How to Create Additional LVM on CentOS 6.3

This post will covers the steps to create additional Logical volume manager (LVM) on CentOS 6.3. This will very useful when the production system facing run out of disk space to store data. Sometimes there is another request for them to create additional LVM for new system or to store data. It is possible to perform this task if that system administrator has the right skill on linux. Otherwise, they will put themselves and the organization in the disaster or risk as working with the system’s data is on of the most critical job that must be perform with the right steps and skills. Follow below steps :

1. Assumed that second disk has been added called /dev/sdb. Create new partition for /dev/sdb using below command :

[root@centos63 ~]# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0xd29f2d59.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-652, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-652, default 652):
Using default value 652

Command (m for help): p

Disk /dev/sdb: 5368 MB, 5368709120 bytes
255 heads, 63 sectors/track, 652 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xd29f2d59

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1         652     5237158+  83  Linux

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)

Command (m for help): p

Disk /dev/sdb: 5368 MB, 5368709120 bytes
255 heads, 63 sectors/track, 652 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xd29f2d59

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1         652     5237158+  8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

2. Convert this disk into a physical volume :

[root@centos63 ~]# pvcreate /dev/sdb1
  Writing physical volume data to disk "/dev/sdb1"
  Physical volume "/dev/sdb1" successfully created

Display the physical volume :

[root@centos63 ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               vg_centos63
  PV Size               7.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              1922
  Free PE               0
  Allocated PE          1922
  PV UUID               521faS-HW2C-nUrs-yI1E-4OO9-eLmj-1e3bGW

  "/dev/sdb1" is a new physical volume of "4.99 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sdb1
  VG Name
  PV Size               4.99 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               qTmTeq-8qoL-xxEk-Dj5V-zOjl-vEag-P6Jl7L

3. With the physical volume created we now need to create new volume group for it. In this case i will give the volume group name vg_data.

[root@centos63 ~]# vgcreate vg_data /dev/sdb1
  Volume group "vg_data" successfully created

Display the volume group :

[root@centos63 ~]# vgdisplay
  --- Volume group ---
  VG Name               vg_data
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               4.99 GiB
  PE Size               4.00 MiB
  Total PE              1278
  Alloc PE / Size       0 / 0
  Free  PE / Size       1278 / 4.99 GiB
  VG UUID               YV3IYN-3CF9-3Yd1-69ue-wcq4-0UKk-Zk49Vk

  --- Volume group ---
  VG Name               vg_centos63
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               7.51 GiB
  PE Size               4.00 MiB
  Total PE              1922
  Alloc PE / Size       1922 / 7.51 GiB
  Free  PE / Size       0 / 0
  VG UUID               G3H7s2-0yfo-vU9W-5g9g-fq9K-tpNO-U2Y7BQ

4. Create logical volumes with the name of centos63_vol into vg_data volume group :

[root@centos63 ~]# lvcreate --name centos63_vol -l 100%FREE vg_data
  Logical volume "centos63_vol" created

Display logical volume :

[root@centos63 ~]# lvdisplay
  --- Logical volume ---
  LV Path                /dev/vg_data/centos63_vol
  LV Name                centos63_vol
  VG Name                vg_data
  LV UUID                bVRJwM-5CuR-mLf4-tqHV-j5e4-cs3o-ffKL41
  LV Write Access        read/write
  LV Creation host, time centos63.ehowstuff.local, 2012-09-28 22:55:13 +0800
  LV Status              available
  # open                 0
  LV Size                4.99 GiB
  Current LE             1278
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2

  --- Logical volume ---
  LV Path                /dev/vg_centos63/lv_root
  LV Name                lv_root
  VG Name                vg_centos63
  LV UUID                3Se9Zl-RmAu-f707-1Fv2-wMvX-oH3z-maExU0
  LV Write Access        read/write
  LV Creation host, time centos63.ehowstuff.local, 2012-07-15 20:17:31 +0800
  LV Status              available
  # open                 1
  LV Size                5.54 GiB
  Current LE             1418
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0

  --- Logical volume ---
  LV Path                /dev/vg_centos63/lv_swap
  LV Name                lv_swap
  VG Name                vg_centos63
  LV UUID                KijzOf-uPjy-JbJd-dcjw-u0XO-aqPA-2GKScq
  LV Write Access        read/write
  LV Creation host, time centos63.ehowstuff.local, 2012-07-15 20:17:33 +0800
  LV Status              available
  # open                 1
  LV Size                1.97 GiB
  Current LE             504
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1

5. Format the LVM using mke2fs with -j switch command :

[root@centos63 ~]# mke2fs -j /dev/vg_data/centos63_vol
[root@centos63 ~]# mke2fs -j /dev/vg_data/centos63_vol
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1308672 blocks
65433 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 37 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

6. Create a mount point for the newly created logical volume :

[root@centos63 ~]# mkdir /mydata

7. Define mount point to use this partitions :

[root@centos63 ~]# e2label /dev/vg_data/centos63_vol /mydata

8. Modify /etc/fstab and add the following:

[root@centos63 ~]# vi /etc/fstab
/dev/vg_data/centos63_vol /mydata                       ext4    defaults        1 1
#
# /etc/fstab
# Created by anaconda on Sun Jul 15 20:17:38 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos63-lv_root /                       ext4    defaults        1 1
UUID=2217c7b1-4467-4c81-8596-c3ee7758e2cc /boot                   ext4    defaults        1 2
/dev/mapper/vg_centos63-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/vg_data/centos63_vol /mydata                       ext4    defaults        1 1

9. Mount the newly created logical volume :

[root@centos63 ~]# mount /mydata

10. The newly created logical volume will now mount automatically each time the system is booted.

[root@centos63 ~]# df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_centos63-lv_root
                      5.5G  2.0G  3.3G  39% /
tmpfs                 504M     0  504M   0% /dev/shm
/dev/sda1             485M   65M  395M  15% /boot
/dev/mapper/vg_data-centos63_vol
                      5.0G  139M  4.6G   3% /mydata

How to Install PostgreSQL 9.2 on CentOS 6.3

This quick post shows the basic steps to install PostgreSQL Database Server (PostgreSQL 9.2) on CentOS 6.3. This steps has been tested using CentOS 6.3. However, It may works on other version CentOS or Redhat as well. PostgreSQL is a Sophisticated open-source Object-Relational DBMS supporting almost all SQL constructs, including subselects, transactions, and user-defined types. PostgreSQL is a powerful, open source object-relational database system that available for many platforms including Linux, FreeBSD, Solaris, Microsoft Windows and Mac OS X.

