tag:blogger.com,1999:blog-59482840287450231902024-03-14T04:39:37.631-07:00Nelson's CornerUnix Admin / Father / Auto Detailer / CarpenterNelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.comBlogger43125tag:blogger.com,1999:blog-5948284028745023190.post-32119498294167704122018-12-28T23:05:00.003-08:002018-12-28T23:05:46.451-08:00ntpd not booting up on systemd<div dir="ltr" style="text-align: left;" trbidi="on">
If ntpd is not booting up after reboot, then disable chronyd.<br />
<br />
# systemctl disable chronyd<br />
<br />
Then reboot your machine to verify</div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-28026609034693161392016-10-17T20:40:00.003-07:002016-10-17T20:40:43.093-07:00Hang when mounting nfs shareYou have already configured the share in NFS server but when you mount it on the nfs client, the command just hang. To resolve use -o nolock
<pre class="brush:bash">
# mount -t nfs -o nolock 192.168.1.1:/home /home
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-25100516783796590352016-10-11T19:56:00.000-07:002016-10-11T20:36:17.349-07:00Install asterisk on CentOS 6How to install asterisk on CentOS 6. In this tutorial, the version of CentOS 6 is
<pre class="brush:bash">
# cat /etc/redhat-release
CentOS release 6.4 (Final)
</pre>
1. Update the environment
<pre class="brush:bash">
# yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel
</pre>
2. Install pjproject
<pre class="brush:bash">
# cd /tmp
# wget http://www.pjsip.org/release/2.5.5/pjproject-2.5.5.tar.bz2
# tar -jxvf pjproject-2.5.5.tar.bz2
</pre>
2.1 Compile pjproject
<pre class="brush:bash">
# cd pjproject-2.5.5
# ./configure CFLAGS="-DNDEBUG -DPJ_HAS_IPV6=1" --prefix=/usr --enable-shared --disable-video --disable-sound --disable-opencore-amr
</pre>
<b>NOTE:</b> I am installing in an 32bit machine. If you are using 64bit machine, add --libdir=/usr/lib64
<pre class="brush:bash">
# make dep
# make
# make install
# ldconfig
</pre>
Verify the pjsip libraries have been dynamically linked
<pre class="brush:bash">
# ldconfig -p | grep pj
</pre>
3. Install asterisk
<pre class="brush:bash">
# cd /tmp
# wget http://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-13.8-current.tar.gz
# tar -zxvf asterisk-certified-13.8-current.tar.gz
# cd asterisk-certified-13.8-cert2
# ./configure
</pre>
<b>NOTE:</b> If you are using 64bit machine, add --libdir=/usr/lib64
Error encountered
<pre class="brush:bash">
checking for json_dumps in -ljansson... no
configure: error: *** JSON support not found (this typically means the libjansson development package is missing)
#
</pre>
To resolve, install jansson
<pre class="brush:bash">
# wget http://www.digip.org/jansson/releases/jansson-2.9.tar.gz
# tar -zxvf jansson-2.9.tar.gz
# cd jansson-2.9
# ./configure
# make
# make install
</pre>
Go back to asterisk-certified-13.8-cert2 and run ./configure
Verify if the pjsip channel driver dependencies have been successfully installed.
<pre class="brush:bash">
# make menuselect
</pre>
If all res_pjsip has (*) then you are good. Proceed with the installation.
