Crete Partitions larger than 2TB

Crete Partitions larger than 2TB

Create a partition on Linux using parted and labelling it with gpt

1.dmesage |grep sd

2.parted /dev/sdb
3.(parted) mklabel gpt
4.(parted) unit TB
5.(parted) mkpart primary 0.00 4.95TB
6.(parted) print
7.(parted) quit
8.mkfs.ext4 /dev/sdb1

9.vi /etc/fstab (add)
   /dev/sdb1 /local ext4 defaults 1 2

 

Add New Volume

1. Added physical disks

2. Created RAID 1 Volume
3. umount /local/
5. # vgdisplay
6. dmesg | grep sd

      sd 0:0:0:2: [sdb] 1172058032 512-byte logical blocks: (600 GB/558 GiB)

7. # pvcreate /dev/sdb
8. # pvdisplay – check if it has been created
 
"/dev/sdb" is a new physical volume of "558.88 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sdb
  VG Name
  PV Size               558.88 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               SX1ekz-o4Aj-5yXO-QbIF-AdPw-L3Iq-kewNFQ

9. find out the existing name for the existing volume group: 

# vg_local

# vgdisplay

 10. vgcreate vg_local600 /dev/sdb

 

11. check if group has been created:

#  vgdisplay | grep 600
12. lvcreate -L 550G -n lv0_local600 vg_local600

 

13. Find the File system type:

# cat /etc/fstab | grep ext = ext4

 14. Create file system

mkfs.ext4 /dev/vg_local600/lv0_local600

15. # mount new file system

mount /dev/vg_local600/lv0_local600 /local

How to Install and configure Apache on Red Hat/Centos 6.x

How to Install and configure Apache on Red Hat/Centos 6.x

Apache is the most used web server on the Internet. It is reliable, fast, easy to set up, relatively secure and the Apache Foundation is on top of patches.

I thought you might want to see how easy and nice it is to work with it, so I decided to write a post.

I’ll show you how to get it installed, configured and set up a Name Based Virtual Host.

Packages Dependencies

·         httpd.x86_64

·         apr.x86_64                                   

·         apr-util.x86_64                                                      

·         apr-util-ldap.x86_64

·         httpd-tools.x86_64                      

·         mailcap.noarch

Install all packages

[root@centos63 dhcp]# yum install httpd.x86_64 apr.x86_64 apr-util.x86_64 apr-util-ldap.x86_64 httpd-tools.x86_64 mailcap.noarch –y

Once all the packages above have been installed, we can start configuring Apache.

Apache Configuration File

Apache main configuration files, reside on /etc/httpd/conf.

On Red Hat based distributions, Apache is named ‘httpd’, and its configuration files are located on /etc/httpd, its logs are stored on /var/log/httpd and the actual content or the root directory is located on /var/www/html.

Let’s explore it

[root@centos63 dhcp]# cd /etc/httpd/conf

[root@centos63 conf]# ls -l

-rw-r--r-- 1 root root 34418 Dec  5 08:59 httpd.conf

[root@centos63 conf]# vi httpd.conf

 

Note: Apache config file is very extensive; it has directives for many things. I’ll show you how to get it up and running quickly. I’ll show you more complex things on other posts i.e. mod proxy and mod rewrite which are quite useful, I think.

 

Directives to set

Email

ServerAdmin root@localhost

Change it to your email address, for example:

ServerAdmin linux-up@ntlworld.com

Server Name

#ServerName www.example.com:80

Uncomment the line above and change it to your Server’s name. For example:

ServerName www.renpippa.co.uk

That is how easy it is to get it up and running.

Setting up a virtual host

If you have multiple websites being hosted on the same server and the server only has a single public IP address, virtual hosts will help you immensely. This is also called ‘Named-Based Virtual Hosts’

 

[root@centos63]# cd /etc

[root@centos63 etc]# vi /etc/hosts
192.168.1.34  centos63 centos63.adlinux.int www.centos63.co.uk www.renpippa.co.uk

[root@centos63]# mkdir /var/www/www.centos63.co.uk

[root@centos63]# touch /var/www/www.centos63.co.uk/index.html

[root@centos63]# echo “Welcome to WWW.CENTOS63.CO.UK”
> /var/www/www.centos63.co.uk/index.html

Note: Replace the names above with your Virtual Hosts Names, the name of the domains you with to host.

[root@centos63 conf]# vi /etc/httpd/conf/httpd.conf

Add the lines below to the bottom of the httpd.conf file, save and quit.