PostgreSQL Global Development Group (PGDG) builds RPMs for various Linux distributions. At the time of this writing, there are available RPMs and SRPMs for the following platforms :

  • PostgreSQL 9.2

Follow these steps to install PostgreSQL 9.2 on CentOS 6.3 :

1. Download the latest production release for your distro here: http://yum.pgrpms.org/repopackages.php

[root@centos63 ~]# wget http://yum.pgrpms.org/9.2/redhat/rhel-6-i386/pgdg-centos92-9.2-5.noarch.rpm
--2012-09-25 21:50:05--  http://yum.pgrpms.org/9.2/redhat/rhel-6-i386/pgdg-centos92-9.2-5.noarch.rpm
Resolving yum.pgrpms.org... 98.129.198.114
Connecting to yum.pgrpms.org|98.129.198.114|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5220 (5.1K) [application/x-redhat-package-manager]
Saving to: âpgdg-centos92-9.2-5.noarch.rpmâ

100%[==========================================================>] 5,220       4.76K/s   in 1.1s

2012-09-25 21:50:06 (4.76 KB/s) - âpgdg-centos92-9.2-5.noarch.rpmâ

2. Install the repo :

[root@centos63 ~]# rpm -ivh pgdg-centos92-9.2-5.noarch.rpm
Preparing...                ########################################### [100%]
   1:pgdg-centos92          ########################################### [100%]

3. Edit the CentOS-Base.repo to exclude postgreql.

[root@centos63 ~]# vi /etc/yum.repos.d/CentOS-Base.repo

Add ‘exclude=postgresql*’ to the [base] and [updates] sections:

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
exclude=postgresql*

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
exclude=postgresql*

4. Use ‘yum list’ to check the packages that are now available.

[root@centos63 ~]# yum list postgres*
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
Available Packages
postgresql.i686                              8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-contrib.i686                      8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-devel.i686                        8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-docs.i686                         8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-jdbc.i686                         8.4.701-3.el6                      CentOS6.3-Repository
postgresql-jdbc.noarch                       8.4.701-8.el6                      CentOS6.3-Repository
postgresql-libs.i686                         8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-odbc.i686                         08.04.0200-1.el6                   CentOS6.3-Repository
postgresql-plperl.i686                       8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-plpython.i686                     8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-pltcl.i686                        8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-server.i686                       8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql-test.i686                         8.4.11-1.el6_2                     CentOS6.3-Repository
postgresql92.i686                            9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-contrib.i686                    9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-debuginfo.i686                  9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-devel.i686                      9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-docs.i686                       9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-libs.i686                       9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-odbc.i686                       09.01.0200-1PGDG.rhel6             pgdg92
postgresql92-odbc-debuginfo.i686             09.01.0200-1PGDG.rhel6             pgdg92
postgresql92-plperl.i686                     9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-plpython.i686                   9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-pltcl.i686                      9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-server.i686                     9.2.1-1PGDG.rhel6                  pgdg92
postgresql92-tcl.i686                        2.0.0-1.rhel6                      pgdg92
postgresql92-tcl-debuginfo.i686              2.0.0-1.rhel6                      pgdg92
postgresql92-test.i686                       9.2.1-1PGDG.rhel6                  pgdg92

5. Start install PostgreSQL 9 using yum:

[root@centos63 ~]# yum install postgresql92 postgresql92-devel postgresql92-server postgresql92-libs postgresql92-contrib -y

6. Verify, Initialize and Start PostgreSQL service :

[root@centos63 ~]# service postgresql-9.2 status
 is stopped
[root@centos63 ~]# service postgresql-9.2 initdb
Initializing database:                                     [  OK  ]
[root@centos63 ~]# service postgresql-9.2 start
Starting postgresql-9.2 service:                           [  OK  ]

How to Setup Squid Proxy Server on Linux CentOS 6.3

This post describes the steps to setup a Squid 3 Proxy Server on CentOS6.3. Squid service plays two main roles which mainly act as a caching proxy server between the user and the web. Second role, squid also regularly used as a content accelerator, or reverse proxy, intercepting requests to a server and using a cached version of the page to serve the request. Follow below steps to install and configure squid.

1. Run yum install :

[root@centos63 ~]# yum install squid -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
CentOS6.3-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i686 7:3.1.10-9.el6_3 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package             Arch               Version                         Repository             Size
====================================================================================================
Installing:
 squid               i686               7:3.1.10-9.el6_3                updates               1.7 M

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 1.7 M
Installed size: 5.7 M
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 1.7 M
squid-3.1.10-9.el6_3.i686.rpm                                                | 1.7 MB     00:14
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 7:squid-3.1.10-9.el6_3.i686                                                      1/1
  Verifying  : 7:squid-3.1.10-9.el6_3.i686                                                      1/1

Installed:
  squid.i686 7:3.1.10-9.el6_3

Complete!