<pre class="brush:bash">
# make
# make install
</pre>
You should see the following
<pre class="brush:bash">
+---- Asterisk Installation Complete -------+
+ +
+ YOU MUST READ THE SECURITY DOCUMENT +
+ +
+ Asterisk has successfully been installed. +
+ If you would like to install the sample +
+ configuration files (overwriting any +
+ existing config files), run: +
+ +
+ For generic reference documentation: +
+ make samples +
+ +
+ For a sample basic PBX: +
+ make basic-pbx +
+ +
+ +
+----------------- or ---------------------+
+ +
+ You can go ahead and install the asterisk +
+ program documentation now or later run: +
+ +
+ make progdocs +
+ +
+ **Note** This requires that you have +
+ doxygen installed on your local system +
+-------------------------------------------+
#
</pre>
If you want Asterisk to start at boot time use the following command to setup the Asterisk service. You should have asterisk in /etc/init.d
<pre class="brush:bash">
# make config
# chkconfig --list | grep asterisk
asterisk 0:off 1:off 2:on 3:on 4:on 5:on 6:off
</pre>
<b>Error Encountered</b>
<pre class="brush:bash">
# asterisk /usr/sbin/asterisk -C /etc/asterisk/asterisk.conf
asterisk: error while loading shared libraries: libjansson.so.4: cannot open shared object file: No such file or directory
</pre>
<b>Solution</b>
<pre class="brush:bash">
# ln -s /usr/local/lib/libjansson.so.4 /usr/lib/libjansson.so.4
# echo /usr/local/lib > /etc/ld.so.conf.d/asterisk.conf
# ldconfig
</pre>
Verify if you can locate libjansson.so.4
<pre class="brush:bash">
# updatedb
# locate libjansson.so.4
</pre>
You should be able to list /usr/lib/libjansson.so.4Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-88008599639139270792016-09-17T19:21:00.002-07:002016-09-17T19:35:18.768-07:00Change or Remove Passphrase Key in ssh Private KeyChange or Remove Passphrase Key in ssh Private Keys
<pre class="brush:bash">
# ssh-keygen -p -f private_key
Enter old passphrase:
Key has comment 'private_key'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-80949081964371676012015-09-26T05:34:00.005-07:002015-09-26T05:34:58.986-07:00WARNING: Re-reading the partition table failed with error 16: Device or resource busy.<div dir="ltr" style="text-align: left;" trbidi="on">
I have an error after I do fdisk on my new disk.<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@local ~]$</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Command (m for help): t</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Selected partition 1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Hex code (type L to list codes): 8e</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Changed system type of partition 1 to 8e (Linux LVM)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Command (m for help): p</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Disk /dev/sdb: 2000.3 GB, 2000398934016 bytes</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">255 heads, 63 sectors/track, 243201 cylinders</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Units = cylinders of 16065 * 512 = 8225280 bytes</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Device Boot Start End Blocks Id System</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">/dev/sdb1 1 243201 1953512001 8e Linux LVM</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Command (m for help): w</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">The partition table has been altered!</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Calling ioctl() to re-read partition table.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">WARNING: Re-reading the partition table failed with error 16: Device or resource busy.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">The kernel still uses the old table.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">The new table will be used at the next reboot.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Syncing disks.</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@local ~]$</span><br />
<br />
Solution:<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">hdparm -z /dev/sdb</span></div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-43276753871770197582014-12-23T19:36:00.002-08:002014-12-23T19:36:55.128-08:00How to change crontab editor<div dir="ltr" style="text-align: left;" trbidi="on">
How to change the default crontab editor<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">export VISUAL='vim'</span></div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-54603001144470170502014-09-25T15:20:00.000-07:002014-09-25T15:23:15.697-07:00How to identify if your bash shell is vulnerable to Bash Code Injection Vulnerability (CVE-2014-6271) , CVE-2014-7169This new vulnerable in bash is spreading quickly over the Internet just like the heartbleed.
How to know if your bash version is vulnerable?<br>
For Linux
<pre class="brush:plain">env x='() { :;}; echo vulnerable' bash -c "echo this is a test"</pre>
For Solaris 10
<pre class="brush:plain">env x='() { :;}; echo vulnerable' bash -c "echo this is a test"</pre>
For Solaris 11
<pre class="brush:plain">env x='() { :;}; echo vulnerable' bash -c "echo this is a test"</pre>
<br>
Solution is of course to patch or update to the latest version of bash. Go check out your OS for any updates now.Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-83703399921696035532014-05-20T04:54:00.000-07:002014-05-20T04:54:58.139-07:00Starting spamd: child process [22173] exited or timed out without signaling production of a PID fileI upgraded spamassassin and encountered an error when trying to start it.
<pre class="brush:plain">
[root@nelsoncli Mail-SpamAssassin-3.4.0]# /etc/init.d/spamassassin start
Starting spamd: child process [22173] exited or timed out without signaling production of a PID file: exit 255 at /usr/bin/spamd line 2960.
[FAILED]
</pre>
Solution: Run sa-update.
