Search This Blog

Wednesday, November 24, 2010

Changing runlevel of your Linux Distribution to disable Graphic Interface.

In this tutorial i m trying to change default runlevel of my linux distribution.

Currently it is set to run level 5 which means whenever the the machine get boot up it will end up displaying X console(Graphical User Interface).However I believe in working on non graphical environment i.e terminal and not so interested in graphical look of Linux.

So I have decided to change its run level to 3 .By doing this i will be able to start the machine in terminal rather than Graphical mode.

Need to modify /etc/inittab file.

modify following parameter
from
id:5:initdefault:
to
id:3:initdefault:
restart the machine
Recheck the runlevel by typing.
# runlevel
N 3

To Implement More security measures i went ahead doing some extra stuff.
(This is not so required if you the machine you are working is not intended for linux hardening purpose)
At this stage I was able to get terminal of machine after reboot
I wasn't satisfied at this stage as i was able to get the graphical console by merely typing
#init 5

So i searched google and find out that the reason for loading the graphical user interface was a script resided in
/etc/X11/prefdm
being called by system after executing
#init 5

So i renamed it thinking OS will fail in finding it when invoked by inittab file .
To my surprise i was able to get the terminal back even if i hit
#init 5
but then i realize i keep on getting following error lines.

INIT: cannot execute "/etc/X11/prefdm"
INIT: cannot execute "/etc/X11/prefdm"
INIT: Id "x" respawning too fast: disabled for 5 minutes

I found out the reason behind this was a line in /etc/inittab
x:5:respawn:/etc/X11/prefdm -nodaemon

(respawn The process will be restarted whenever it terminates)
Since the file prefdm was renamed and respawned the OS was keep on trying to execute it considering it is terminated.

Now i have made the above line commented and
removed execute bit of the file .

System is now behaving as i wish it would behave.
Now Even if i run
#init 5
it wont get into graphical mode.

Monday, November 22, 2010

How to configure proxy for wget command?

Its very common to get following error while using wget to download .
Lets take an example :

I m trying to download vsftpd-2.3.2.tar.gz using wget .
I have got following error .

# wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.2.tar.gz
--17:53:41-- ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.2.tar.gz
=> `vsftpd-2.3.2.tar.gz'
Resolving vsftpd.beasts.org... failed: Temporary failure in name resolution.


From Error its clear that wget is unable to download the file .
Reason 1: It is unable to resolve the IP address .
Reason 2: Its is unable to reach the Destination .

Both these factors indicates absence of proxy .While its a very easy to define proxy server in Browser when we dont get any internet connection (Most of time its set on automatic detection)But for wget you need to modify following file and point it to the proxy server.

Just add following lines to /etc/wgetrc files.

http_proxy = http://:/
use_proxy = on
wait = 15

just save it and you are done.

Now try to run the command and you should able to download the file as
I have done it here.

# wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.2.tar.gz
--18:15:42-- ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.2.tar.gz
Connecting to :... connected.
Proxy request sent, awaiting response... 200 OK
Length: unspecified
Saving to: `vsftpd-2.3.2.tar.gz'

[ <=> ] 187,229 --.-K/s in 0.03s

18:15:42 (6.95 MB/s) - `vsftpd-2.3.2.tar.gz' saved [187229]

Please Leave us with your comments and Queries/Suggestions.
I will try to reply asap.

Sunday, November 14, 2010

Linux Syllabus


COURSE OVERVIEW

Basic
Total No of Classes: 15-20 sessions [2-3 hrs each]
Duration: 2-3 months (2 days in a week)

1)    What is Linux ? Why Linux?
a)     History.
b)    Difference Between Linux and Windows
c)     Difference Between Linux and Unix
d)    GNU
e)     Usage
f)      Career Options
g)     Interesting Facts about Linux.
h)    Why Linux is Virus proof?
i)       Various Linux Distributions.
j)       Pros and Cons

2)    Root
a)     Who/why/what is root

3)    Basic commands
a)     mkdir
b)    touch
c)     ls
d)    pwd
e)     cd
f)      chmod
g)     df
h)    du
i)       dd
j)       adduser
k)     sort
l)       passwd
m)  rm/rmdir
n)    date
o) tar
p) gzip 
q) top

4)    Editors
a)     Vi Editor

5)    GNU/LINUX OS Installation

6)    Basic System configuration and Administration.