2. Configure main squid configuration file. Use vi to edit :

[root@centos63 ~]# vi /etc/squid/squid.conf

3. Add internal network name into the IP networks list where browsing should be allowed. In this example, your internal network name is ehowstuff :

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl ehowstuff src 192.168.1.0/24    # Your internal network

4. Add ehowstuff network in the ACL section list IP networks where browsing should be allowed :

http_access allow localnet
http_access allow localhost
http_access allow ehowstuff

5. Make sure squid proxy port is uncomment. You can change the proxy port to any available port here. As an example, other available port is 8080.

# Squid normally listens to port 3128
http_port 3128

6. Start squid service :

[root@centos63 ~]# service squid start
Starting squid:                                            [  OK  ]

7. Configure at proxy setting at client’s browser as below :

squid

How to Update Openfiler iSCSI Storage Appliance

openfilerThis quick post will show you two method to update the Openfiler appliance. On the previous post, i have describes in details on how to setup and configure Openfiler iSCSI Storage. Openfiler is an Open Source Network Attached Storage and Storage Area Network Solution.

1. First method to update the Openfiler is from terminal or ssh session. Login as a root to Openfiler iSCSI Storage Appliance. If Internet access is available: Test connectivity to the Internet by pinging conary.rpath.com (the online source for Openfiler updates) as below :

[root@storage01 ~]# ping conary.rpath.com
PING conary.rpath.com (208.82.215.41) 56(84) bytes of data.
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=0 ttl=52 time=395 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=1 ttl=52 time=402 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=2 ttl=52 time=403 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=3 ttl=52 time=408 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=4 ttl=52 time=405 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=5 ttl=52 time=409 ms
64 bytes from conary.rpath.com (208.82.215.41): icmp_seq=6 ttl=52 time=408 ms

If Internet access is available: Update the Openfiler installation by typing conary updateall and pressing Enter.

Note: It will take quite a few minutes for the updates to be downloaded and applied.

[root@storage01 ~]# conary updateall

Examples :