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-5855591212132354572014-03-10T13:47:00.000-07:002014-03-10T13:47:44.078-07:00httpd: apr_sockaddr_info_get() failed for<div dir="ltr" style="text-align: left;" trbidi="on">
Error:<br />
<br />
[root@kraken htdocs]# /usr/local/apache2/bin/apachectl start<br />
httpd: apr_sockaddr_info_get() failed for kraken<br />
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName<br />
[root@kraken htdocs]#<br />
<br />
Solution:<br />
<br />
Edit your httpd.conf and check the line<br />
<br />
ServerName<br />
<br />
You may put ServerName <hostname> or Server localhost</div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-75529121481832433312013-08-04T07:09:00.002-07:002013-08-04T07:10:42.087-07:00gvfs Permission denied<div dir="ltr" style="text-align: left;" trbidi="on">
I'm trying to delete a certain file using inum because I could not delete it using the filename. To my surprise, I could not delete it either. The file I'm trying to delete is:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"> -rw-r--r-- 1 root root 0 Aug 6 2012 ./?}>L1]?b1?}9?R?#?M???M@ </span><br />
<br />
It has an inum of 3932293 so I execute find . -inum 3932293 -exec ls -l {} \; but still could not delete either.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">[root@nelsoncli admin]# find . -inum 3932293 -exec ls -l {} \; </span><br />
<span style="font-family: Courier New, Courier, monospace;">-rw-r--r-- 1 root root 0 Aug 6 2012 ./?}>L1]?b1?}9?R?#?M???M@</span><br />
<span style="font-family: Courier New, Courier, monospace;">find: `./.gvfs': Permission denied</span><br />
<br />
So what the heck is gvfs. I have no time to do a research just that my goal is to delete this file. So I search the web and the solution was to unmount it.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">root@nelsoncli admin]# umount /home/admin/.gvfs</span><br />
<br />
After that, I was able now to delete the file.</div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-20517274502402078102013-04-04T02:18:00.002-07:002013-08-04T07:14:11.676-07:00passwd permission denied even for root on solaris<div dir="ltr" style="text-align: left;" trbidi="on">
I tried to reset the password of the local account but encountered an error.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">root@foo # passwd </span><br />
<span style="font-family: Courier New, Courier, monospace;">New Password: </span><br />
<span style="font-family: Courier New, Courier, monospace;">Re-enter new Password: Permission denied </span><br />
<br />
I'm a bit confused because I was login as root. I checked /etc/nsswitch.conf and passwd was configured on ldap.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">passwd: compat</span><br />
<span style="font-family: Courier New, Courier, monospace;">passwd_compat: ldap</span><br />
<br />
I found out I need to use -r to point passwd to files instead of ldap. So basically, my problem resolved by using passwd -r. If you are wandering what is -r, visit man passwd :-) </div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-60009535630166561712013-02-28T03:49:00.000-08:002013-08-04T07:16:30.302-07:00How to manually rotate pacct<div dir="ltr" style="text-align: left;" trbidi="on">
If your file <span style="font-family: Courier New, Courier, monospace;">/var/adm/pacct</span> is growing rapidly and you want to rotate it manually, you may use either of the below.<br />
<br />
1. Use the command <span style="font-family: Courier New, Courier, monospace;">/usr/lib/acct/ckpacct</span>. After you execute it, a file <span style="font-family: Courier New, Courier, monospace;">pacct1 </span>will be created and an empty <span style="font-family: Courier New, Courier, monospace;">pacct</span>.<br />
<br />
2. If you have logadm command, you may just execute <span style="font-family: Courier New, Courier, monospace;">logadm -p now /var/adm/pacct</span></div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-85858498984908384212013-01-05T05:51:00.000-08:002013-08-04T07:19:50.732-07:00Changing permission of /dev/ttyS0 permanently<div dir="ltr" style="text-align: left;" trbidi="on">
I've been setting up the Serial Connection of my server to be used for Virtualization. It seems that my Serial Port is not detected on my guest vms. One thing I notice is that <span style="font-family: Courier New, Courier, monospace;">/dev/ttyS0</span> has a permission of<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">crw-rw---- 1 root dialout 4, 64 Jan 6 2013 /dev/ttyS0 </span><br />
<br />
