User Tools

Site Tools


linux:centos

CEntOS

Sub-pages

LVM Management

Deactivate SELinux

Modify file /etc/selinux/config:

SELINUX=disabled

EPEL Repository

Add repository EPEL that is provided from Fedora project.

# rpm --import http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
# rpm -i http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm

or

 
# wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
# rpm --import RPM-GPG-KEY-EPEL-6
# rm -f RPM-GPG-KEY-EPEL-6

Create new entry in /etc/yum.repos.d/epel.repo

# create new
[epel]
name=EPEL RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/fedora/epel/6/$basearch/
gpgcheck=1
enabled=0

Services

ssmtp

Install ssmtp with:

# yum install ssmtp

Configure:

# vi /etc/ssmtp/ssmtp.conf
root=[e-mail address of the person who gets all mail for userids < 500] 
mailhub=a.b.c.d
Hostname=hostname.domainname
AuthUser=linux 
AuthPass=[password]

Now modify file /etc/mail.rc by adding at the bottom of the file:

alias root root<admin@remotemail.org>

And modify file /etc/aliases by changing line:

# Person who should get root's mail
# root:           marc

into:

# Person who should get root's mail
root:           <email.address@domain>  # email of the person who should receive root's mail.

vsftpd FTP

proftp

Install proftpd form EPEL repository:

# yum --enablerepo=epel -y install proftpd

Set proftpd as autostart daemon:

# chkconfig proftpd on

Configure proftpd by modifying /etc/proftpd.conf

ServerName "a.b.c.d"
ServerIdent on //"hostname"//
<Limit LOGIN>
  AllowUser [allowed username]
  DenyALL
</Limit>
<Anonymous /var/www/html>
   User [allowed username]
   Group apache
   AnonRequirePassword on
   MaxClients 5 "The server is full, hosting %m users"
   DisplayLogin welcome.msg
   <Limit LOGIN>
      Allow from all
      Deny from all
   </Limit>
   AllowOverwrite on
   <Limit LIST NLST  STOR STOU  APPE  RETR  RNFR RNTO  DELE  MKD XMKD SITE_MKDIR  RMD XRMD SITE_RMDIR  SITE  SITE_CHMOD  SITE_CHGRP  MTDM  PWD XPWD  SIZE  STAT  CWD XCWD  CDUP XCUP >
      AllowAll
   </Limit>
   <Limit NOTHING >
      DenyAll
   </Limit>
</Anonymous>

MySQL

Install MySQL

# yum install mysql-server mysql php-mysql

Set the MySQL service to start on boot

# chkconfig --levels 235 mysqld on

Start the MySQL service

# service mysqld start

Log into MySQL

# mysql -u root

Set the root user password for all local domains

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new-password');
SET PASSWORD FOR 'root'@'localhost.localdomain' = PASSWORD('new-password');
SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('new-password');
SET PASSWORD FOR 'root'@'hostname' = PASSWORD('new-password');
SET PASSWORD FOR 'root'@'hostname.domainname' = PASSWORD('new-password');
 

Drop the Any user

DROP USER ''@'localhost';
DROP USER ''@'localhost.localdomain';

Exit MySQL

exit;

Create backup plan

Create script /usr/local/sbin/mysqlbackup.sh:

#!/bin/sh
 
datum=`/bin/date +%Y%m%d-%H%M`
 
/usr/bin/mysqldump --user=root --password=[passwd] dms > /var/www/html/backup/dms-${datum}.sql
/usr/bin/mysqldump --user=root --password=[passwd] glpi > /var/www/html/backup/glpi-${datum}.sql
/usr/bin/mysqldump --user=root --password=[passwd] mysql > /var/www/html/backup/mysql-${datum}.sql
/usr/bin/mysqldump --user=root --password=[passwd] test > /var/www/html/backup/test-${datum}.sql
/usr/bin/mysqldump --user=root --password=[passwd] --lock-all-tables information_schema >  /var/www/html/backup/information_schema-${datum}.sql
 
for file in "$( /usr/bin/find /var/www/html/backup/ -type f -mtime +5 )"
  do
    /bin/rm -f $file
  done
 
exit 0

Setup crontab for root:

# crontab -e

and setup schedule to run the script every Monday to Friday at 23:00:

0 23 * * 1-5 /usr/local/sbin/mysqlbackup.sh > /dev/null

NFS

:!: Each time you change /etc/exports, you must inform the NFS daemon of the change, or reload the configuration file with the following command:

# /sbin/service nfs reload
  • On client you need to install:
# yum install nfs-utils portmap
  • Then run:
# /etc/init.d/rpcbind start
# /etc/init.d/nfs start
# chkconfig nfs on

Samba

Disk Quota

Other Info

IF statement

Tools

  • ldd - display libraries use by binary
  • lsof - ldd like for PID: lsof -P -T -p Application_PID

Python

#!/usr/bin/python
 
# import modules used here -- sys is a very standard one import sys
 
# Gather our code in a main() function
def main():
   print 'Hello there', sys.argv[1]
   # Command line args are in sys.argv[1], sys.argv[2] ..
   # sys.argv[0] is the script name itself and can be ignored
 
# Standard boilerplate to call the main() function to begin
# the program.
if __name__ == '__main__':
   main()

Cron

Cron's tasks are defined in /etc/crontab file.

  • crontab -e - edit crontab
  • crontab -l - show crontab
  *   *   *   *   *        command to be executed 
  -   -   -   -   -
  |   |   |   |   |
  |   |   |   |   +----- day of week (0 - 6) (Sunday=0)
  |   |   |   +--------- month (1 - 12)
  |   |   +------------- day of month (1 - 31)
  |   +----------------- hour (0 - 23)
  +--------------------- min (0 - 59)

Bash

User with no shell

New user accounts

Add a new user called tony with no shell access:

# useradd -s /sbin/nologin tony

Debain / Ubuntu Linux user modify above command as follows:

# useradd -s /usr/sbin/nologin tony

Modify user accounts

Block shell access for user vivek (vivek user account must exits):

# usermod -s /sbin/nologin vivek

Debain Linux user modify above command as follows:

# usermod -s /usr/sbin/nologin vivek

Troubleshooting

Graphical X11 or Multiuser Mode on Boot

Enable IP forwarding

dig does not resolve

Check:

  • /etc/hosts - entries exist.
  • /etc/resolv.conf - DNS servers correctly defined.
  • /etc/nsswitch.conf - “files” BEFORE “dns” for the “hosts:” line.
  • /etc/host.conf - “hosts” before “bind” for the “order” line.
  • /lib/libnss_files.so.1 & /lib/libnss_files.so.2 do exist.

runlevels

Default run level is defined in /etc/inittab file.

Send mail from telnet

telnet <servername> 25
Trying 10.32.5.111…
Connected to <server>
Escape character is '^]'.
220 <server> ESMTP Exim 4.76 Fri, 14 Sep 2012 14:44:16 +0930
helo <some text>
250 <server> Hello ……..
mail from: <email_address>
250 OK
rcpt to: <email_address>
250 Accepted
data
354 Enter message, ending with “.” on a line by itself
<some text>
.
250 OK id=1TCOFB-0000Pl-AP

Increase size of physical partition

In order to resize physical partition without formatting it:

# umount /path/to/mounted/partition
# fdisk /dev/disk

Command (m for help): p
Command (m for help): d
Command (m for help): n
Command action: p
Partition number (1-4): 1
Command (m for help): w

# fdisk -l /dev/disk
# e2fsck -f /dev/partition
# resize2fs /dev/partition
# mount /path/to/mounted/partition

# df -h

TCP wrappers

Allow access:

/etc/hosts.allow
 
ALL : localhost
sshd: 192.168.0.22
proftpd: 192.168.0.22

Deny access:

/etc/hosts.deny
 
sshd: 192.168.0.1
vsftpd: .example.com 

The most secure approach will be:

first block everything from everyone:

/etc/hosts.deny
 
ALL : ALL

then allow only for who it should be accessible:

/etc/hosts.allow
 
ALL : localhost
sshd: 192.168.0.22
proftpd: 192.168.0.22

Patterns

  • Hostname beginning with a period (.) — Placing a period at the beginning of a hostname, matches all hosts sharing the listed components of the name. The following example applies to any host within the example.com domain:
ALL : .example.com
  • IP address ending with a period (.) — Placing a period at the end of an IP address matches all hosts sharing the initial numeric groups of an IP address. The following example applies to any host within the 192.168.x.x network:
ALL : 192.168.
  • IP address/netmask pair — Netmask expressions can also be used as a pattern to control access to a particular group of IP addresses. The following example applies to any host with an address of 192.168.0.0 through 192.168.1.255:
ALL : 192.168.0.0/255.255.254.0
  • [IPv6 address]/prefixlen pair — [net]/prefixlen pairs can also be used as a pattern to control access to a particular group of IPv6 addresses. The following example would apply to any host with an address of 3ffe:505:2:1:: through 3ffe:505:2:1:ffff:ffff:ffff:ffff:
ALL : [3ffe:505:2:1::]/64
  • The asterisk (*) — Asterisks can be used to match entire groups of hostnames or IP addresses, as long as they are not mixed in a client list containing other types of patterns. The following example would apply to any host within the example.com domain:
ALL : *.example.com
  • The slash (/) — If a client list begins with a slash, it is treated as a file name. This is useful if rules specifying large numbers of hosts are necessary. The following example refers TCP wrappers to the /etc/telnet.hosts file for all Telnet connections:
in.telnetd : /etc/telnet.hosts

Tips and Tricks

apache

  • Too many connections? Maybe try to bump up MaxClients limit?
/etc/httpd/conf/httpd.conf
<IfModule prefork.c>
  StartServers       15
  MinSpareServers    15
  MaxSpareServers   75
  ServerLimit      2048
  MaxClients       2048
  MaxRequestsPerChild  10000
</IfModule>

/var/www/html/backup/mysql-${datum}.sql

/usr/bin/mysqldump --user=root --password=[passwd] test 

ext4 no journal

  • Create ext4 fs on /dev/sdc1 disk
# mkfs.ext4 /dev/sdc1

or disable at creation time:

# mkfs.ext4 -O ^has_journal /dev/sdc1
  • Enable writeback mode. This mode will typically provide the best ext4 performance.
# tune2fs -o journal_data_writeback /dev/sdc1
  • Delete has_journal option
# tune2fs -O ^has_journal /dev/sdc1
  • Required fsck
# e2fsck -f /dev/sdc1
  • Check fs options
# dumpe2fs /dev/sdc1 |more
  • For more performance add fstab opions: data=writeback,noatime,nodiratime i.e:
/dev/sdc1 /opt ext4 defaults,data=writeback,noatime,nodiratime 0 0

compare packages between servers

  • Create input files:
  server 1: # rpm -qa > file1
  server 2: # rpm -qa > file2
  • Display differences:
for p in $(cat file1) ; do grep $p file2 >/dev/null || echo $p ; done
linux/centos.txt · Last modified: 2014/06/28 02:49 (external edit)