[root@storage01 ~]# conary updateall
Resolving dependencies...Performing critical system updates, will then restart update.
Applying update job 1 of 2:
    Update  conary:data (2.0.35-0.1-1 -> 2.1.9-0.1-1)
Applying update job 2 of 2:
    Update  conary:python (2.0.35-0.1-1 -> 2.1.9-0.1-1)
    Update  conary:runtime (2.0.35-0.1-1 -> 2.1.9-0.1-1)
Critical update completed, rerunning command...
Applying update job 1 of 24:
    Install info-vcsa(:user)=1-1-0.1
Applying update job 2 of 24:
    Install info-nagios(:user)=0-1-0.1
Applying update job 3 of 24:
    Update  acl(:doc :lib :locale :runtime) (2.2.47_1-0.1-1 -> 2.2.47_1-0.2-1)
    Update  aoe6(:doc :runtime) (64-1-1 -> 64-2-1)
    Install arecacli(:runtime)=v1.82_81103-1-3
    Update  attr(:doc :lib :locale :runtime) (2.4.41_1-0.1-1 -> 2.4.43_1-0.1-1)
Applying update job 4 of 24:
    Update  binutils(:doc :lib :locale :runtime) (2.17.50.0.6-7-0.0.1 -> 2.17.50.0.6-7-0.0.2)
    Update  conary (2.0.35-0.1-1 -> 2.1.9-0.1-1)
    Update  curl(:doc:lib:runtime) (7.15.3-1.1-1 -> 7.15.3-1.4-1)
    Update  cyrus-sasl(:lib) (2.1.21-5.2-1 -> 2.1.21-5.3-1)
    Install ddless(:doc :runtime)=1.3-1-1
Applying update job 5 of 24:
    Update  dhclient(:lib :runtime) (3.0.2-2.2-1 -> 3.0.7-0.4-1)
    Update  e2fsprogs(:data :doc :lib :locale :runtime) (1.40.8-0.2-1 -> 1.41.8-0.1-1)
    Update  ethtool(:doc :runtime) (/conary.rpath.com@rpl:devel//1/3-2-0.1 -> /conary.rpath.com@rpl:devel//2//openfiler.rpath.org@ofns:2/6-0.0.1-1)
    Update  gzip(:runtime) (1.3.5-4-0.1 -> 1.3.5-4.1-1)
Applying update job 6 of 24:
    Update  hwdata(:data :doc) (0.217-1.0.2-1 -> 0.225-0.0.2-1)
    Install hwdata:runtime=0.225-0.0.2-1
    Update  icu(:data :lib) (3.4-5.1-1 -> 3.4-5.2-1)
    Update  initscripts(:doc :locale :runtime) (8.12-8.18.4-1 -> 8.12-8.18.5-1)
    Install iperf(:doc :runtime)=2.0.4-1-0.1
Applying update job 7 of 24:
    Install iscsi-scst(:doc :runtime)=r1462-2-1
    Update  iscsi_trgt(:doc :runtime) (0.4.17-1-1 -> 1.4.19-2-1)
    Install kernel(:build-tree :configs :runtime :vmware)=2.6.29.6-0.24-1[~!kernel.pae,~kernel.smp]
Applying update job 8 of 24:
    Update  krb5(:config :data :doc :lib :runtime) (1.4.1-7.9-1 -> 1.4.1-7.10-1)
    Update  krb5-server(:config :doc :runtime) (1.4.1-7.9-1 -> 1.4.1-7.10-1)
    Update  krb5-services(:config :doc :runtime) (1.4.1-7.9-1 -> 1.4.1-7.10-1)
Applying update job 9 of 24:
    Update  krb5-workstation(:doc :runtime) (1.4.1-7.9-1 -> 1.4.1-7.10-1)
    Update  kudzu(:python :runtime) (1.1.116.2-3.6-1 -> 1.1.116.2-3.6-2)
    Update  lighttpd(:doc :lib :runtime) (1.4.20-0.1-1 -> 1.4.20-0.3-1)
    Update  lshw(:data :doc :runtime) (02.07-1.0.2-1 -> 02.14-0.0.1-1)
Applying update job 10 of 24:
    Install lsof(:doc :runtime)=4.75-3-0.1
    Update  module-init-tools(:doc :runtime) (/conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/3.1-5.3.1-2 -> /conary.rpath.com@rpl:devel//2//openfiler.rpath.org@ofns:2/3.4-2.0.2-1)
    Update  myri-firmware(:doc :lib :runtime) (v1.4.29-1-1[is: x86] -> 1.4.48b-1-1)
Applying update job 11 of 24:
    Update  net-snmp(:data :doc :lib :perl :runtime) (5.4.1-5.0.2-1 -> 5.4.1-5.3.1-1)
    Update  net-snmp-client(:data :doc :lib :runtime) (5.4.1-5.0.2-1 -> 5.4.1-5.3.1-1)
    Update  net-snmp-server(:data :doc :runtime) (5.4.1-5.0.2-1 -> 5.4.1-5.3.1-1)
Applying update job 12 of 24:
    Update  nfs-client(:doc :runtime) (1.0.10-4.6-1 -> 1.1.4-2.4-1)
    Update  nfs-server(:doc :lib :runtime) (1.0.10-4.6-1 -> 1.1.4-2.4-1)
    Update  nfs-utils(:doc :runtime) (1.0.10-4.6-1 -> 1.1.4-2.4-1)
    Update  open-iscsi(:doc :runtime) (/conary.rpath.com@rpl:devel//1/2.0_865-1.1-1 -> /conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/2.0_871-0.0.1-1)
    Update  openssh(:runtime) (4.9p1-0.1-1 -> 5.3p1-0.3-1)
Applying update job 13 of 24:
    Update  openssh-client(:doc :runtime) (4.9p1-0.1-1 -> 5.3p1-0.3-1)
    Update  openssh-server(:doc :runtime) (4.9p1-0.1-1 -> 5.3p1-0.3-1)
    Update  openssl(:config :data :lib :runtime) (0.9.7f-10.13-1[is: x86(~!i686)] -> 0.9.7f-10.16-1[is: x86(~!i686)])
Applying update job 14 of 24:
    Update  parted(:doc :lib :locale :runtime) (1.6.22-4.1.5-1 -> 1.6.22-4.1.6-1)
    Update  pciutils(:doc :runtime) (2.1.99-12-0.1 -> 2.2.3-7.1-1)
    Update  python(:lib :runtime) (2.4.1-20.17-1 -> 2.4.1-20.18-1)
    Update  qla-firmware(:lib :runtime) (/conary.rpath.com@rpl:devel//1/20070416-4-0.1[is: x86] -> /conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/2010205-0.0.1-1)
    Install qla-firmware:doc=2010205-0.0.1-1
Applying update job 15 of 24:
    Update  samba(:data :lib :runtime) (3.2.7-0.0.1-3 -> 3.4.5-0.0.1-1)
    Update  samba-client(:lib :runtime) (3.2.7-0.0.1-3 -> 3.4.5-0.0.1-1)
    Update  samba-server(:runtime) (3.2.7-0.0.1-3 -> 3.4.5-0.0.1-1)
    Update  scstadmin(:doc :perl :runtime) (1.0.0.x-5-1 -> r1411-1-1)
Applying update job 16 of 24:
    Update  sendmail(:doc :lib :runtime) (8.13.7-0.3-1[sasl] -> 8.13.7-0.4-1[sasl])
    Update  strace(:doc :perl :runtime) (4.5.12-2-0.1 -> 4.5.18-0.1-1)
    Install traceroute(:doc :runtime)=1.4a12-4-0.1
    Install userspace-kernel-firmware(:runtime)=2.6.29.6-0.24-1[~!kernel.pae,~kernel.smp]
Applying update job 17 of 24:
    Install autodir(:doc :lib :runtime)=0.99.9-2-1
    Install xfsdump(:doc :runtime)=3.0.1-0.0.1-1
    Update  xfsprogs(:doc :lib :runtime) (/conary.rpath.com@rpl:devel//1/2.6.25-4-0.1 -> /conary.rpath.com@rpl:devel//2//openfiler.rpath.org@ofns:2/3.0.1-0.0.2-1)
    Install xfsprogs:locale=3.0.1-0.0.2-1
Applying update job 18 of 24:
    Install autofs(:doc :lib :runtime)=4.1.4-5-0.1
    Update  bind(:lib) (9.3.4_P1-0.7-1[ipv6,~!pie,ssl] -> 9.4.3_P5-1.1-1)
    Update  bind-utils(:doc :runtime) (9.3.4_P1-0.7-1[ipv6,~!pie,ssl] -> 9.4.3_P5-1.1-1)
    Erase   device-mapper:doc=1.02.24-2-1
    Erase   device-mapper:runtime=1.02.24-2-1
    Update  lvm2:doc (2.02.34-1-1 -> 2.02.47-1-1)
Applying update job 19 of 24:
    Install device-mapper-multipath:lib=0.4.8-0.3-1
    Update  drbd(:doc :lib :runtime) (8.2.7-2-1[~!xen] -> 8.3.7-1-1)
    Install drbd:data=8.3.7-1-1
    Install drbdlinks(:doc :lib :runtime)=1.18-3-1
    Install libaio(:lib)=0.3.106-3-0.1
    Update  lvm2:lib (2.02.34-1-1 -> 2.02.47-1-1)
Applying update job 20 of 24:
    Erase   device-mapper(:lib)=1.02.24-2-1
    Update  device-mapper-multipath(:doc :runtime) (0.4.7-1.1-1 -> 0.4.8-0.3-1)
    Update  lvm2(:runtime) (2.02.34-1-1 -> 2.02.47-1-1)
    Install man:lib=1.6-5.1.1-1
    Erase   man:locale=1.6-5-0.1
    Update  nut(:data :doc :runtime) (2.2.0-5-1 -> 2.2.2-5-1)
    Install nut:lib=2.2.2-5-1
[initscript] Stopping clvm:[FAILED]

Applying update job 21 of 24:
    Install nagios-plugins(:runtime)=1.4.10-1.1-1
    Install nrpe(:doc :runtime)=2.12-4.1-1
    Install postgresql(:lib)=8.1.19-0.1-1
    Install udev:lib=116-4.2.6-1
    Install util-linux-ng:data=2.16-0.0.3-1
Applying update job 22 of 24:
    Update  man(:doc :runtime) (/conary.rpath.com@rpl:devel//1/1.6-5-0.1 -> /conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/1.6-5.1.1-1)
    Update  mkinitrd(:doc :runtime) (4.2.15-16.13.6-2 -> 4.2.15-16.13.9-1)
    Update  ntp(:runtime) (4.2.4p6-1.1-1 -> 4.2.4p7-0.1-1)
    Update  openfiler:runtime (r1584-3-1 -> r1653-1-1)
    Update  shadow:runtime (/conary.rpath.com@rpl:devel//1/4.0.7-14.3-1 -> /conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/4.0.7-14.3.1-1)
    Update  udev:runtime (/conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/069-5.4.1-1[~!selinux] -> /conary.rpath.com@rpl:devel//2-devel//openfiler.rpath.org@ofns:2/116-4.2.6-1)
    Install util-linux-ng-extras:runtime=2.16-0.0.3-1
    Install util-linux-ng:config=2.16-0.0.3-1
    Install util-linux-ng:runtime=2.16-0.0.3-1
    Erase   util-linux:runtime=2.12r-1.6-1
[openfiler] changing group /etc/shadow

[openfiler] Stopping openfiler: [  OK  ]

[openfiler] Starting openfiler: [  OK  ]

[openfiler] enabling / starting default services

[openfiler]

[openfiler] Shutting down Winbind services: [FAILED]

[openfiler] Starting Winbind services: [  OK  ]

[openfiler] Stopping portmapper: [  OK  ]

[openfiler] Starting portmapper: [  OK  ]

[openfiler] Stopping NFS statd: [  OK  ]

[openfiler] Starting NFS statd: [  OK  ]

[openfiler] Stopping atd: [  OK  ]

[openfiler] Starting atd: [  OK  ]

[openfiler] disabling nscd service

[openfiler] Stopping nscd: [FAILED]

Applying update job 23 of 24:
    Update  openfiler(:doc) (r1584-3-1 -> r1653-1-1)
    Update  shadow (/conary.rpath.com@rpl:devel//1/4.0.7-14.3-1 -> /conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/4.0.7-14.3.1-1)
    Install shadow:doc=4.0.7-14.3.1-1
    Install shadow:locale=4.0.7-14.3.1-1
    Update  udev(:data :doc) (/conary.rpath.com@rpl:devel//1//openfiler.rpath.org@ofns:2/069-5.4.1-1[~!selinux] -> /conary.rpath.com@rpl:devel//2-devel//openfiler.rpath.org@ofns:2/116-4.2.6-1)
    Erase   util-linux(:data)=2.12r-1.6-1
    Install util-linux-ng=2.16-0.0.3-1
    Install util-linux-ng-extras(:doc :supdoc)=2.16-0.0.3-1
Applying update job 24 of 24:
    Update  group-core (2.3-16-4[~!kernel.pae,~kernel.smp,~proftpd.auth_pam,~proftpd.ifsession,~proftpd.ipv6,~proftpd.rewrite,~proftpd.tls,sasl is: x86(~!sse2)] -> 2.3-36-3[~!kernel.pae,~kernel.smp,~proftpd.auth_pam,~proftpd.ifsession,~proftpd.ipv6,~proftpd.rewrite,~proftpd.tls,sasl is: x86(~!sse2)])
    Update  group-openfiler (2.3-16-4[~!kernel.pae,~kernel.smp,~proftpd.auth_pam,~proftpd.ifsession,~proftpd.ipv6,~proftpd.rewrite,~proftpd.tls,sasl is: x86(~!sse2)] -> 2.3-36-3[~!kernel.pae,~kernel.smp,~proftpd.auth_pam,~proftpd.ifsession,~proftpd.ipv6,~proftpd.rewrite,~proftpd.tls,sasl is: x86(~!sse2)])

Reboot the Openfiler appliance :

[root@storage01 ~]# shutdown -r now

2. You also can do update from Openfiler GUI as below :

Login to Openfiler GUI –> Select the System tab –> Click System Update –> Finally click Launch system update.
openfiler16

How to Fix “RSS feed’s not working” on WordPress Blog

Issue : RSS feed’s not working

I have a few wordpress blog that having problem on the RSS feed. RSS feed not working properly either using feedburner’s RSS or WordPress’s RSS. Because of this issue, auto feed log to twitter, twitterfeed.com : feed your blog to twitter does not working. I just noticed this week. actually it does not work after 4 September 2012.

rss2

Solution :

1. Check wp-rss2.php and wp-atom.php, wp-config.php, index.php or theme’s functions.php ile for blank lines outside of bracketed section. Either before <?php or after );

2. In my case, i had checked through all these files, and found that the issue was blank space at the in front of our index.php file. As soon as i removed that blank space, the RSS feed started functioning properly.

rss1

How to Setup and Configure Openfiler iSCSI Storage on VMware

This post describes on how to setup and configure hosted Openfiler iSCSI storage target on a VMware ESX/ESXi or VMware server 1.x or 2.x host using the freely available Openfiler appliance. However this configuration and setting not a suitable solution for a production environment as it does not include any iSCSI CHAP authentication or datastore multipathing. But it’s good for troubleshooting and learning. Openfiler is an Open Source Network Attached Storage and Storage Area Network Solution.