# Virtual Hosts Configuration

NameVirtualHost *:80

<VirtualHost *:80>

    ServerAdmin webmaster@www.centos63.co.uk
    DocumentRoot /var/www/www.centos63.co.uk
    ServerName www.centos63.co.uk
    ErrorLog logs/www.centos63.co.uk-error_log
    CustomLog logs/www.centos63.co.uk-access_log common
</VirtualHost>

Restart Apache

[root@centos63]# service httpd restart

Open your browser and test teh configuration. If you are using a different PC, you need to add the Domain name to your DNS, or edit your hosts file. If your PC is Linux, all you need is to edit /etc/hosts. If your PC is Windows based, you need to edit c:\windows\system32\drivers\etc\hosts.

 

I hope you enjoy it.

 

By Renato de Oliveira

How to Setup a DHCP Server on Red Hat/Centos 6.x

How to Setup a DHCP Server on Red Hat/Centos 6.x

DHCP stands for (Host Configuration Protocol). It is used to assign IP addresses automatically at boot time to network clients.

There are basically two ways of assigning IPs to Hosts or devices on any given network; manually or by using an automated method (DHCP Server).

This is my opinion based on past experience.

I think if your network is relatively small, between 10-50 hosts/devices, I would recommend using static IPs instead of a DHCP server. There are pros and cons in doing so.

For example if you need resiliency for your network you will need to start to think about redundancy for your DHCP server. There are options, but things start to become unnecessary complex. I know some sys admins; they use DHCP for everything, including servers. I just think it is not a good idea.

Package requirement

      ·         dhcp.x86_64
      ·         dhcp-common.x86_64

Installing packages

[root@centos63 ~]# yum install dhcp.x86_64 dhcp-common.x86_64 –y

Start-up DHCP service at boot time

[root@centos63 ~]# chkconfig --level 2345 dhcpd on
 
Use the sample configuration to start with

[root@centos63 ~]# vi /etc/dhcp/dhcpd.conf

Note: Copy and paste the lines below:

# Sample DHCP generated by Renato de Oliveira

# http://ukaying.blogspot.co.uk
# option definitions (Domain Name)
option domain-name "adlinux.int";

# Lease time and expiration

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).
log-facility local7;

# DHCP netwok and mask decalaration

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.160;
  option routers 192.168.1.1;
  option domain-name-servers "192.168.1.22";
  option domain-name "adlinux.int";
}

# Fixed IP addresses can also be specified for hosts.  

host linadws01 {
  hardware ethernet 00:0c:29:eb:dc:90;
  fixed-address 192.168.1.160;
}

Note: Make sure you change this file to suit your needs. For example, remember to change Domain Name, IP Addresses, and Name Servers etc.

Start the DHCP Server Service

[root@centos63 ~]# service dhcpd start

Note: If the service fails to start, check /var/log/messages, it will give you a very good idea on what is wrong. Most the time it is syntax or typos.

Testing

On another Linux Server, change the file /etc/sysconfig/network-scripts/ifcfg-eth0 to use DHCP, see below:

[root@centos63 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0”

BOOTPROTO=dhcp
ONBOOT=yes

Reboot the Client

 

Watch the logs on the server

[root@centos63 ~]# tail –f /var/log/messages

You should see an output similar to the one below:

Apr 14 17:26:44 centos63 dhcpd: DHCPDISCOVER from 00:0c:29:eb:dc:90 via eth0

Apr 14 17:26:44 centos63 dhcpd: DHCPOFFER on 192.168.1.160 to 00:0c:29:eb:dc:90 via eth0
Apr 14 17:26:44 centos63 dhcpd: Dynamic and static leases present for 192.168.1.160.
Apr 14 17:26:44 centos63 dhcpd: Remove host declaration linadws01 or remove 192.168.1.160
Apr 14 17:26:44 centos63 dhcpd: from the dynamic address pool for 192.168.1.0/24
Apr 14 17:26:44 centos63 dhcpd: DHCPREQUEST for 192.168.1.160 (192.168.1.34) from 00:0c:29:eb:dc:90 via eth0
Apr 14 17:26:44 centos63 dhcpd: DHCPACK on 192.168.1.160 to 00:0c:29:eb:dc:90 via eth0

Still on the client, check:

 1.    Its IP address

[root@centos63 ~]# ifconfig

2.    Check its default gateway

[root@centos63 ~]# route –n

3.  Check the /etc/resolv.conf

[root@centos63 ~]#cat /etc/resolv.conf
; generated by /sbin/dhcpclient-script
search adlinux.int
nameserver 192.168.1.22

If you can confirm the results above, then you have successfully setup a DHCP server for your network. If you have problems, just keep an eye on /var/log/messages.

Hope you enjoyed this post.

By Renato de Oliveira  

How to set up an NFS server (Red Hat/Centos 6.x)

How to Install NFS Server on Red Hat/Centos 6.x

NFS stands for (Network File System) it is a mechanism used by UNIX like hosts to share files across networks. There are two versions mostly used NVFv3 and NFSv4 – there are many differences between both. I am not going to cover them.

NFS used to be dependent on a service called portmap and used port 111, which was a bit flaky. NFS is much more reliable and faster than it used to be; we can run it over TCP and across firewalls. I am not going to demonstrate it on this post.

I am not going to go over discussions about security, and how to lock down your NFS server, or open iptables ports. I assume your iptables will be off. Security is a very complex and deep subject. My intention is only to give you the knowledge to set up an NFS quickly and start using it.

Perhaps I’ll write another post on how to secure your NFS server.

Packages requirement

·         nfs

·         nfslock

·         rpcbind

The following RPC processes facilitate NFS services:

·         rpc.mountd

·         rpc.nfsd

·         lockd

·         rpc.statd

·         rpc.rquotad

·         rpc.idmapd

Installing Packages

·         nfs-utils.x86_64

·         nfs-utils-lib.x86_64

·         rpcbind.x86_64

[root@centos63 ~]# yum install nfs-utils.x86_64 nfs-utils-lib.x86_64 rpcbind.x86_64 –y

Services to start at boot time

You need to make sure some important services are running.

 

[root@centos63 ~]# chkconfig --level 2345 rpcbind on

[root@centos63 ~]# chkconfig --level 2345 nfs on

[root@centos63 ~]# service rpcbind start

[root@centos63 ~]# service nfs start

 

Setting up the NFS export

[root@centos63 ~]# mkdir /nfs

[root@centos63 ~]# vi /etc/exports   

 

Add the line below, save and quite the file

/nfs    *(rw)

 

Note: The line about means - export /nfs folder to any client with read and write permissions.

I advise locking it down a bit and export it to your subnet, or single IPs.

[root@centos63 ~]# exportfs –a

[root@centos63 ~]# exportfs

/nfs            <world>

Note: The above command will export your folder configuration.

 

Let’s test it?!

[root@centos63 ~]# mount -t nfs localhost:nfs /media/

[root@centos63 ~]# df -h

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/VolGroup-lv_root

                       47G  1.2G   44G   3% /

tmpfs                 499M     0  499M   0% /dev/shm

/dev/sda1             485M   73M  387M  16% /boot

localhost:nfs          47G  1.2G   44G   3% /media

It works; see the line in red above. This tells us that the file system /nfs is mounted on /media from host ‘localhost’, which is just the same server.

I hope you enjoy this post.

I will at some point write about more complex scenarios, but I would like to give you the initial knowledge, so you can get up and running quickly.

 

By Renato de Oliveira

How to secure your Linux server (part 1)

How to secure a Linux Server (Part 1)

 

There are many people and companies which don’t believe in security. I wish 'security' was just a myth, but I am afraid there are many people out there with the intent of cause disruption and take advantage of it. I heard and read many times on the news, stories about data being stollen, compromised servers being used to attack other systems, back dorrs, trojans, keyloggers, crackers, hackers, bored teenagers, industrial espionage, even country sabotage.

There are many unscrupulous people in the world, and with the easiness of the Internet, anyone from anywhere can easily connect to any system around the globe and just cause havoc.

I wish I could spend my time just improving the system and making it more reliable, user friendly, more robust but we have to keep an eye on the bad guys.

At least if you can’t stop them, make it harder, so they have to spend more time trying to get into your system.

I am going to show you few things I do, to harden you Linux servers and give you some space for breathing.

Tips

1.    Only install the software you need onto your Linux server

2.    Disable unnecessary processes and services

3.    Change SSH default port from 22 to something like 2297

4.    Configure iptables and only allow IN the services you MUST

a.    If you only need Apache, just allow in port 80

5.    Make use of TCPwrapers

                a.  /etc/hosts.allow

                b.  /etc/hosts.deny

6.    Disable Apache signature

7.    Do not allow root login via SSH

8.    Create an user with an unusual name to be your admin

9.    Create a list of allowed users and set it on /etc/ssh/sshd_config

10.  Setup sudo and always use it

11.  Don’t log in directly as root to manage the server

12.  Create a banner /etc/issue

                a.    Add a security disclaimer

                b.    Make sure you specify that the server is not public

13.  Install and configure tripwire – IDS (Intrusion Detection System)

14.  Configure /tmp as a loopback mounted file

15.  Mount /tmp with the following options on /etc/fstab

                a. tmpdir /tmp ext4 loop,noexec,nosuid,rw 0 0

16.  Send logs to a remote syslog server

17.  Keep your Linux server patched and up-to-date

18.  Use different passwords for root and for your admin user

19.  Use different passwords for different servers and services

20.  Change your Password regularly (every 3 months)

21.  Set ssh login attempts to:

             a. MaxAuthTries 5

22.  Install and configure Fail2Ban to automatically block too many password failures

23.  Set grub boot password

Note: Be careful if you reboot your Server remotely

24.  Always create separate file systems or partitions

25.  Mount your application file system as follows on /etc/fstab

      a.  nosuid,nodev,noexec 1 2

26.  Disable SUID and SGID for binaries

27.  Install a log analyser

 

If you follow these tips, your server will become much harder to crack.

There are many more things you can do, to improve your security, keep your eyes open and be alert, always check your logs. Make sure you rotate your logs and save them to a remote location.
 
I will in the next post show you how to set these things up and which files you need to modify.
 
I hope this will be useful to you.

 

By Renato de Oliveira

 

 

 

 

Red Hat commands and tips (Part1)

Red Hat commands and tips (Part1)

There are many commands on Linux and many different ways of doing things.
There are some commands which are important to know and ways of piping them to give you a best result.

I am going to cover some commands which I find interesting and how to best use them.

I would like to point out that some of these commands you will be able to use in any distro, but some are Red Hat/Centos/Fedore specific.

Check which services are enables on runlevel 3
[root@centos63 ~]# chkconfig --list | grep 3:on
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
Check services on runlevel 3, output process name and runlevel 3
[root@centos63 ~]# chkconfig --list | grep 3:on | awk '{print $1,$5}'
auditd 3:on
crond 3:on
ip6tables 3:on
iptables 3:on
lvm2-monitor 3:on
Disable service (smb - samba) from runlevel 3
[root@centos63 ~]# chkconfig --level 3 smb off

Enable service to start on runlevel 3
[root@centos63 ~]# chkconfig --level 3 smb on

Start, Stop and re-start services
[Start]
[root@centos63 ~]# service smb start
Starting SMB services:                                     [  OK  ]
[Stop]
[root@centos63 ~]# service smb stop
Shutting down SMB services:                                [  OK  ]
[Re-start]
[root@centos63 ~]# service smb restart
Shutting down SMB services:                                [  OK  ]
Starting SMB services:                                     [  OK  ]
Find the IP addresses of your Linux server (only IPs)
[root@centos63 ~]#ifconfig | grep "inet addr" | awk '{print $2}' | cut -d : -f 2
192.168.1.34
127.0.0.1
How to bring eth0 interface down
[root@centos63 ~]# ifdown eth0
Note: Be careful if you are logged via SSH, it will drop the connection.

How to bring eth0 interface up
[root@centos63 ~]# ifup eth0

How to set a default Gateway
[root@centos63 ~]# route add default gw 192.168.1.1

How to delete a default gateway
[root@centos63 ~]# route del default gw 192.168.1.1
How to add a static route to netwotk 192.168.3.0/24
[root@centos63~]# route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.1

Check File System usage (human readable)
[root@centos63 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
                       47G  1.1G   44G   3% /
tmpfs                 499M     0  499M   0% /dev/shm
/dev/sda1             485M   52M  408M  12% /boot

Check free memory
[root@centos63 ~]# free -m
             total       used       free     shared    buffers     cached
Mem:           996        121        875          0          7         44
-/+ buffers/cache:         69        927
Swap:         2015          0       2015
Check all running processes
[root@centos63 ~]# ps -eaf
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 20:40 ?        00:00:01 /sbin/init
root         2     0  0 20:40 ?        00:00:00 [kthreadd]
root         3     2  0 20:40 ?        00:00:00 [migration/0]
root         4     2  0 20:40 ?        00:00:00 [ksoftirqd/0]
root      1207  1054  0 21:53 ?        00:00:00 sshd: root@pts/0
root      1209  1207  0 21:54 pts/0    00:00:00 -bash
root      1288     1  0 22:09 ?        00:00:00 smbd -D
root      1290  1288  0 22:10 ?        00:00:00 smbd -D
root      1373  1163  0 22:20 tty1     00:00:00 -bash
postfix   1447  1131  0 22:20 ?        00:00:00 pickup -l -t fifo -u
Check if specific process is running
[root@centos63 ~]# ps -eaf | grep smb
root      1288     1  0 22:09 ?        00:00:00 smbd -D
root      1290  1288  0 22:10 ?        00:00:00 smbd -D
root      1461  1209  0 22:31 pts/0    00:00:00 grep smb
Check all open TCP ports on your Server
[root@centos63 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0     52 192.168.1.34:22             192.168.1.33:55348          ESTABLISHED
tcp        0      0 :::139                      :::*                        LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::445                      :::*                        LISTEN
There are many very useful commands, these a just some of the commands and combinations I use.
If you found this useful, let me know and I will write some more useful commands to share with you.

Hope you have enjoyed.

by Renato de Oliveira