I added the user on the <span style="font-family: Courier New, Courier, monospace;">dialout </span>group and since I'm using CentOS 6, I need to modify files in udev which is <span style="font-family: Courier New, Courier, monospace;">/etc/udev/rules.d/40-permissions.rules</span>. and put the content below<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">KERNEL=="ttyS[0-9]", GROUP="dialout", MODE="0770" </span><br />
<br />
In case it doesn't exists, you need to create one. Once done, restart udev.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">[root@nelsoncli rules.d]# /etc/init.d/udev-post stop </span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@</span><span style="font-family: 'Courier New', Courier, monospace;">nelsoncli </span><span style="font-family: Courier New, Courier, monospace;">rules.d]# /etc/init.d/udev-post start
Retrigger failed udev events [ OK ] </span><br />
<br />
Reboot your server to confirm if everything went ok.</div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-62127684776142789692012-10-05T22:39:00.003-07:002013-08-04T07:22:52.027-07:00_default_ virtualhost overlap on port 443<div dir="ltr" style="text-align: left;" trbidi="on">
I'll be setting up a web server where there pages includes authentication. We don't want to use http in logging in some sort of authentication, right? So I enabled virtual hosting on apache on port 80 and 443. However, I'm getting a warning whenever I'm starting apache.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"> [warn] _default_ virtualhost overlap on port 443, the first has precedence </span><br />
<br />
To fix the issue, edit <span style="font-family: Courier New, Courier, monospace;">httpd-ssl</span> and put the line below:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">NameVirtualHost *:443 </span><br />
<br />
You need to restart or reload apache to take effect the new settings.</div>
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-8067534150157059302012-09-30T06:11:00.000-07:002012-09-30T06:11:59.610-07:00I'm setting up stunnel and will be enabling x-forwarded-for patch for it to partner with haproxy. However, I'm having an issue in starting up haproxy.
<pre class="brush:plain">
[root@ZAPATUS stunnel]# /etc/init.d/stunnel start
Starting universal SSL tunnel: stunnelClients allowed=500
stunnel 4.53 on i686-pc-linux-gnu platform
Compiled/running with OpenSSL 1.0.1c 10 May 2012
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:LIBWRAP Sockets:POLL+IPv6
Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
str_stats: 5 block(s), 93 data byte(s), 210 control byte(s)
failed.
</pre>
To fix, include fips=no on stunnel.conf. Here is the global portion of my stunnel.conf
<pre class="brush:plain">
sslVersion = all
setuid = stunnel
setgid = stunnel
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
fips=no
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-51983072928091016202012-09-17T04:25:00.000-07:002012-09-30T05:33:55.161-07:00Error compiling mod_securityOh men! Compiling mod_security is hell! I've been trying to compile it for several days now. I successfully compile mod_evasive with a slight issue. Here is my error in mod_security
<pre class="brush:plain">
[root@ip-10-162-54-86 modsecurity-apache_2.6.7]# /usr/local/apache2/bin/apxs -cia apache2/modsecurity.c
/usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/local/apache/include -I/usr/local/apache/include -c -o apache2/modsecurity.lo apache2/modsecurity.c && touch apache2/modsecurity.slo
In file included from apache2/modsecurity.h:38,
from apache2/modsecurity.c:19:
apache2/msc_xml.h:21:31: error: libxml/xmlschemas.h: No such file or directory
apache2/msc_xml.h:22:26: error: libxml/xpath.h: No such file or directory
In file included from apache2/modsecurity.h:38,
from apache2/modsecurity.c:19:
apache2/msc_xml.h:27: error: expected specifier-qualifier-list before 'xmlSAXHandler'
</pre>
There has been an issue with apxs. Upon searching in Google, solution was compile it this way
<pre class="brush:plain">
/usr/local/apache2/bin/apxs -cia -n modsecurity -I /usr/include/libxml2 apache2/modsecurity.c
</pre>
Viola! modsecurity module was successfully compiled. Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-21285757306889341492012-09-01T07:36:00.001-07:002012-09-17T04:24:07.371-07:00semanage command not foundI need to run semanage in one of my Linux box to check the settings of selinux to users. But it seems semanage was not installed
<pre class="brush:plain">
[root@centosprod1 sysconfig]# semanage login -l
-bash: semanage: command not found
</pre>
I don't have any idea what package to install. libsemanage was installed already. Thank you to yum. Use provides option to yum to find the package for semanage.