Pre-Requisites :

  • a. VMware ESX/ESXi/Server 2.0/Vmware workstations/VMware player as a host with a minimum of 5GB of free space on the local datastore.
  • b.Addional Space for extra logical volume on Openfiler iSCSI Storage (e.g dev/sdb)
  • c.Openfiler appliance source file. (e.g openfiler-2.3-x86_64.vmware.tar.gz) You may download at this URL :
    http://www.openfiler.com/community/download/
  • Disk /dev/sdb (30GB) has been added as below :
[root@storage01 ~]# fdisk -l

Disk /dev/sda: 2355 MB, 2355978240 bytes
16 heads, 63 sectors/track, 4565 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        4565     2300696   83  Linux

Disk /dev/sdb: 32.2 GB, 32212254720 bytes
255 heads, 63 sectors/track, 3916 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1        3917    31457279+  ee  EFI GPT

TCP/IP Configuration :

The procedure detailed below is based on the following configuration. Openfiler appliance assigned the hostname and TCP/IP configuration details:

HOSTNAME=storage01
IPADDR=192.168.1.56
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
nameserver 202.188.0.133
nameserver 202.188.1.5

Steps and Procedure on How to Setup and Configure Openfiler iSCSI Storage :

1. Extract the contents of the downloaded Openfiler tar.gz file (one .vmx file and two .vmdk files) into a directory, the name of which reflects the hostname you wish to use for the Openfiler appliance (example: storage01).

2. Login to ESXi/ESX/VMware Server/Vmware Workstation console, add extracted Openfiler tar.gz file to inventory.

3. Skipped this step on VMware Server 1.x, VMware Server 2.x and VMware Workstation. In ESXi/ESX server edit the Openfiler appliance settings and add a second disk of the size determined.(example: 30GB).

4. Modify the vCPU and Memory setting to meet your requirement.

5. Power on the Openfiler appliance. By default, the Openfiler appliance will attempt to obtain an IP address via DHCP, but best practice is to assign a static Ip address and this such configuration is typically done via the Openfiler web interface. On the Screen capture, hostname and static ip address has been assigned as below :

HOSTNAME=storage01
IPADDR=192.168.1.56

openfiler1

6. Logon to the console as root. By default, no root password is set so you will not be prompted. Set a root password by entering the command passwd, pressing Enter and following the prompts.

Note: A password must be set in order to permit a remote root login from a SSH client.

[root@dhcp01 ~]# passwd
Changing password for user root.
New UNIX password:

7. Browse to https:/DHCP_IP_Address:446, or to the IP address if not using DNS, and ignore the certificate warning. Logon to the Openfiler web interface with the default administrator. Username openfiler and default Password password.

Note: The default administrative port number is 446.

openfiler2

8. To Change to static IP, Select the System tab then scroll down to the “Network Interface Configuration” click “Configure“. On the Network Interface Configuration”, change default Boot Protocol, DHCP to Static for eth0. Then Enter the IP Address, Netmask and leave default for MTU.

openfiler3

9. To configure network range allowed, select the System tab and scroll down to the “Network Access Configuration” section. Define the allowed networks that accept connections from Openfiler appliance. You also can specify individual host IP addresses and ranges. Click Update after entering each set of details.

openfiler4

10. To add the the new logical disk select the Volumes tab and click the Block Devices link. Confirm the presence of disk /dev/sdb.

Please note that the isk /dev/sda is the disk that Openfiler is running on; /dev/sdb is the second disk that was added and that will be provisioned as iSCSI storage.

openfiler7

Click the /dev/sdb link and scroll down to the Create a partition in /dev/sdb section. By default, a partition will be created that fills the entire disk. Accept the defaults and click Create.

Openfiler8

11. To add volume Group,select the Volumes tab. Click the Volume Groups link and enter a Volume Group name “datagroup” (the name is not critical), select /dev/sdb1 (30GB) and click Add volume group.
openfiler9

12. To Create a volume in “datagroup“, select the Volumes tab. Click the Add Volume link. The only existing volume group of volumegroup (datagroup) will be selected by default. Scroll down to the Create a volume in “volumegroup” section. Enter a Volume Name of volume (the name is not critical), a Volume Description of vmware (the description is not critical), adjust the required Space slider up to the maximum, select a Filesystem/Volume type of iSCSI and click Create.
openfiler10

13. This steps is to enable iSCSI target and disable iSCSI initiator. Select the Services tab. Click the Enable link adjacent to iSCSI target server. Click the Disable link adjacent to iSCSI initiator.

openfiler11

14. To Add new iSCSI target, select the Volumes tab and click the iSCSI Targets link from the Volumes Section menu. Modify the auto-generated Target IQN to include the Openfiler name (iqn.2012.openfilerlab1.local in this example) and click Add.

openfile12

Then select the LUN Mapping sub-tab and click Map to map the previous defined volume as a LUN to the newly created iSCSI target (accepting all the defaults).

openfiler13

Finally, select the Network ACL sub-tab and change the Access from Deny to Allow. Click Update.

openfiler14

15. Congratulation!! Now the iSCSI target is accessible to any iSCSI requester on the permitted network/s or IP addresses.

