performance
Turn OFF all the stuff you don’t need. This includes Telnet (you aren’t using telnet are you), NFS and a bunch of other crap that comes as a default install.
Stop SYN attacks dead :
echo 1 > /proc/sys/net/ipv4/tcp_syncookies.
Add this to your /etc/rc.d/rc.local file.
Stop IP address spoofing: Edit the /etc/host.conf and add the following lines:
#Check for IP address spoofing.
nospoof on
Set immutable bits on passwords and shadow files. Of course you will have unset these bits to change passwords etc, so do this after your system is stable.
Block su access: Edit /etc/pam.d/su and add the following two lines to the top in the file:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel
This means that only users in the wheel group can log as su.
Add who you need to this group:
usermod -G10 username
I changed my /etc/fstab as follows
/dev/sda5 /tmp ext2 nosuid,nodev,noexec 1 2
This was to make /tmp safer, Of course your /dev will be different.
I don’t like having my shell commands living forever. (of course this doesn’t matter if noone has ssh access but you) (you are using ssh, if not you don’t have security).
Edit /etc/profile and change the following line to:
HISTFILESIZE=20
Change permissions on /etc/rc.d/init.d scripts:
chmod -R 700 /etc/rc.d/init.d/
Edit the /etc/nsswitch.conf file to eliminate all references to NIS. Why would you use NIS unless recquired?

November 10, 2008 Posted by | Uncategorized | Comments Off on Security Section

Add multiple Users with the same passwd

#!/usr/bin/perl -w

use strict;
use Crypt::PasswdMD5;
# This will ask you for a password once all users will have the same passwd
print “Enter Password: “;
chomp ( my $Passwd = );
$cryptedPasswd = unix_md5_crypt($Passwd, $salt);

# Please create a file /root/username.txt that has all usenames
open(USERFILE, “< /root/username.txt”) || die “Cannot open username file: $!”;
my @users = < USERFILE >;
@users = sort(@users);

# Starting for loop to add users

foreach my $u (@users){
print “$u”;

my $cryptPasswd = “”;
my $salt = rand(99);

system(”useradd -m -d /home/$username $username”);
system(”usermod -p ‘$cryptedPasswd’ $username”);

print “Username is $u, using password hash $cryptedPasswd\n\n”;
}
close (USERFILE);

November 10, 2008 Posted by | Uncategorized | Comments Off on Add multiple Users with the same passwd

« Previous Entries