<pre class="brush:plain">
[root@centosprod1 sysconfig]# yum provides */semanage
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
libsemanage-devel-2.0.43-4.1.el6.x86_64 : Header files and libraries used to build policy manipulation tools
Repo : cdrom
Matched from:
Filename : /usr/include/semanage
policycoreutils-python-2.0.83-19.18.el6.x86_64 : SELinux policy core python utilities
Repo : cdrom
Matched from:
Filename : /usr/sbin/semanage
libsemanage-devel-2.0.43-4.1.el6.i686 : Header files and libraries used to build policy manipulation tools
Repo : cdrom
Matched from:
Filename : /usr/include/semanage
</pre>
Based on the output of yum, you need to install policycoreutils-python.
Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-80149104620189123152012-08-30T01:51:00.000-07:002012-08-30T01:56:29.687-07:00Disabling virbr0I notice there is virbr0 interface on my CentOS Machine. There is no kvm running on this machine so I guess there is no need for this interface.
<pre class="brush:plain">
virbr0 Link encap:Ethernet HWaddr 52:54:00:56:BD:B2
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:9410 (9.1 KiB)
</pre>
To disable, just do the following:
<pre class="brush:plain">
[root@centosprod1 iptables-1.4.7]# virsh net-list
Name State Autostart
-----------------------------------------
default active yes
[root@centosprod1 iptables-1.4.7]# virsh net-destroy default
Network default destroyed
[root@centosprod1 iptables-1.4.7]# virsh net-undefine default
Network default has been undefined
[root@centosprod1 iptables-1.4.7]# service libvirtd restart
Stopping libvirtd daemon: [ OK ]
Starting libvirtd daemon: 16:46:33.012: 2051: info : libvirt version: 0.9.4, package: 23.el6 (CentOS BuildSystem <http://bugs.centos.org>, 2011-12-08-01:26:50, c6b18n3.bsys.dev.centos.org)
16:46:33.012: 2051: warning : virGetHostname:1884 : getaddrinfo failed for 'centosprod1': Name or service not known
[ OK ]
</pre>
virbr0 is now gone. Verify it by running ifconfig -a
<pre class="brush:plain">
[root@centosprod1 iptables-1.4.7]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:80:8D:19
inet addr:10.0.1.101 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe80:8d19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:743 errors:0 dropped:0 overruns:0 frame:0
TX packets:708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:71738 (70.0 KiB) TX bytes:111377 (108.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:78 errors:0 dropped:0 overruns:0 frame:0
TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6054 (5.9 KiB) TX bytes:6054 (5.9 KiB)
[root@centosprod1 iptables-1.4.7]# virsh net-list
Name State Autostart
-----------------------------------------
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-49310753466949104752012-08-27T22:32:00.002-07:002012-08-30T01:50:55.862-07:00apu library not foundI'm compiling mod_security to patch with apache. However, I encountered the following when patching mod_security with the command apxs on the apache.
<pre class="brush:plain">
checking for libapu config script... no
configure: *** apu library not found.
configure: error: apu library is required
</pre>
<b>Solution:</b>
<br>
Install apr-util-devel. I install it via yum and this resolves the error.