7)    OS Installation.

8)    Understanding Files and Directories in Linux
a)     File Structure and hierarchy
b)    File Permissions
c)     LVM overview

9)    Schedulers
a)     cron
b)    at

10)           User Administration

11)           Software Installation In Linux .
a)     RPM
b)    make

Intermediate and Advanced
Total No of Classes: 30 sessions [2-3 hrs each]
Duration: 3-4 months (2 days in a week)


12)           Linux Boot process
a)     Boot Loaders (LILO and GRUB)
b)    System Initialization
c)     inittab
d)    rc.sysinit
e)     rc

13)           LVM  (Logical Volume Manager)

a)     Volume groups
b)    Physical and logical volumes
c)     Resizing LVs etc

14)           TCP/IP Network Management.
a)     route
b)    ifconfig
c)     ping
d)    netstat

15)           Driver/Module Installation and Removal.
a)     modprobe
b)    rmmod
c)     insmod
d)    lsmod
e)     modinfo

16)           Log Monitoring and rotating 

17)           OpenSSH - The GNU/Linux Secure Shell 
a)     ssh
b)    Sshd
c)     scp

18)           sudo and su - Giving users SuperUser Privileges

19)           Linux Administration.
a)     Single User Mode
b)    Rescue Mode
c)     IP Tables
d)    File Sharing with SAMBA
e)     NFS
f)      Mail Server using SENDMAIL
g)     Web Server installation (apache)
h)    Proxy Server installation using SQUID.
i)       Firewalling using iptables
j)       PAM (plug gable Authentication modules)
k)     Linux Performance Monitor
l)       SAR utility.
m)  Monitor cpu using sar
n)    track Application causing Memory Leak

20)           Linux Hardening.

21)           Linux Scripting using bash
a)     awk
b)    sed
c)     grep
d)    while
e)     for
f)      echo
g)     variables
h)    functions

22)           Information over open source projects
a)     lynis(Unix-based auditing tool
b)    rootkit hunter.

Friday, November 12, 2010

Sun Storage 6180 configuration.

Installed CAM software on one of machine.
Given IP address to both Ethernet port of Storage using serial port(Document bundled with server is referred).
registered one of ip in CAM software .It has automatically detected 2nd IP address.
First created Virtual Disk .
Then Created Volumes.
Let the volume get initialized for some time.
Created Hosts name as per Servers that needs to be connected to storage.
Created Host Groups and added these servers into it.
Clicked on mapping and mapped volumes to default storage.
Attached Volume to this host group.
Setup Initiator according to HBA port of servers.

Wednesday, November 10, 2010

Modprobe Explained.

Good article over Modprobe commands can be found here.



http://www.thegeekstuff.com/2010/11/modprobe-command-examples/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TheGeekStuff+%28The+Geek+Stuff%29

Even though above guide explains on how to deal with Modules its may be hard to read it without understanding what does linux module means .

Well Following article may come handy understanding linux module.

http://www.linuxsa.org.au/meetings/1996-07/

I will try my best to give you a practical example of module install/ uninstall.

Here is a good example of how to load new network driver and get more speed.
http://d-h-n.de/blog/?p=596

Monday, November 1, 2010

LDAP Installation and Configuration on Linux.



With So many online guides available over LDAP configuration I decided to go with following

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS

Operating system used :

LDAP Server:

# lsb_release -a
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: EnterpriseEnterpriseServer
Description: Enterprise Linux Enterprise Linux Server release 5.2 (Carthage)
Release: 5.2
Codename: Carthage
# uname -a
Linux LDAPServer 2.6.18-92.el5 #1 SMP Fri May 23 22:17:30 EDT 2008 i686 i686 i386 GNU/Linux

LDAP Client:

# lsb_release -a
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: EnterpriseEnterpriseServer
Description: Enterprise Linux Enterprise Linux Server release 5.2 (Carthage)
Release: 5.2
Codename: Carthage
# uname -a
Linux LDAPClient .6.18-92.el5 #1 SMP Fri May 23 22:17:30 EDT 2008 i686 i686 i386 GNU/Linux


Step 1:Install Necessary softwares on LDAP Server.

As per the guide i have checked my machine for required rpms (Which is going to serve as LDAP Server).

5 basic rpms are needed for LDAP Server .

1)openldap
2)openldap-clients
3)openldap-devel
4)nss_ldap
5)openldap-servers

I checked my server whether they are present or not.

#rpm -qa | grep ldap
mozldap-6.0.5-1.el5
openldap-2.3.27-8.el5_1.3
nss_ldap-253-12.el5
python-ldap-2.2.0-2.1

I checked my server whether they are present or not.
From Above of above command i came to know, my machine was lacking 3 major rpms.
openldap-clients
openldap-devel
openldap-servers

So i have downloaded required rpms and their dependencies.(Most of the times the required rpms are available in Operating system CDs).

i> openldap-servers-2.3.27-8.el5_1.3.i386.rpm(Dependence :libtool-ltdl-1.5.22-7.el5_4.i386.rpm)

# rpm -ivh libtool-ltdl-1.5.22-7.el5_4.i386.rpm
warning: libtool-ltdl-1.5.22-7.el5_4.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing... ########################################### [100%]
1:libtool-ltdl ########################################### [100%]

# rpm -ivh openldap-servers-2.3.27-8.el5_1.3.i386.rpm
warning: openldap-servers-2.3.27-8.el5_1.3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159
Preparing... ########################################### [100%]
1:openldap-servers ########################################### [100%]


ii> openldap-devel-2.3.27-8.el5_1.3.i386.rpm(Dependence :cyrus-sasl-devel-2.1.22-4.i386.rpm)

# rpm -ivh openldap-clients-2.3.27-8.el5_1.3.i386.rpm
warning: openldap-clients-2.3.27-8.el5_1.3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159
Preparing... ########################################### [100%]
1:openldap-clients ########################################### [100%]

iii> openldap-clients-2.3.27-8.el5_1.3.i386.rpm

# rpm -ivh cyrus-sasl-devel-2.1.22-4.i386.rpm
warning: cyrus-sasl-devel-2.1.22-4.i386.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159
Preparing... ########################################### [100%]
1:cyrus-sasl-devel ########################################### [100%]

# rpm -ivh openldap-devel-2.3.27-8.el5_1.3.i386.rpm
warning: openldap-devel-2.3.27-8.el5_1.3.i386.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159
Preparing... ########################################### [100%]
1:openldap-devel ########################################### [100%]

Make sure You have installed all necessary rpms for your LDAP server and proceed to next step if the output is similar to mine(Note Version may differ according to your Linux Distribution).

# rpm -qa | grep ldap
mozldap-6.0.5-1.el5
openldap-servers-2.3.27-8.el5_1.3
openldap-2.3.27-8.el5_1.3
nss_ldap-253-12.el5
python-ldap-2.2.0-2.1
openldap-clients-2.3.27-8.el5_1.3
openldap-devel-2.3.27-8.el5_1.3

Step 2: LDAP Server Configuration.

once you are done with installation of necessary rpms on Server side .Its time to configure LDAP server.

I have decided to give a LDAP server name as "LDAPServer.com".You can change it according to your organizational need.


2.1>Create a directory to store LDAP Server Data.

#mkdir /var/lib/ldap/LDAPServer.com

Change the ownership to ldap user.

#chown ldap:ldap /var/lib/ldap/LDAPServer.com

2.2>Generate root password for LDAP Server.

This can be done using slappasswd utility.

# slappasswd

# slappasswd
New password:
Re-enter new password:
{SSHA}2AnxPwRuOFI5/N/ewYtRrneHazxCyT2Q
save this encrypted password in notepad

2.3>Configure slapd.conf.

File Location:
/etc/openldap/slapd.conf

Search and modify the following lines.

Original lines

suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
directory /var/lib/ldap

Modified lines

suffix "dc=LDAPServer.com,dc=com"
rootdn "cn=Manager,dc=LDAPServer.com,dc=com"
rootpw secret
rootpw {SSHA}2AnxPwRuOFI5/N/ewYtRrneHazxCyT2Q
directory /var/lib/ldap/LDAPServer.com

Note : rootpw is the same that is generated in using slappasswd .

2.4>Build LDAP database.

2.4.1>Download and Configure MigrationTools.
This process involves copying your system account to ldap accounts.
You will need to download Migrationtools from following sites.
http://www.padl.com/download/MigrationTools.tgz
Most of modern linux distributions already have these tools under
/usr/share/openldap/migration/
But i proffered to update them by merely replacing them with the the one downloaded from above sites.

Make sure following directory exists in your distribution /usr/share/openldap/migration/.
If not make it using
#mkdir -p /usr/share/openldap/migration/

Extract MigrationTools.tgz

# tar -xvf MigrationTools.tgz
MigrationTools-47/
MigrationTools-47/ads/
MigrationTools-47/ads/migrate_passwd_ads.pl
MigrationTools-47/ads/migrate_all_online_ads.sh
MigrationTools-47/ads/migrate_group_ads.pl
MigrationTools-47/ads/migrate_all_nis_online_ads.sh
MigrationTools-47/ads/migrate_base.pl
MigrationTools-47/ads/migrate_common.ph
MigrationTools-47/MigrationTools.spec
MigrationTools-47/migrate_netgroup_byhost.pl
MigrationTools-47/migrate_all_nis_offline.sh
MigrationTools-47/Make.rules
MigrationTools-47/migrate_aliases.pl
MigrationTools-47/README
MigrationTools-47/migrate_rpc.pl
MigrationTools-47/migrate_all_offline.sh
MigrationTools-47/migrate_group.pl
MigrationTools-47/migrate_all_nisplus_offline.sh
MigrationTools-47/migrate_all_netinfo_online.sh
MigrationTools-47/migrate_protocols.pl
MigrationTools-47/migrate_hosts.pl
MigrationTools-47/CVSVersionInfo.txt
MigrationTools-47/migrate_automount.pl
MigrationTools-47/migrate_services.pl
MigrationTools-47/migrate_netgroup.pl
MigrationTools-47/migrate_profile.pl
MigrationTools-47/migrate_base.pl
MigrationTools-47/migrate_all_nisplus_online.sh
MigrationTools-47/migrate_common.ph
MigrationTools-47/migrate_all_nis_online.sh
MigrationTools-47/migrate_all_online.sh
MigrationTools-47/migrate_passwd.pl
MigrationTools-47/migrate_networks.pl
MigrationTools-47/migrate_fstab.pl
MigrationTools-47/migrate_slapd_conf.pl
MigrationTools-47/migrate_netgroup_byuser.pl
MigrationTools-47/migrate_all_netinfo_offline.sh

Now go to Newly created MigrationTools-47 directory and copy its contents to /usr/share/openldap/migration/

#cp -rv * /usr/share/openldap/migration/

(You may be asked to overwrite the existing files if migration folder already exists in your distribution just overwrite it)

2.4.2>Configure /usr/share/openldap/migration/migrate_common.ph.

Edit migrate_common.ph and replace every instance of padl to LDAP Server Name (in our case LDAPServer)

you can use following command to replace it using vi editor.
vi /usr/share/openldap/migration/migrate_common.ph
press Esc
:s/padl/LDAPServer/g
Save and exit.

(s means substitute padl to LDAPServer).
(g (global) Every instance of padl will be replaced with LDAPServer).


2.4.3>Build LDAP database.

Run
# updatedb

Find out the location of your ldap database file using
# locate DB_CONFIG
/etc/openldap/DB_CONFIG.example

Now run
# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/LDAPServer.com/DB_CONFIG


2.4.4>LDAP DB Creation

Just run following command.

# ./migrate_all_offline.sh
Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Importing into LDAP...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Preparing LDAP database...
/etc/openldap/slapd.conf: line 74: can only be set when rootdn is under suffix
slapadd: bad configuration file!
Migration failed: saving failed LDIF to /tmp/nis.6247.ldif

# chown -R ldap:ldap /var/lib/ldap/LDAPServer.com/

start ldap server.

#service ldap start

At this point you are done with server side configuration that is necessary for LDAP.

User creation can be done using Webmin or It can also be done manually as described in Later section.
Lets head towards client side configuration.

2.5>Create LDAP user.

This is created using 2 step.
1)Create Local User.
2)Use script to add Local User to LDAP Database.

Make sure ldap service is running using.