How to Check or Test Reverse DNS on Linux and Windows

dnsReverse Domain Name System (DNS) lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address. It is part of the behavior of the DNS. Its main function is to translate the numeric addresses(IP addresses)of the websites to domain or host names, as opposed to the Forward DNS process. Reverse DNS is separate from forward DNS. Many internet mail servers use reverse DNS to confirm that the server trying to deliver mail to them is genuine, this can help to reduce amount of spam that comes in to their network. Follow the following steps to check or test reverse DNS on linux and Windows operating system.

1. To Check or Test Reverse DNS on Linux operating system :

host <IP Address>

Example :

[root@centos63 ~]# host 184.173.214.97
97.214.173.184.in-addr.arpa domain name pointer 184.173.214.97-static.reverse.softlayer.com.

2. To Check or Test Reverse DNS on Windows Operating system :

C:\>nslookup <IP Address>
C:\>nslookup 184.173.214.97
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    184.173.214.97-static.reverse.softlayer.com
Address:  184.173.214.97

How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[root@centos63 ~]# cd /usr/src/

2. Download mod_security :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[root@centos63 src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[root@centos63 modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[root@centos63 modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

How to Fix “-bash: man: command not found” on CentOS 6.3

centos6This quick post shows the step to install “man” command on Linux. In linux CentOS 6.2 and CentOS 6.3 operating system, “man” command has not been installed automatically. The Linux command “man” is used to display the manual page for other command and also will help you to explain the functions for the commands that commonly used. The term “man” is short for manual.

If you typed “man” command on the linux server that has not been installed with man command, you will get the following message :

[root@centos63 ~]# man tar
-bash: man: command not found

To install “man“, simply run this command :

[root@centos63 ~]# yum install man -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
base                                                                         | 3.7 kB     00:00
extras                                                                       | 3.0 kB     00:00
updates                                                                      | 3.5 kB     00:00
updates/primary_db                                                           | 2.3 MB     00:19
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package man.i686 0:1.6f-30.el6 will be installed
--> Processing Dependency: lzma for package: man-1.6f-30.el6.i686
--> Running transaction check
---> Package xz-lzma-compat.i686 0:4.999.9-0.3.beta.20091007git.el6 will be installed
--> Processing Dependency: xz = 4.999.9-0.3.beta.20091007git.el6 for package: xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.i686
--> Running transaction check
---> Package xz.i686 0:4.999.9-0.3.beta.20091007git.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                Arch         Version                                     Repository    Size
====================================================================================================
Installing:
 man                    i686         1.6f-30.el6                                 base         260 k
Installing for dependencies:
 xz                     i686         4.999.9-0.3.beta.20091007git.el6            base         137 k
 xz-lzma-compat         i686         4.999.9-0.3.beta.20091007git.el6            base          16 k

Transaction Summary
====================================================================================================
Install       3 Package(s)

Total download size: 413 k
Installed size: 864 k
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 413 k
(1/3): man-1.6f-30.el6.i686.rpm                                              | 260 kB     00:01
(2/3): xz-4.999.9-0.3.beta.20091007git.el6.i686.rpm                          | 137 kB     00:00
(3/3): xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.i686.rpm              |  16 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               138 kB/s | 413 kB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : xz-4.999.9-0.3.beta.20091007git.el6.i686                                         1/3
  Installing : xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.i686                             2/3
  Installing : man-1.6f-30.el6.i686                                                             3/3
  Verifying  : xz-4.999.9-0.3.beta.20091007git.el6.i686                                         1/3
  Verifying  : man-1.6f-30.el6.i686                                                             2/3
  Verifying  : xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.i686                             3/3

Installed:
  man.i686 0:1.6f-30.el6

Dependency Installed:
  xz.i686 0:4.999.9-0.3.beta.20091007git.el6 xz-lzma-compat.i686 0:4.999.9-0.3.beta.20091007git.el6

Complete!

Once man command has been installed successfully, you will be able to read the manual pages :

[root@centos63 ~]# man tar
TAR(1)                           User Commands                          TAR(1)

NAME
       tar - manual page for tar 1.23

SYNOPSIS
       tar [OPTION...] [FILE]...

DESCRIPTION
       GNU  âtarâ  saves  many  files together into a single tape or disk archive, and can
       restore individual files from the archive.

EXAMPLES
       tar -cf archive.tar foo bar
              # Create archive.tar from files foo and bar.

       tar -tvf archive.tar
              # List all files in archive.tar verbosely.

       tar -xf archive.tar
              # Extract all files from archive.tar.

..
..

How to Setup Central Log Server using Rsyslog on CentOS 6.2/CentOS 6.3

In this post i will share on how to setup Central log server using Rsyslog on linux CentOS 6.2 and it’s also working on CentOS6.3. This rsyslog central server will archive all logging messages(/var/log/messages) from it’s client. This logging messages might be helpful as these logs are very critical for system administrator for troubleshooting purpose.

/var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.

Assumed that the central log server and client ip address are as below :

Central rsyslog Server : 192.168.1.55(syslogserver)
Rsyslog client : 192.168.1.54(rsyslogclient)

Configure Central Rsyslog Server :

1. Login to Central Rsyslog Server. First we need to backup default rsyslog.conf configuration :

[root@rsyslogserver ~]# cp /etc/rsyslog.conf /etc/rsyslog.conf.bak

2. Modify rsyslog configuration files :

[root@rsyslogserver ~]# vi /etc/rsyslog.conf

3. Loads the modules we need :

#### MODULES ####

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
$ModLoad immark.so      # provides --MARK-- message capability

4. Listen on tcp and udp 514 :

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerAddress 0.0.0.0
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514

