Search This Blog

Monday, October 8, 2012

Free EL YUM Repositories

If you are using some flavor of Enterprise Linux, eventually will get tired of downloading rpm packages from Here BTW, this is a really great page when you don't have access to FTP services (damn telecom/security guys). And eventually, you will need to have repositories on your server to solve the dependencies. Here are some free repositories provided by Oracle for FREE, but of course, with NO SUPPORT.

OEL 4/RHEL 4, Update 6 or Newer
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el4.repo

 

OEL 5/RHEL 5
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

 

OEL 6/RHEL 6
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ol6.repo

 

Oracle VM 2
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ovm2.repo

 

After downloading the repo file, you should set the correct version of your Linux, enabling the "enabled" variable.


[root@openstack yum.repos.d]# cat /etc/yum.repos.d/public-yum-ol6.repo
[ol6_latest]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=1


And of course, the EPEL repositories. Surf looking for your correct version here EPEL Repository and install the rpm, like this one:


[root@openstack yum.repos.d]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.2 (Santiago)
[root@openstack ~]# rpm -Uvh http://fedora.mirror.nexicom.net/epel/6/x86_64/epel-release-6-7.noarch.rpm
Retrieving http://fedora.mirror.nexicom.net/epel//6/x86_64/epel-release-6-7.noarch.rpm
warning: /var/tmp/rpm-tmp.h0G5aN: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@openstack ~]# ll /etc/yum.repos.d/
total 8
-rw-r--r--. 1 root root  957 May  9 10:55 epel.repo
-rw-r--r--. 1 root root 1056 May  9 10:55 epel-testing.repo

Tuesday, April 24, 2012

SSH login without password

Suppose you want to use Linux and OpenSSH to automize your tasks or you just don't want to type the password every time you connect to a server.


You can solve this issue by doing this.

Scenario:
skyline wants to connect to veyron using ssh without a password.

By default, the ssh command has the order to check for authentication: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

[0] skyline ~ $ ssh alvaro@veyron -v OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to veyron[10.10.1.194] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /Users/alvaro/.ssh/identity type -1 debug1: identity file /Users/alvaro/.ssh/id_rsa type 1 debug1: identity file /Users/alvaro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Trying private key: /Users/alvaro/.ssh/identity debug1: Offering public key: /Users/alvaro/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /Users/alvaro/.ssh/id_dsa debug1: Next authentication method: password alvaro@veyron's password:

Checking the ssh server authorized_keys configuration:

root # grep -e Authorized -e Pubkey /etc/ssh/sshd_config | grep -v '#' PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

Generating public/private rsa key pair:

[0] skyline ~ $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/alvaro/.ssh/id_rsa): 
Created directory '/Users/alvaro/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/alvaro/.ssh/id_rsa.
Your public key has been saved in /Users/alvaro/.ssh/id_rsa.pub.
The key fingerprint is:
53:1d:8a:f8:93:a8:1e:e2:9d:db:f8:ca:3d:73:5a:60 alvaro@skyline
The key's randomart image is:
+--[ RSA 2048]----+
|            .    |
|       . . o .   |
|      . . o .    |
|       o o       |
|      E S        |
|     o . o       |
|  . o   .        |
| . = *o..        |
|  . O+==         |
+-----------------+
[0] skyline ~ $ ssh alvaro@veyron mkdir -p .ssh 
Password: 
[0] skyline ~ $ cat .ssh/id_rsa.pub | ssh alvaro@veyron 'cat >> .ssh/authorized_keys'
Password: 
[0] skyline ~ $ cat .ssh/config 
Host veyron
    User alvaro
    Hostname 10.10.1.194

Verbose connection:

[0] skyline ~ $ ssh alvaro@veyron -v OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /Users/alvaro/.ssh/identity type -1 debug1: identity file /Users/alvaro/.ssh/id_rsa type 1 debug1: identity file /Users/alvaro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Trying private key: /Users/alvaro/.ssh/identity debug1: Offering public key: /Users/alvaro/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Tue Apr 24 14:50:42 CDT 2012 from skyline.headup.ws on ssh alvaro@veyron ~ $

Clean ssh execution:

[0] skyline ~ $ ssh veyron Last login: Tue Apr 24 14:50:42 CDT 2012 from skyline.headup.ws on ssh alvaro@veyron ~ $

Tuesday, April 10, 2012

Headup Portage Tree

This portage tree is for apps that are not inside the official portage repository and some other packages with some hacks.
If you would like to contribute, report some bugs or send me suggestions, you can send me an email: alvaro[at]headup[dot]ws

Starting Points

How to configure Headup ebuilds

EBuilds

Saturday, April 7, 2012

[Solved] su: /bin/bash: Permission denied

New user created as:

groupadd mygroup useradd -s /bin/bash -g myuser -m -k /dev/null myuser

When trying to log in:

[root@vserver~]# su - myuser su: /bin/bash: Permission denied

Solution:

[root@vserver~]# chmod 755 /bin [root@vserver~]# su - myuser [myuser@vserver~]$

Thursday, April 5, 2012

Easy password generator command

 As a sysadmin, I need to generate lots of passwords and sometimes if you do so without a script the generated password becomes really easy to guess, and also is hard to build a safe password.