#service ldap status
if the service is stopped then run it using.
#service ldap start

Logged in with root user.
Lets create a local user say (helpdesk).
#adduser helpdesk
#passwd helpdesk

Now create a script named addldapuser.sh and save it to /usr/local/sbin.
content of script
#!/bin/bash

cd /usr/share/openldap/migration
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp

/usr/share/openldap/migration/migrate_passwd.pl \
/tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp

cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/example/ \
> /tmp/changeldappasswd.ldif

ldapadd -x -D "cn=Manager,dc=LDAPServer,dc=com" -W -f \
/tmp/changeldappasswd.ldif

rm -f /tmp/changeldappasswd.*


Give execute permission to root only.
# chmod u+x addldapuser.sh

# addldapuser.sh helpdesk
Enter LDAP Password:
adding new entry "uid=helpdesk,ou=People,dc=LDAPServer,dc=com"
.

Step 3: LDAP Client Configuration.


4 basic rpms are needed for LDAP Client.

openldap
openldap-clients
openldap-devel
nss_ldap

Installed necessary software for client configuration so that the output of below command should match.(Version may vary according to your distribution).

# rpm -qa | grep ldap
mozldap-6.0.5-1.el5
openldap-2.3.27-8.el5_1.3
nss_ldap-253-12.el5
python-ldap-2.2.0-2.1
openldap-clients-2.3.27-8.el5_1.3
openldap-devel-2.3.27-8.el5_1.3


3.1>Modify /etc/openldap/ldap.conf

To configure LDAP client you will need to modify client's /etc/openldap/ldap.conf file.

The easiest way of modifying the file is typing .

# env LANG=C authconfig-tui

Make sure you select same options as described in image below.(Click on the picture to zoom it)



Make sure You have not selected to use TLS .
Mention Your LDAP server IP address and Base DN according to your LDAP Server.



Once the necessary changes made your ldap.conf file will be modified accordingly .You can confirm the changes using .

# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
URI ldap://10.180.18.222/
BASE dc=LDAPServer,dc=com
TLS_CACERTDIR /etc/openldap/cacerts

3.2>Modify /etc/nsswitch.conf

Before modifying the file lets understand why would we need to modify the file?

Since the client is referring to LDAP server for login credentials its necessary to set the priority.
By setting the priority for example look at the below entry from my nsswitch.conf file.


passwd: files ldap
shadow: files ldap
group: files ldap


the first priority is files means whenever any attempt to log in take place the first local /etc/passwd ,/etc/shadow,/etc/group files are referred if the user is not available in these files then LDAP server is contacted.
You can change these behavior by changing the order you may also eliminate the need of local authentication.
Make the necessary changes according to your requirement or stick with mine.

You can check the LDAP server users using following command @ client's end.
Note helpdesk user is getting displayed.You can login with helpdesk user on client even if it doesnt exists in clients /etc/passwd file.

# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# LDAPServer.com
dn: dc=LDAPServer,dc=com
dc: LDAPServer
objectClass: top
objectClass: domain

# Hosts, LDAPServer.com
dn: ou=Hosts,dc=LDAPServer,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit

# Rpc, LDAPServer.com
dn: ou=Rpc,dc=LDAPServer,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit

# Services, LDAPServer.com
dn: ou=Services,dc=LDAPServer,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit

# netgroup.byuser, LDAPServer.com
dn: nisMapName=netgroup.byuser,dc=LDAPServer,dc=com
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap

# Mounts, LDAPServer.com
dn: ou=Mounts,dc=LDAPServer,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit

# Networks, LDAPServer.com
dn: ou=Networks,dc=LDAPServer,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit

# People, LDAPServer.com
dn: ou=People,dc=LDAPServer,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, LDAPServer.com
dn: ou=Group,dc=LDAPServer,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

# Netgroup, LDAPServer.com
dn: ou=Netgroup,dc=LDAPServer,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit

# Protocols, LDAPServer.com
dn: ou=Protocols,dc=LDAPServer,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit

# Aliases, LDAPServer.com
dn: ou=Aliases,dc=LDAPServer,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

# netgroup.byhost, LDAPServer.com
dn: nisMapName=netgroup.byhost,dc=LDAPServer,dc=com
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap

# helpdesk, People, LDAPServer.com
dn: uid=helpdesk,ou=People,dc=LDAPServer,dc=com
uid: helpdesk
cn: helpdesk
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDdkZDZoNW5qJFZSNWU4aS9lNm1kaEM3eGEzTzdjQjE=
shadowLastChange: 14930
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 504
gidNumber: 505
homeDirectory: /home/helpdesk

# search result
search: 2
result: 0 Success

# numResponses: 15
# numEntries: 14