<pre class="brush:plain">
yum -y install apr-util-devel
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-89814636808697238112012-06-17T07:28:00.000-07:002012-08-27T22:28:12.545-07:00bind mysql port to an ip addressI've been setting up servers for so many times and it was been my habit that all my applications/services should be listening on one of server's ip address. I just installed MySQL and by default, it listen to 0.0.0.0. Server's ip address is 10.0.1.101 and I would like to listen it to that ip address instead of 0.0.0.0. To change this, you should have an entry bind-address on your /etc/my.cnf.<br />
<pre class="brush:plain">bind-address=10.0.1.101
</pre>You should restart mysqld. Reloading mysqld would not work. I tried it but it didn't work I guess I need to stop also all applications writing to the database. <br />
<pre class="brush:plain">[root@centosprod1 ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.1.101:22 0.0.0.0:* LISTEN 21154/sshd
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 18834/veaintf
tcp 0 0 0.0.0.0:5634 0.0.0.0:* LISTEN 17820/xprtld
tcp 0 0 10.0.1.101:3306 0.0.0.0:* LISTEN 21376/mysqld
tcp 0 0 :::5634 :::* LISTEN 17820/xprtld
udp 0 0 0.0.0.0:68 0.0.0.0:* 1092/dhclient
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-10739600525795798712012-05-16T08:35:00.001-07:002012-06-10T03:37:54.619-07:00VxVM not mounting on boot upI notice that the Volume I have created under Veritas doesn't mount on boot even though it was on /etc/fstab. I'm using CentOS 6. Below is my entry on /etc/fstab<br />
<pre class="brush:plain">/dev/vx/dsk/datadg/datavol /file ext4 defaults,_netdev 0 0
</pre>I found out that it requires netfs so I add it on boot and it was now mounting after the reboot<br />
<pre class="brush:plain">[root@centosprod1 ~]# chkconfig --list | grep 3:on | grep netfs
netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-70351669907479811752012-05-14T06:11:00.002-07:002012-06-10T03:38:23.009-07:00How to add device in LVMMy current setup is Raid5 with 2 Device. I decided to add a new disk so I need to configure Raid5 with 3 device. Below are the procedures that I did.<br />
<br />
Record first your existing setup<br />
<pre class="brush:plain">[root@centosprod1 ~]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdf1[2] sdg1[3]
1043968 blocks super 1.2 level 5, 512k chunk, algorithm 2 [2/2] [UU]
unused devices: <none>
</pre><pre class="brush:plain">[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon May 7 14:35:19 2012
Raid Level : raid5
Array Size : 1043968 (1019.67 MiB 1069.02 MB)
Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
Raid Devices : 2
Total Devices : 2
Persistence : Superblock is persistent
Update Time : Mon May 14 12:52:21 2012
State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Layout : left-symmetric
Chunk Size : 512K
Name : centosprod1:0 (local to host centosprod1)
UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
Events : 104
Number Major Minor RaidDevice State
3 8 97 0 active sync /dev/sdg1
2 8 81 1 active sync /dev/sdf1
</pre>We will now add the new device /dev/sde1<br />
<pre class="brush:plain">[root@centosprod1 ~]# mdadm --add /dev/md0 /dev/sde1
mdadm: added /dev/sde1
</pre><pre class="brush:plain">[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon May 7 14:35:19 2012
Raid Level : raid5
Array Size : 1043968 (1019.67 MiB 1069.02 MB)
Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
Raid Devices : 2
Total Devices : 3
Persistence : Superblock is persistent
Update Time : Mon May 14 13:02:13 2012
State : clean
Active Devices : 2
Working Devices : 3
Failed Devices : 0
Spare Devices : 1
Layout : left-symmetric
Chunk Size : 512K
Name : centosprod1:0 (local to host centosprod1)
UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
Events : 105
Number Major Minor RaidDevice State
3 8 97 0 active sync /dev/sdg1
2 8 81 1 active sync /dev/sdf1
4 8 65 - spare /dev/sde1
</pre>The disk has been added but you would notice that it is still spare. We will now set our raid array to have 3 devices<br />
<pre class="brush:plain">[root@centosprod1 ~]# mdadm --grow /dev/md0 --raid-devices=3
mdadm: Need to backup 1024K of critical section..
