Thursday, February 9, 2017

A R C H I E V E

Mail

HowTo Secure Postfix and Sendmail Server
Sendmail - Sandwich Mode How TO

Monitoring

How To Monitor Remote Linux Host using Nagios
How To Install and Configure Sar in Linux
MySQL Monitoring through Nagios
How To Install and Configure Cacti
How To Monitor Network Switch and Ports Using Nagios

Security

Securing your system with Snort
How to Secure your Linux Server : grub password in Linux
Packet Analyzer in Linux : tcpdump
How to use IPTABLES
Linux iptables: Port Redirection
How to: Linux Iptables block common attacks
How to Log Linux IPTables Firewall Dropped Packets to a Log File
Linux Firewall : IPTables, Chains, Rules Fundamentals
How To Secure FTP Server
PAM Tutorial
Using Pluggable Authentication Modules
HowTO Secure NFS Server
HowTo Secure SSH
Linux Server Hardening Security Tips

Java

Install and configure jdk from the tar file in Linux
How to Install and Configure JDK on Linux

Database

How to Install Oracle 11 g on Linux
How to Install / Configure PostgreSQL
MySQL Tutorial for Beginners
How To Reset MySQL root Password
MySQL Master-Slave Configuration

Cluster

Cluster Tutorial
How To Configuring the cluster resources needed for an NFS service
Device Mapper Multupath configuration and Administration
How To Configure iSCSI initiator with multipathing
How To Setup an ISCSI target using tgtadmin
How To Install and Manage ISCSI volume
Configure RedHat Cluster with GFS2 on RedHat Enterprise Linux 6 on VMware ESXi
RedHat Cluster Configuration.....
Adding / Removing Node in RedHat Cluster
Set Up A Load-Balanced MySQL Cluster
Clustering --- HA Cluster using Heartbeat and DRBD

Network

How to Mount a Remote Folder using SSH
Modes of Bonding : Network Bonding
How To Configure DHCP server in Linux
How To Setup caching DNS SERVER - PART I
How To setup Caching DNS SERVER - PART II
How To Add LUN to a SAN File System
Bonding
Configuring Linux Box as a Gateway

Virtualization

Linux HowTO: VMWare vs Xen
XEN Server Status Monitoring Command
Virtualization FAQ
How TO Install KVM and Create Virtual Machines on Ubuntu

Configuration Management

Configure PXE Server in Linux --For Installing OS Remotely--
Kickstart Installation and Configuration
Centralized Management with Puppet
Puppet Master Configuration 

Logical Volume Management

LVM - Logical Volume Manager
Moving volume group to another Server in Linux
How To Configure RAID 1 on a LVM System

Tips & Tricks / Technical Queries

MySQL Interview Questions & Answers
LINUX / UNIX TIPS & TRICKS
Unix Linux Interview Questions and Answers
DNS Server Interview Questions & Answers
Sendmail Server Interview Questions & Answers
NFS Server Interview Questions & Answers
Ldap Server Interview Questions & Answers
Apache Server Interview Questions & Answer

Others

How to mount Box.com Cloud Storage in Linux
Password Less Login to Servers
Linux Basic Commands 
How to access Windows Share from Linux and Vice versa
Backups over ssh and secure local backup tips and tricks
Some Dangerous Commands You Should Never Run on Linux
How To Identify Who is Logged-In on Your Server
How to find the users login history
How To repair file system after unclean shutdown
How To configure Multiple IP Addresses on single interface
VSFTP ---- Configuration on SUSE
How To enable log rotate in Linux Server
How to put .htpasswd protection for a Apache Server
How to Configure DNS Server with chroot
How to configure a Local yum Server
Important Use of lsof Command
How To verify the Server Configuration in Linux
How To take Backup using rsync
Basic Commands in Linux / Linux for Beginners
Important Linux Commands
HowTo Encrypt And Decrypt Files With A Password
How To Install RPM packages on Ubuntu
How To Find out LINUX CPU Utilization
How to Change the Timezone in Linux
How To Configure RAID 5 in Linux
How to trace what’s being done by user’s on your Linux Server
What is a Zombie Process on Linux
How To Enable Root Login in FTP Server
How to restrict users to SFTP only instead of SSH
FTP vs. SFTP
How To Rebuild Corrupted RPM database
How To Install, Configure and Use KDUMP
How To Configure Multiple Websites on a Single Server
How to Change Default Boot Loader in Centos 6
Accessing the Windows Partition from CentOS 6
How to Install and Setup Xen on Centos
LDAP VS NIS
Linux Advanced File Permissions - SUID,SGID and Sticky Bit
How To Setup Default umask & How to calculate permissions from umask
How To Install Apache CouchDB on CentOS 6
How To enable EPEL repository on CentOS
How To Generate SSL Key for Apache Web Server
Shutdown Process in Linux
Linux Directory Structure Explained
Using NFS over TCP
How to Extract, View, Modify and Recreate initrd.img
How To upgrade RHEL from 6.2 to 6.3
How To Mount or Bind the contents in two places under Linux operating systems
The Ultimate Guide to Create Users in Linux / Unix with Examples
HowTo Install Linux from USB flash drive
HowTO create a Bootable ISO out of your Production Server
HowTO configure the Exim server in Linux
HowTo tune the kernel parameters in linux
HowTo Copy Files Using SSH Without Providing Login Prompts
How to Turn Your Ubuntu Laptop into a Wireless Access Point
HowTo Change Boot Priority from Linux to Windows in dual boot
Configure Squid Server in Linux
How TO:Install Apache Tomcat on Linux
HowTo Understand Linux CPU Load - When you should be worried ?
HowTo: Repair a Corrupted partition Superblock
HowTo Patch Running Linux Kernel
HowTO: Compile Linux Kernel
How to integrate Squid Proxy Server with Active Directory
How To Configure Squid Proxy with Dansguardian
HowTo Configure NIS Server / Slave and Client on Centos
HowTo Read vmstat / iostat and netstat output
Linux File Systems: Ext2 vs Ext3 vs Ext4
How to create a Daemon in Linux
Troubleshooting Linux Filesystem Issues
Linux: Journaling Filesystems -- Difference Between Ext2 and Ext3 Filesystem
Proxy Server
Different RAID levels for Linux / UNIX / Configure RAID Level 5
Linux and UNIX HOW-TO: Setup a basic OpenLDAP Client and Server
DELETED FILES RECOVERY
DNS Tutorial
How To install and test SAMBA
NFS --Network File System-- Tutorial
Boot Process of Linux
Advance SNMP HOWTO
Trace Hardware information of your System..lshw will do the magic for us
Create Swap How To
Posted by at 16 comments
Links to this post

Wednesday, February 8, 2017

Puppet Master Configuration





Puppet Master Configuration

Step 1 : Install Puppet repository
rpm –ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
[root@node1 ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
Retrieving http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
Preparing...                ########################################### [100%]
        package puppetlabs-release-6-11.noarch is already installed
[root@node1 ~]#

Step 2 : Configure hostname

[root@node1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=node1.jayesh.com
[root@node1 ~]#

Step 3 : Configure name of Master and Minion (agent) in hosts file
[root@node1 ~]# cat /etc/hosts
127.0.0.1      node1.example.com                localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.74.128 node1.jayesh.com
192.168.74.129 node2.jayesh.com
[root@node1 ~]#

Step 4 : Try to ping  master from agent and vice-versa.
[root@node1 ~]# ping node2.jayesh.com
PING node2.jayesh.com (192.168.74.129) 56(84) bytes of data.
64 bytes from node2.jayesh.com (192.168.74.129): icmp_seq=1 ttl=64 time=18.9 ms
64 bytes from node2.jayesh.com (192.168.74.129): icmp_seq=2 ttl=64 time=0.618 ms
64 bytes from node2.jayesh.com (192.168.74.129): icmp_seq=3 ttl=64 time=0.430 ms
64 bytes from node2.jayesh.com (192.168.74.129): icmp_seq=4 ttl=64 time=0.396 ms
64 bytes from node2.jayesh.com (192.168.74.129): icmp_seq=5 ttl=64 time=0.500 ms

[root@node2 ~]# ping node1.jayesh.com
PING node1.jayesh.com (192.168.74.128) 56(84) bytes of data.
64 bytes from node1.jayesh.com (192.168.74.128): icmp_seq=1 ttl=64 time=14.0 ms
64 bytes from node1.jayesh.com (192.168.74.128): icmp_seq=2 ttl=64 time=0.419 ms
64 bytes from node1.jayesh.com (192.168.74.128): icmp_seq=3 ttl=64 time=0.467 ms
64 bytes from node1.jayesh.com (192.168.74.128): icmp_seq=4 ttl=64 time=0.653 ms
64 bytes from node1.jayesh.com (192.168.74.128): icmp_seq=5 ttl=64 time=0.629 ms


Step 5 :  yum install puppet puppet-server facter –y





Step 6 :  Firewall configuration
Puppet master TCP port is 8140. Accpets requests from agent on this port


[root@node1 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] 
-A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT

Add the line marked in yellow
Restart  IPTABLES
/etc/init.d/iptables restart

Step 7 : Updating Master Configuration
 Vi /etc/puppet/puppet.conf
Add  the following line in main section
certname=node1.jayesh.com

For eg :
[root@node1 ~]# cat /etc/puppet/puppet.conf
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    certname = node1.example.com
[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
   
Step 8:  /etc/init.d/puppetmaster start
As soon you start the puppet master CA certificate will generate
[root@node1 ~]# ls -l /var/lib/puppet/ssl/
total 28
drwxr-xr-x 5 puppet puppet 4096 Nov 14 04:16 ca
drwxr-xr-x 2 puppet puppet 4096 Nov 21 00:10 certificate_requests
drwxr-xr-x 2 puppet puppet 4096 Nov 21 00:10 certs
-rw-r--r-- 1 puppet puppet  967 Nov 14 04:16 crl.pem
drwxr-x--- 2 puppet puppet 4096 Nov 14 04:16 private
drwxr-x--- 2 puppet puppet 4096 Nov 21 00:10 private_keys
drwxr-xr-x 2 puppet puppet 4096 Nov 21 00:10 public_keys
[root@node1 ~]#