Because of this I use this script to generate pseudo-random passwords, is not an un-crackable method but solves the main problem.
You can put this code at the end of your .bashrc file, in order to make it like a system command, please do not remove the other lines in the file.

skyline ~ $ cd
skyline ~ $ vi .bashrc
##
##      By: Alvaro Soto - alvaro@headup.ws
##      http://headup.ws/node/18
##
##      genpasswd: Generate a pseudo random password
##                  using a given length (default = 20).
##

genpasswd() {
    local l=$1
        [ "$l" == "" ] && l=20
        tr -dc A-Z0-9_[%#?]a-z < /dev/urandom | head -c ${l} | xargs
}

##
##
##

skyline ~ $ . .bashrc
skyline ~ $ genpasswd 
vie8e4d5naTCH70XvDyT
skyline ~ $ genpasswd 10
ts0QtdPe_x
skyline ~ $ genpasswd 5
5nw5Q

Is a less secure option to pwgen but it doesn't need a compiler.

skyline ~ $ emerge pwgen -s Searching... [ Results for search key : pwgen ] [ Applications found : 1 ] * app-admin/pwgen Latest version available: 2.06-r1 Latest version installed: 2.06-r1 Size of files: 30 kB Homepage: http://sourceforge.net/projects/pwgen/ Description: Password Generator License: GPL-2
In action:

skyline ~ $ pwgen 20 --capitalize --symbols --numerals --secure 1 H2]}K/JGVs<523Xuv?"Y skyline ~ $ pwgen 10 --capitalize --symbols --numerals --secure 1 JZ7a*&|:RP skyline ~ $ pwgen 5 --capitalize --symbols --numerals --secure 1 `Aw8D

Sunday, March 4, 2012

Recursively delete .svn directories

Subversion is a software versioning and revision control system.
Every copy of source code received from the subversion repository has .svn folders, which store metadata.

This is a simple example of a Unix command, which recursively deletes subversion .svn folders, these folders are often not necessary if you want to distribute the source code.
You can put this code at the end of your .bashrc file, in order to make it like a system command, please do not remove the other lines in the file.

skyline ~ $ cd
skyline ~ $ vi .bashrc
##
##      By: Alvaro Soto - alvaro@headup.ws
##
##      csvn: Removes recursively all the .svn dirs 
##                  starting from a given path or from the cwd
##

csvn(){
    local dir=$1
        [ "$dir" == "" ] && dir=$(pwd)
        while true; do
            read -p "Do you wish to delete .svn dirs on [ $dir ]? " yn
            case $yn in
                [Yy]* ) find $dir -name .svn -print0 | xargs -0 rm -rf ; break;;
                [Nn]* ) break;;
                * ) echo "Please answer yes or no.";;
            esac
        done
}

##
##
##


Source and use

skyline ~ $ . .bashrc skyline ~ $ csvn Do you wish to delete .svn dirs on [ /Users/alvaro ]? n skyline ~ $

Thursday, December 22, 2011

Solving GCC Kernel error: ***mixed implicit and normal rules

I'm using an old kernel because is the last stable to use with the VServer patch.

evo src # ll
total 154344
lrwxrwxrwx  1 root root       15 Dec 22 20:07 linux -> linux-2.6.22.19
drwxrwxr-x 20 root root      840 Dec 22 20:07 linux-2.6.22.19
-rw-r--r--  1 root root 45108030 Nov 18  2009 linux-2.6.22.19.tar.bz2
-rw-r--r--  1 root root  1868800 Mar 17  2008 patch-2.6.22.19-vs2.2.0.7-grsec2.1.11-20080317.diff
evo linux # make
Makefile:1443: *** mixed implicit and normal rules.  Stop.
evo linux # make oldconfig
Makefile:1443: *** mixed implicit and normal rules.  Stop.
evo linux # vi Makefile 
.....
/ %/: prepare scripts FORCE
       $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
       $(build)=$(build-dir)
.....

Solution: here we have an implicit rule and an explicit rule in the same line, so we are going to split that rules.

# Modules #/ %/: prepare scripts FORCE # $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ # $(build)=$(build-dir) /: prepare scripts FORCE $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) %/: prepare scripts FORCE $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir)