Search This Blog

Showing posts with label howto. Show all posts
Showing posts with label howto. Show all posts

Tuesday, May 21, 2019

How to Boot into Single User Mode in CentOS/RHEL 7

DISCLAIMER: This is not my post is only a copy, in case the original gets deleted or whatever, posting on my personal blog gets easier for me to find it. You can find the original one at this link https://vpsie.com/knowledge-base/boot-single-user-mode-centos-rhel-vpsie/

The first thing to do is to open Terminal and log in to your CentOS 7 server.

After, restarting your server wait for the GRUB boot menu to show.

The next step is to select your Kernel version and press

e

key to edit the first boot option. Find the kernel line (starts with “linux16“), then change the

ro

to

rw init=/sysroot/bin/sh .

When you have finished, press

Ctrl-X

or

F10

to boot into single-user mode

After mounting the root filesystem using the following command:

chroot /sysroot/

Now, to finish this process reboot your server using the following command:

reboot -f

Monday, October 8, 2012

Free EL YUM Repositories

If you are using some flavor of Enterprise Linux, eventually will get tired of downloading rpm packages from Here BTW, this is a really great page when you don't have access to FTP services (damn telecom/security guys). And eventually, you will need to have repositories on your server to solve the dependencies. Here are some free repositories provided by Oracle for FREE, but of course, with NO SUPPORT.

OEL 4/RHEL 4, Update 6 or Newer
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el4.repo

 

OEL 5/RHEL 5
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

 

OEL 6/RHEL 6
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ol6.repo

 

Oracle VM 2
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ovm2.repo

 

After downloading the repo file, you should set the correct version of your Linux, enabling the "enabled" variable.


[root@openstack yum.repos.d]# cat /etc/yum.repos.d/public-yum-ol6.repo
[ol6_latest]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=1


And of course, the EPEL repositories. Surf looking for your correct version here EPEL Repository and install the rpm, like this one:


[root@openstack yum.repos.d]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.2 (Santiago)
[root@openstack ~]# rpm -Uvh http://fedora.mirror.nexicom.net/epel/6/x86_64/epel-release-6-7.noarch.rpm
Retrieving http://fedora.mirror.nexicom.net/epel//6/x86_64/epel-release-6-7.noarch.rpm
warning: /var/tmp/rpm-tmp.h0G5aN: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@openstack ~]# ll /etc/yum.repos.d/
total 8
-rw-r--r--. 1 root root  957 May  9 10:55 epel.repo
-rw-r--r--. 1 root root 1056 May  9 10:55 epel-testing.repo

Tuesday, April 24, 2012

SSH login without password

Suppose you want to use Linux and OpenSSH to automize your tasks or you just don't want to type the password every time you connect to a server.


You can solve this issue by doing this.

Scenario:
skyline wants to connect to veyron using ssh without a password.

By default, the ssh command has the order to check for authentication: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

[0] skyline ~ $ ssh alvaro@veyron -v OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to veyron[10.10.1.194] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /Users/alvaro/.ssh/identity type -1 debug1: identity file /Users/alvaro/.ssh/id_rsa type 1 debug1: identity file /Users/alvaro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Trying private key: /Users/alvaro/.ssh/identity debug1: Offering public key: /Users/alvaro/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /Users/alvaro/.ssh/id_dsa debug1: Next authentication method: password alvaro@veyron's password:

Checking the ssh server authorized_keys configuration:

root # grep -e Authorized -e Pubkey /etc/ssh/sshd_config | grep -v '#' PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

Generating public/private rsa key pair:

[0] skyline ~ $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/alvaro/.ssh/id_rsa): 
Created directory '/Users/alvaro/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/alvaro/.ssh/id_rsa.
Your public key has been saved in /Users/alvaro/.ssh/id_rsa.pub.
The key fingerprint is:
53:1d:8a:f8:93:a8:1e:e2:9d:db:f8:ca:3d:73:5a:60 alvaro@skyline
The key's randomart image is:
+--[ RSA 2048]----+
|            .    |
|       . . o .   |
|      . . o .    |
|       o o       |
|      E S        |
|     o . o       |
|  . o   .        |
| . = *o..        |
|  . O+==         |
+-----------------+
[0] skyline ~ $ ssh alvaro@veyron mkdir -p .ssh 
Password: 
[0] skyline ~ $ cat .ssh/id_rsa.pub | ssh alvaro@veyron 'cat >> .ssh/authorized_keys'
Password: 
[0] skyline ~ $ cat .ssh/config 
Host veyron
    User alvaro
    Hostname 10.10.1.194