Agent Configuration :    

Step 1 : Install Puppet repository
rpm –ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
[root@node2 ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
Retrieving http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
Preparing...                ########################################### [100%]
        package puppetlabs-release-6-11.noarch is already installed

Step 2 : Configure hostname

[root@node2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=node2.jayesh.com

Step 3 : Configure name of Master and Minion (agent) in hosts file
[root@node1 ~]# cat /etc/hosts
127.0.0.1      node1.example.com                localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.74.128 node1.jayesh.com
192.168.74.129 node2.jayesh.com

Step 4 :  yum install puppet facter –y

Step 5 :  Updating Agent configuration
Add  entry in vi /etc/puppet/puppet.com
    server = node1.jayesh.com

For eg :
[root@node2 ~]# cat /etc/puppet/puppet.conf
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    server = node1.jayesh.com
[agent]

Step 7 :  /etc/init.d/puppet start



Now  We  NEED to sign the certificate for the  authenticating purpose

Now  Agent request for the certification :

[root@node2 ~]# puppet agent --test --server=node1.jayesh.com --waitforcert 100
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node2.jayesh.com
Info: Applying configuration version '1486239174'
Notice: Finished catalog run in 1.77 seconds
[root@node2 ~]#

On Master
[root@node1 ~]# puppet cert list
[root@node1 ~]# puppet cert sign node2.jayesh.com


Now Simple configuration in Puppet to start and install httpd

Step 1 :   cd /etc/puppet/manifests/
Step 2 :  vi site.pp

Step 3 : [root@node1 manifests]# cat site.pp
package{ 'httpd' :
  ensure => present,
}
service { 'httpd' :
 ensure => running ,
 enable => true,
}

Step 4: Now on Agent

root@node2 ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node2.jayesh.com
Info: Applying configuration version '1486245474'
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[httpd]: Unscheduling refresh on Service[httpd]
Notice: Finished catalog run in 3.90 seconds
[root@node2 ~]# service httpd status
httpd (pid  4266) is running...


Now to stop the httpd :

[root@node1 manifests]# cat site.pp
package{ 'httpd' :
  ensure => present,
}
service { 'httpd' :
 ensure => stopped ,
 enable => true,
}

[root@node2 ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node2.jayesh.com
Info: Applying configuration version '1486246263'
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'running' to 'stopped'
Notice: Finished catalog run in 3.43 seconds
[root@node2 ~]# service httpd status
httpd is stopped

By : Jayesh Pal









Posted by at 2 comments
Links to this post

Thursday, July 30, 2015

How to mount Box.com Cloud Storage in Linux



Mount Box.com storage account via davfs2


You can use davfs2 (WebDAV Linux File System) which enables you to access a remote WebDAV share via traditional file system interfaces.

To install davfs2 on CentOS, RHEL

$ sudo yum install davfs2 

Next, create a local mount point.
$ mkdir /tmp/box

The WebDAV share exported by Box.com does not support file locks. Thus you need to disable file locks in the davfs2 configuration file located at /etc/davfs2/davfs2.conf. Otherwise, you will encounter "Input/output error" while attempting to create a file.

$ sudo vi /etc/davfs2/davfs2.conf 
use_locks    
   0

Mount Box as a non-root user on CentOS, RHEL
Add yourself to a Linux group called "davfs2"
Simply run the following command.
$ sudo usermod -a -G davfs2 linuxhowto

Once you have followed the above distro-specific instruction, add the following to /etc/fstab. The "user" option allows you to mount Box as an unprivileged non-root user. Replace "/tmp/box " with your own mount point.
https://dav.box.com/dav /tmp/box davfs rw,user,noauto 0 0
 
Now you can go ahead and mount your Box.com account by running mount command as a regular user. When asked for username and password, enter your Box.com account username/password.
$ mount /tmp/box 
Please enter the username to authenticate with server
https://dav.box.com/dav or hit enter for none.
  Username: my_email@address.com
Please enter the password to authenticate user my_email@address.com with server
https://dav.box.com/dav or hit enter for none.
  Password:  
 
If you do not want to type in username/password every time you mount, put your Box.com login credential information in the following file.
$ chmod 600 ~/.davfs2/secrets
$ vi ~/.davfs2/secrets 
https://dav.box.com/dav my_email@address.com my_box_com_password
 
To verify that mount was successful, run these:
$ mount
https://dav.box.com/dav on /tmp/box type davfs (rw,nosuid,noexec,nodev,_netdev)

# df -h
https://dav.box.com/dav
                      910T   12K  910T   1% /tmp/box

#ls -l /tmp/box
total 0
drwxr-xr-x.  2 root root 0 Apr  2 05:36 (Private) Pankaj Pal
To umount Box.com account:

#umount /tmp/box
/sbin/umount.davfs: waiting while mount.davfs (pid 27778) synchronizes the cache .. OK
Posted by at 3 comments
Links to this post
Subscribe to: Posts (Atom)