5. Sets the default templates :

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

6. Implement logging rules :

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

7. Add the followings line in the forwarding rule :

# ### begin forwarding rule ###
..
..
#
# This one is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/rsyslog/%fromhost-ip%/messages-%$YEAR%-%$MONTH%-%$DAY%.log"
#
# Log all messages to the dynamically formed file. Now each clients log (192.168.1.2, 192.168.1.3,etc...), will be under a separate directory which is formed by the template FILENAME.
*.* ?FILENAME
..
..
# ### end of the forwarding rule ###

8. Create rsyslog folder under /var/log :

[root@rsyslogserver ~]# mkdir /var/log/rsyslog

9. After adding the above lines to the rsyslog.conf, you need to restart the rsyslog process and it’s will ready to accept messages from configured client :

[root@rsyslogserver ~]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]

Configure Rsyslog Remote Client :

1. Login to individual client machines and set the following :

[root@rsyslogclient ~]# vim /etc/rsyslog.conf

2. Loads the modules we need :

#### MODULES ####

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
$ModLoad immark.so      # provides --MARK-- message capability

3. Enable “*.* @192.168.1.55:514” at the forwarding rule :

# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.*  @192.168.1.55:514
# ### end of the forwarding rule ###
#

4. Restart the rsyslog service on the client :

[root@rsyslogclient ~]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]

Verification :

Login and verify the log files from central rsyslog server, rsyslogserver :

[root@rsyslogserver ~]# ls /var/log/rsyslog/192.168.1.54/
messages-2012-09-16.log

Check the log :

[root@rsyslogserver ~]# tail -f /var/log/rsyslog/192.168.1.54/messages-2012-09-16.log
Sep 16 11:45:48 rsyslogclient ntpd[1359]: synchronized to 212.26.18.43, stratum 1
Sep 16 11:46:34 rsyslogclient clamd[1367]: SelfCheck: Database status OK.
Sep 16 11:53:47 rsyslogclient ntpd[1359]: time reset +2.330541 s
Sep 16 11:56:36 rsyslogclient clamd[1367]: SelfCheck: Database status OK.
Sep 16 11:58:32 rsyslogclient ntpd[1359]: synchronized to 212.26.18.43, stratum 1
Sep 16 12:01:01 rsyslogclient CROND[11208]: (root) CMD (run-parts /etc/cron.hourly)
Sep 16 12:01:01 rsyslogclient run-parts(/etc/cron.hourly)[1120 starting 00awstats
Sep 16 12:01:01 rsyslogclient run-parts(/etc/cron.hourly)[1121 finished 00awstats
Sep 16 12:01:01 rsyslogclient run-parts(/etc/cron.hourly)[1120 starting 0anacron
Sep 16 12:01:01 rsyslogclient run-parts(/etc/cron.hourly)[1122 finished 0anacron
Sep 16 12:06:36 rsyslogclient clamd[1367]: SelfCheck: Database status OK.

How to Configure System Accounting with auditd on Linux CentOS 6.3

command linuxThe audit service is provided for system auditing. Under its default configuration, auditd has modest disk space requirements, and should not noticeably impact system performance. The audit service, configured with at least its default rules, is strongly recommended for all sites, regardless of whether they are running SELinux. In this post, i will share with you the basic steps to install and configure auditd on Linux CentOS 6.3.

The auditing requirements include :

a. Ensure Auditing is Configured to Collect Certain System Events
– Information on the Use of Print Command (unsuccessful and successful)
– Startup and Shutdown Events (unsuccessful and successful)

b. Ensure the auditing software can record the following for each audit event:
– Date and time of the event
– Userid that initiated the event
– Type of event
– Success or failure of the event
– For I&A events, the origin of the request (e.g., terminal ID)
– For events that introduce an object into a user’s address space, and for object deletion events, the name of the object, and in MLS systems, the objects security level.

c. Ensure files are backed up no less than weekly onto a different system than the system being audited or backup media.

e. Ensure old logs are closed out and new audit logs are started daily

f. Ensure the configuration is immutable. With the -e 2 setting a reboot will be required to change any audit rules.

g. Ensure that the audit data files have permissions of 640, or more restrictive.

1. To install the auditd service :

[root@centos63 ~]# yum install audit -y

2. To ensure that the auditd service star at boot:

[root@centos63 ~]# chkconfig auditd on

By default, auditd logs only SELinux denials, which are helpful for debugging SELinux and discovering intrusion attempts, and certain types of security events, such as modifications to user accounts (useradd, passwd, etc), login events, and calls to sudo. Data is stored in /var/log/audit/audit.log.

3. Configure the auditd :

[root@centos63 ~]# vim /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#

log_file = /var/log/audit/audit.log
log_format = RAW
log_group = root
priority_boost = 4
flush = INCREMENTAL
freq = 20
num_logs = 5
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
max_log_file = 6
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
##tcp_listen_port =
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key

4. Stop and Start the auditd service :

[root@centos63 ~]# /etc/init.d/auditd stop
Stopping auditd:                                           [  OK  ]
[root@centos63 ~]# /etc/init.d/auditd start
Starting auditd:                                           [  OK  ]

Google Gets Serious about Chrome Security on Linux

google chromeGoogle was a bit slow in the beginning getting its Chrome browser ready for Linux. That’s now changing as Google is now set to take advantage of an advanced Linux kernel feature that could well make Chrome on Linux more secure than any other OS.

Chrome 23 dev-channel now takes advantage of the Seccomp-BPF feature that debuted in the recent Linux 3.5 kernel.

“Seccomp filtering provides a means for a process to specify a filter for incoming system calls,” kernel develop Will Drewry wrote in a mailing list message.

Google developer Julien Tinnes explainedthat,”with Seccomp-BPF, BPF programs can now be used to evaluate system call numbers and their parameters.”

In very basic terms, it means more control over the sandbox and less chance of escape for some kind arbitrary code execution.

Click here for full Story