Verbose connection:

[0] skyline ~ $ ssh alvaro@veyron -v OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /Users/alvaro/.ssh/identity type -1 debug1: identity file /Users/alvaro/.ssh/id_rsa type 1 debug1: identity file /Users/alvaro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Trying private key: /Users/alvaro/.ssh/identity debug1: Offering public key: /Users/alvaro/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Tue Apr 24 14:50:42 CDT 2012 from skyline.headup.ws on ssh alvaro@veyron ~ $

Clean ssh execution:

[0] skyline ~ $ ssh veyron Last login: Tue Apr 24 14:50:42 CDT 2012 from skyline.headup.ws on ssh alvaro@veyron ~ $

Thursday, April 5, 2012

Easy password generator command

 As a sysadmin, I need to generate lots of passwords and sometimes if you do so without a script the generated password becomes really easy to guess, and also is hard to build a safe password.

Because of this I use this script to generate pseudo-random passwords, is not an un-crackable method but solves the main problem.
You can put this code at the end of your .bashrc file, in order to make it like a system command, please do not remove the other lines in the file.

skyline ~ $ cd
skyline ~ $ vi .bashrc
##
##      By: Alvaro Soto - alvaro@headup.ws
##      http://headup.ws/node/18
##
##      genpasswd: Generate a pseudo random password
##                  using a given length (default = 20).
##

genpasswd() {
    local l=$1
        [ "$l" == "" ] && l=20
        tr -dc A-Z0-9_[%#?]a-z < /dev/urandom | head -c ${l} | xargs
}

##
##
##

skyline ~ $ . .bashrc
skyline ~ $ genpasswd 
vie8e4d5naTCH70XvDyT
skyline ~ $ genpasswd 10
ts0QtdPe_x
skyline ~ $ genpasswd 5
5nw5Q

Is a less secure option to pwgen but it doesn't need a compiler.

skyline ~ $ emerge pwgen -s Searching... [ Results for search key : pwgen ] [ Applications found : 1 ] * app-admin/pwgen Latest version available: 2.06-r1 Latest version installed: 2.06-r1 Size of files: 30 kB Homepage: http://sourceforge.net/projects/pwgen/ Description: Password Generator License: GPL-2
In action:

skyline ~ $ pwgen 20 --capitalize --symbols --numerals --secure 1 H2]}K/JGVs<523Xuv?"Y skyline ~ $ pwgen 10 --capitalize --symbols --numerals --secure 1 JZ7a*&|:RP skyline ~ $ pwgen 5 --capitalize --symbols --numerals --secure 1 `Aw8D

Sunday, November 6, 2011

Timezone configuration guide for Mexico

This guide is to learn how to set correctly the timezone in a Gentoo Linux and Mexico/General timezone.

First copy or link the proper zone to localtime:

pluton ~ # ln -sf /usr/share/zoneinfo/Mexico/General /etc/localtime pluton ~ # ls -l /etc/localtime lrwxrwxrwx 1 root root 23 Jun 6 18:13 /etc/localtime -> /usr/share/zoneinfo/GMT

Now specify your timezone:

pluton ~ # cat /etc/conf.d/hwclock TIMEZONE="Mexico/General" clock="UTC" clock_systohc="YES" clock_hctosys="YES" clock_args=""

Restart the service:

pluton ~ # /etc/init.d/hwclock restart * WARNING: you are stopping a boot service * Caching service dependencies ... [ ok ] * Setting hardware clock using the system clock [UTC] ... [ ok ] * Setting system clock using the hardware clock [UTC] ...

And that's it:

pluton ~ # date Mon Jun 6 18:24:57 GMT 2011

Thursday, October 6, 2011

Install IcePHP using Ice-3.4.1

First, you need to install the Ice libs.

zeus ~ # emerge Ice -av These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/Ice-3.4.1 USE="ncurses python -debug -doc -examples -mono -ruby -test" RUBY_TARGETS="ruby18" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB Would you like to merge these packages? [Yes/No]

And then copy the compressed file to a safe and different place, then go there and expand the file.

zeus ~ # cp /usr/portage/distfiles/Ice-3.4.1.tar.gz /root/ zeus ~ # cd /root/ zeus ~ # tar -xzvf Ice-3.4.1.tar.gz Ice-3.4.1/ Ice-3.4.1/CHANGES Ice-3.4.1/ICE_LICENSE Ice-3.4.1/LICENSE Ice-3.4.1/Makefile Ice-3.4.1/Makefile.mak Ice-3.4.1/README Ice-3.4.1/RELEASE_NOTES Ice-3.4.1/allTests.py Ice-3.4.1/certs/ Ice-3.4.1/certs/ImportKey.class Ice-3.4.1/certs/ImportKey.java Ice-3.4.1/certs/c_dsa1024_priv.pem Ice-3.4.1/certs/c_dsa1024_pub.pem Ice-3.4.1/certs/c_rsa1024.pfx Ice-3.4.1/certs/c_rsa1024_priv.pem Ice-3.4.1/certs/c_rsa1024_pub.pem Ice-3.4.1/certs/cacert.pem Ice-3.4.1/certs/cakey.pem Ice-3.4.1/certs/certs.jks Ice-3.4.1/certs/client.jks Ice-3.4.1/certs/dsaparam1024.pem ...

To compile the IcePHP library we need to go to the php directory.

zeus ~ # cd Ice-3.4.1/php/

In order to set the path of php libraries, we need to set it in the Make.rules.php file, but first, we must know where the libraries are.

zeus php ~ # locate php.h
/usr/lib/php5/include/php/main/php.h
/usr/share/doc/freetds-0.64/userguide/php.htm
zeus php ~ # vi config/Make.rules.php
PHP_HOME                ?= /usr/lib/php5

We have all configured, so we just need to compile the library.

zeus php ~ # make making all in src make[1]: Entering directory `/root/Ice-3.4.1/php/src' making all in IcePHP make[2]: Entering directory `/root/Ice-3.4.1/php/src/IcePHP' c++ -c -I. -I/usr/include -I/usr/lib/php5/include/php -I/usr/lib/php5/include/php/main -I/usr/lib/php5/include/php/Zend -I/usr/lib/php5/include/php/TSRM -Wall -D_REENTRANT -fPIC -g Communicator.cpp c++ -c -I. -I/usr/include -I/usr/lib/php5/include/php -I/usr/lib/php5/include/php/main -I/usr/lib/php5/include/php/Zend -I/usr/lib/php5/include/php/TSRM -Wall -D_REENTRANT -fPIC -g Connection.cpp Connection.cpp: In function 'bool IcePHP::connectionInit()': Connection.cpp:376: warning: deprecated conversion from string constant to 'char*' Connection.cpp:378: warning: deprecated conversion from string constant to 'char*' Connection.cpp:378: warning: deprecated conversion from string constant to 'char*' Connection.cpp:391: warning: deprecated conversion from string constant to 'char*' Connection.cpp:391: warning: deprecated conversion from string constant to 'char*' Connection.cpp:393: warning: deprecated conversion from string constant to 'char*' Connection.cpp:395: warning: deprecated conversion from string constant to 'char*' Connection.cpp:395: warning: deprecated conversion from string constant to 'char*' Connection.cpp:397: warning: deprecated conversion from string constant to 'char*' Connection.cpp:421: warning: deprecated conversion from string constant to 'char*' Connection.cpp:421: warning: deprecated conversion from string constant to 'char*' Connection.cpp:423: warning: deprecated conversion from string constant to 'char*' c++ -c -I. -I/usr/include -I/usr/lib/php5/include/php -I/usr/lib/php5/include/php/main -I/usr/lib/php5/include/php/Zend -I/usr/lib/php5/include/php/TSRM -Wall -D_REENTRANT -fPIC -g Endpoint.cpp Endpoint.cpp: In function 'bool IcePHP::endpointInit()': Endpoint.cpp:288: warning: deprecated conversion from string constant to 'char*' ...