</pre><pre class="brush:plain">[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon May 7 14:35:19 2012
Raid Level : raid5
Array Size : 1043968 (1019.67 MiB 1069.02 MB)
Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
Raid Devices : 3
Total Devices : 3
Persistence : Superblock is persistent
Update Time : Mon May 14 13:03:28 2012
State : clean, reshaping
Active Devices : 3
Working Devices : 3
Failed Devices : 0
Spare Devices : 0
Layout : left-symmetric
Chunk Size : 512K
Reshape Status : 8% complete
Delta Devices : 1, (2->3)
Name : centosprod1:0 (local to host centosprod1)
UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
Events : 120
Number Major Minor RaidDevice State
3 8 97 0 active sync /dev/sdg1
2 8 81 1 active sync /dev/sdf1
4 8 65 2 active sync /dev/sde1
</pre>The new disk has successfully added.<br />
<pre class="brush:plain">[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Mon May 7 14:35:19 2012
Raid Level : raid5
Array Size : 1043968 (1019.67 MiB 1069.02 MB)
Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
Raid Devices : 3
Total Devices : 3
Persistence : Superblock is persistent
Update Time : Mon May 14 13:10:00 2012
State : clean, reshaping
Active Devices : 3
Working Devices : 3
Failed Devices : 0
Spare Devices : 0
Layout : left-symmetric
Chunk Size : 512K
Reshape Status : 63% complete
Delta Devices : 1, (2->3)
Name : centosprod1:0 (local to host centosprod1)
UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
Events : 157
Number Major Minor RaidDevice State
3 8 97 0 active sync /dev/sdg1
2 8 81 1 active sync /dev/sdf1
4 8 65 2 active sync /dev/sde1
</pre>Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-6799861507172374652012-05-05T08:25:00.000-07:002012-05-05T08:25:02.974-07:00How to convert Putty's ppk to be compatible with SecureCRTI'm using Putty to connect to my server. However, it is much comfortable to use SecureCRT. I have .ppk use in my Putty to connect to some of our server. Since I'll be using SecureCRT, I have to convert into a format SecureCRT will understand.<br />
<br />
To convert .ppk to .pub, do the ff:<br />
<br />
1. Run "puttygen.exe". The "PuTTY Key Generator" dialog will appear.<br />
<br />
2. Use the "Load" button to load the .ppk file that contains your private key. If your private key file is protected with a passphrase, you will be prompted to supply the passphrase in order to complete the loading of the private key.<br />
<br />
3. Once the private key has been loaded properly, choose "Export OpenSSH key" from the main "Conversions" pull-down menu that is part of the "PuTTY Key Generator" window.<br />
<br />
4. When the "Save private key as:" window appears, specify a filename for the private key file such as "Identity" and choose "Save".<br />
<br />
NOTE: The private key file name should not have any extension associated with it. For example, if SecureCRT is configured to use a public key named "Identity.pub", it expects to find the private key in the same folder as the public key file, with the name of "Identity".<br />
<br />
Similarly, if SecureCRT is confgured to use a private key named "Identity", it expects to find a the public key in a file named "Identity.pub" located in the same folder as the private key file.<br />
<br />
Now you will need to export the public key to a file format that follows the IETF SecSH internet-draft.<br />
<br />
5. Choose "Save public key". When the "Save public key as:" window appears, specify a filename for the public key file, such as "Identity.pub", and choose "Save".<br />
<br />
NOTE: It is important for use with VanDyke Software products that the public and private key files both share the same basename. For example, if you named your private key file "Identity" as suggested in step 4 above, the public key file should be saved as "Identity.pub".<br />
<br />
Once you have completed the steps outlined above, you will be able to use your Identity and Identity.pub files with VanDyke Software products.Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com1tag:blogger.com,1999:blog-5948284028745023190.post-58120439447958543602012-05-05T08:05:00.000-07:002012-05-05T08:05:54.281-07:00How to convert .crt to .pemIf you'll be converting .crt to .pem, you may use the ff commands<br />
<pre class="brush:bash">openssl x509 -in server.crt -out server.der -outform DER
openssl x509 -in server.der -inform DER -out server.pem -outform PEM
</pre>Verify first if your key is in PEM format. Mostly, they begin in --BEGIN and can read with a text editor. If you'll be converting .key to .pem, just replace openssl x509 with openssl rsa. Normally, server.key is your private key and server.crt is your signed or returned certificate.Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com0tag:blogger.com,1999:blog-5948284028745023190.post-72012869971913120472012-05-05T07:49:00.000-07:002012-05-05T07:49:49.578-07:00How to verify Solaris if its 32 or 64 bitHow to determine if the running solaris OS has a 32bit or 64bit architerture? Use the isainfo command<br />
<pre class="brush:bash">$ isainfo -v
64-bit sparcv9 applications
vis2 vis
32-bit sparc applications
vis2 vis v8plus div32 mul32
</pre>If you only see 32-bit sparc applications, this means that you are only running 32bit but if you also see the 64-bit sparcv9 applications, then you're running 64bit.Nelsonhttp://www.blogger.com/profile/16584448631117595541noreply@blogger.com1