if you got an error message like this.

zeus php ~ # make making all in src make[1]: Entering directory `/root/Ice-3.4.1/php/src' making all in IcePHP make[2]: Entering directory `/root/Ice-3.4.1/php/src/IcePHP' make[2]: *** No rule to make target `../../../cpp/include/Ice/CommunicatorF.h', needed by `Communicator.o'. Stop. make[2]: Leaving directory `/root/Ice-3.4.1/php/src/IcePHP' make[1]: *** [all] Error 1 make[1]: Leaving directory `/root/Ice-3.4.1/php/src' make: *** [all] Error 1

Is just because your ICE_HOME environment variable is missing, you can set this variable in the global profile or just for this build.

zeus php # export ICE_HOME=/usr/ && make

And our Dynamically Linked "Shared Object" library it will be in the lib directory.

zeus php ~ # ll lib/IcePHP.so -rwxr-xr-x 1 root root 3171151 Nov 1 23:11 lib/IcePHP.so

Now you need to copy this library in some directory and append this directory in the extensions section of the php.ini file.

zeus php ~ # cp lib/IcePHP.so /etc/php/apache2-php5/ext zeus php ~ # vi /etc/php/apache2-php5/php.ini extension_dir = /etc/php/apache2-php5/ext extension = IcePHP.so

Also in the lib directory, we will find all the PHP-ICE library files that our web apps need.

zeus php ~ # ll lib/ total 3152 drwxr-xr-x 2 root root 256 Nov 2 05:11 Glacier2 -rw-r--r-- 1 500 500 425 Jun 3 16:48 Glacier2.php drwxr-xr-x 2 root root 1152 Nov 2 05:11 Ice -rw-r--r-- 1 500 500 4279 Jun 3 16:48 Ice.php drwxr-xr-x 2 root root 80 Nov 2 05:11 IceBox -rw-r--r-- 1 500 500 379 Jun 3 16:48 IceBox.php drwxr-xr-x 2 root root 376 Nov 2 05:11 IceGrid -rw-r--r-- 1 500 500 612 Jun 3 16:48 IceGrid.php -rwxr-xr-x 1 root root 3171151 Nov 2 05:11 IcePHP.so drwxr-xr-x 2 root root 112 Nov 2 05:11 IcePatch2 -rw-r--r-- 1 500 500 386 Jun 3 16:48 IcePatch2.php drwxr-xr-x 2 root root 80 Nov 2 05:11 IceStorm -rw-r--r-- 1 500 500 383 Jun 3 16:48 IceStorm.php -rw-r--r-- 1 500 500 5293 Jun 3 16:48 Ice_ns.php -rw-r--r-- 1 500 500 5344 Jun 3 16:48 Makefile -rw-r--r-- 1 500 500 3488 Jun 3 16:48 Makefile.make

Now we need to copy these libraries in the PHP shared folder and append the new path of Ice libraries

zeus php ~ # cp -rfv lib/ /usr/share/php/Ice-3.4.1 `Ice-3.4.1/php/lib/' -> `/usr/share/php/Ice-3.4.1' `Ice-3.4.1/php/lib/Ice' -> `/usr/share/php/Ice-3.4.1/Ice' `Ice-3.4.1/php/lib/Ice/Current.php' -> `/usr/share/php/Ice-3.4.1/Ice/Current.php' `Ice-3.4.1/php/lib/Ice/FacetMap.php' -> `/usr/share/php/Ice-3.4.1/Ice/FacetMap.php' `Ice-3.4.1/php/lib/Ice/LoggerF.php' -> `/usr/share/php/Ice-3.4.1/Ice/LoggerF.php' `Ice-3.4.1/php/lib/Ice/ConnectionF.php' -> `/usr/share/php/Ice-3.4.1/Ice/ConnectionF.php' `Ice-3.4.1/php/lib/Ice/ObjectFactory.php' -> `/usr/share/php/Ice-3.4.1/Ice/ObjectFactory.php' `Ice-3.4.1/php/lib/Ice/RouterF.php' -> `/usr/share/php/Ice-3.4.1/Ice/RouterF.php' `Ice-3.4.1/php/lib/Ice/PropertiesF.php' -> `/usr/share/php/Ice-3.4.1/Ice/PropertiesF.php' `Ice-3.4.1/php/lib/Ice/Plugin.php' -> `/usr/share/php/Ice-3.4.1/Ice/Plugin.php' `Ice-3.4.1/php/lib/Ice/Endpoint.php' -> `/usr/share/php/Ice-3.4.1/Ice/Endpoint.php' `Ice-3.4.1/php/lib/Ice/Router.php' -> `/usr/share/php/Ice-3.4.1/Ice/Router.php' `Ice-3.4.1/php/lib/Ice/LocalException.php' -> `/usr/share/php/Ice-3.4.1/Ice/LocalException.php' `Ice-3.4.1/php/lib/Ice/Stats.php' -> `/usr/share/php/Ice-3.4.1/Ice/Stats.php' `Ice-3.4.1/php/lib/Ice/Locator.php' -> `/usr/share/php/Ice-3.4.1/Ice/Locator.php' `Ice-3.4.1/php/lib/Ice/Logger.php' -> `/usr/share/php/Ice-3.4.1/Ice/Logger.php' ...

zeus php ~ # vi /etc/php/apache2-php5/php.ini include_path = ".:/usr/share/php5:/usr/share/php:/usr/share/php/Ice-3.4.1"

Finally, do not forget to restart the apache web server.

zeus php ~ # /etc/init.d/apache2 restart * Stopping apache2 ... [ ok ] * Starting apache2 ... [ ok ]

If you got an error like this:

PHP Deprecated: Comments starting with '#' are deprecated in /etc/php/apache2-php5.4/php.ini on line 693 in Unknown on line 0 PHP Warning: PHP Startup: ice: Unable to initialize module\nModule compiled with module API=20090626\nPHP compiled with module API=20100525\nThese options need to match\n in Unknown on line 0

You should read the Gentoo Upgrading PHP guide.

Setup MX records with tinydns or djbdns and gmail

 Just modify the data file to look like this one.

evo ~ # vi /bla/bla/bla/tinydns-IPX/root/data
...
...
...
# myowndomain.com's MX Servers
@myowndomain.com::aspmx.l.google.com.:10:86400
@myowndomain.com::alt1.aspmx.l.google.com.:20:86400
@myowndomain.com::alt2.aspmx.l.google.com.:20:86400
@myowndomain.com::aspmx2.googlemail.com.:30:86400
@myowndomain.com::aspmx3.googlemail.com.:30:86400
@myowndomain.com::aspmx4.googlemail.com.:30:86400
@myowndomain.com::aspmx5.googlemail.com.:30:86400
...
...
...

Monday, September 12, 2011

Hiding .svn directories from web queries

 web-server / # cat /etc/apache2/vhosts.d/00_default_vhost.conf

...

<VirtualHost *:80>
...


        ###### You can...
	##
	# 	Deny access to .svn folders on Apache...
	#
	RedirectMatch 404 /\\.svn(/.*|$)

        ###### or ...
	##
	# 	Restrict access to .svn folders on Apache... 
	#
	<DirectoryMatch .*\.svn/.*>
		Order allow,deny
    		Deny From All
	</DirectoryMatch>

...

</VirtualHost>
...

Tuesday, September 6, 2011

Install grub in a HP Proliant Server

 Edit the file /boot/grub/device.map to look like this

(fd0) /dev/fd0 (hd0) /dev/cciss/c0d0

Run grub like this:

hercules ~ # /sbin/grub --batch --device-map=/boot/grub/device.map --config-file=/boot/grub/grub.conf --no-floppy

grub shell:

grub> root (hd0,0) grub> setup (hd0) grub> quit