Just random mumbling: February 2015

Thursday, February 26, 2015

install and configure Xymon to monitor Slackware part 2

cd /home/xymon/server/etc
nano bb-hosts
write

192.168.28.160 xpvirtual.sourav.com #XP
save and exit
su xymon
/home/xymon/server/hobbit.sh stop
/home/xymon/server/hobbit.sh start
go to
192.168.28.51/xymon
and you should see the xpvirtual.sourav.com entry
install bbwin on windows xp client
select full features to be installed
run regedit
hkey local machine-software-BBWin
on the right side pane
right click on hostname and click modify
paste xpvirtual.sourav.com under value data
open
c:\Program Files\BBWin\etc\BBWin.cfg in notepad
make the first line look like this

where 192.168.28.51 is the ip of the xymon server

go to services.msc
start the Big brother xymon client and make the service automatic at startup if it is manual
Now on windows xp run-firewall.cpl
advanced ,local area connection ,settings
on the icmp tab
click on the allow incoming echo request
Now on the xymon server

/home/xymon/server/hobbit.sh stop
/home/xymon/server/hobbit.sh start
Now go to
go to
192.168.28.51/xymon
you should see more information about xpvirtual.sourav.com
Now on the xymon server
cd /home/xymon/server/etc

make the end look like this
page linux Linux
group-compress (less than sign)font size="+1"("greater than sign")Linux("less than sign")/font"("greater than sign")
192.168.28.51 slackwarepc # bbd http://slackwarepc/
page workstation Workstation
group-compress (<)font size="+1"(>)Workstation(<)/font(>)
10.10.29.141 MyPC #Win8
192.168.28.160 xpvirtual.sourav.com #XP
save and exit
/home/xymon/server/hobbit.sh stop
/home/xymon/server/hobbit.sh start
go to
192.168.28.51/xymon
you should see the two divisions named Linux and Workstaions

Sourav Bhattacharya
(Slackware Lover)

Sunday, February 22, 2015

Make your lan connections eth0,eth1 from ens33 etc in CentOS 7

yum -y install ftp nano net-tools #(net-tools for ifconfig)

go to /etc/hostname

server1.sourav.com

go to /etc/hosts

the file is like this

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

make it look like

127.0.0.1 server1.sourav.com localhost localhost.localdomain localhost4 localhost4.localdomain4
::1       server1.sourav.com localhost localhost.localdomain localhost6 localhost6.localdomain6

now ifconfig command shows the interface as ens33,I want to make the two lan adapter as eth0 and eth1

nano /etc/default/grub

find this line

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us rhgb quiet"

and make it look like that

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us rhgb quiet net.ifnames=0 biosdevname=0"

save and exit

reboot

ifconfig eth0 down

ifconfig eth1 down

and

ifconfig eth0 up

will do the managing for you

run this command

grub2-mkconfig -o /boot/grub2/grub.cfg

reboot

run ifconfig

you will see the network adapters as eth0 and eth1

cd /etc/sysconfig/network-scripts/

mv ifcfg-ens33 ifcfg-eth0

nano ifcfg-eth1

DEVICE="eth1"

NAME="eth1"

IPADDR=10.10.0.1

delete the gate way and dns

delete the uuid

get the proper mac address for ethernet adapter2

BOOTPROTO="static"

ONBOOT="yes"

Del PEERROUTES,PEERDNS,DEFROUTE portions on eth1

save and exit

systemctl stop NetworkManager

systemctl disable NetworkManager

systemctl restart network

now you are fine

For more information

http://unix.stackexchange.com/questions/81834/how-can-i-change-the-default-ens33-network-device-to-old-eth0-on-fedora-19

Tuesday, February 17, 2015

php mcrypt not found solved and install and enable curl

sudo apt-get install php5-mcrypt
sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

install and enable curl extension

sudo apt-get install curl libcurl3 libcurl3-dev php5-curl

Monday, February 16, 2015

Install and configure Xymon to monitor Slackware part 1

download rrdtool and fping and xymon package in tar.gz format

tar -zxvf fping ...

cd fping ..

./configure

make

make install

tar -zxvf rrdtool...

cd rrdtool

./configure

make

make install

tar -zxvf xymon-...

cd xymon ..

groupadd xymon

useradd xymon -g xymon

./configure.server

keep saying y to the questions(press enter)

when asked which group does the webserver use

the answer should be apache

the ip address of the machine should not be 127.0.0.1

it should be

192.168.28.51

and keep saying yes and you are done

make

make install

type

visudo

or

mcedit /etc/sudoers

under the section

Cmnd alias specification

Write Cmnd_Alias and press tab

Cmnd_Alias    XYM = /usr/local/sbin/fping *

then go to user privilege specification

go to under the line as

root    All=(ALL) All

type

xymon    All = NOPASSWD: XYM

save and exit

su xymon

and try to run

/usr/local/sbin/fping google.com

and I have faced this error

Fping can only be run by root

So I tried

as root

chown root:xymon /usr/local/sbin/fping

chmod 710 /usr/local/sbin/fping

chmod ug+s /usr/local/sbin/fping

and then

become xymon

su xymon

and then

/usr/local/sbin/fping google.com

the thing is working now

become root

mc

go to /home/xymon/server/etc

see if hobbitserver.cfg exists

go to /etc/httpd/httpd.conf

Under the line

Include /etc/httpd/mod_php.conf

Write

Include /home/xymon/server/etc/hobbit-apache.conf

save and exit

/etc/rc.d/rc.httpd restart

su xymon

/home/xymon/server.hobbit.sh start

ps aux | grep hobbit

Now from a client pc

if I type

http://192.168.28.51/xymon

it shows 404 Not Found URL/xymon was not found on this server

So I went to

cd /home/xymon/server/etc

nano hobbit-apache.conf

find this line

Alias /xymon/ "/home/xymon/server/www/"

and change it to

Alias /xymon "/home/xymon/server/www"

save and exit

/etc/rc.d/rc.httpd restart

and

open from client pc

192.168.28.51/xymon

it is working now

go to

cd /home/xymon/server/etc

nano bb-hosts

add this line at the last

10.10.29.141    MyPC             #Win8

save and exit

su xymon

/home/xymon/server/hobbit.sh stop

/home/xymon/server/hobbit.sh start

now you will find 2 host on the main view of xymon

at 192.168.28.51/xymon

Install and configure MySQL on Slackware

type mc

go to /etc/

copy my-large.cnf to my.cnf by pressing ctrl+F5

make the destination to /etc/my.cnf

press alt+o to save on the last opened window

press ctrl+F10 to exit from mc

type mysql_install_db

chown -R mysql:mysql /var/lib/MySQL

/etc/rc.d/rc.mysqld stop

/etc/rc.d/rc.mydsqld start

ps aux | grep mysql | grep -v grep

mysql should be listed

set root password

UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';

Monday, February 9, 2015

Samba 4 Active Directory Domain Controller on CentOS 7 part 1

Configure active directory domain controller on CentOS 7

# nano /etc/sysconfig/network-scripts/ifcfg-ens33

Change the highlighted sections

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=yes

IPV6INIT=no

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=84c05b0f-7a4f-477b-80ca-758fbddf39d9

ONBOOT=yes

HWADDR=00:0C:29:5D:DD:7D

IPADDR0=192.168.28.150

PREFIX0=24

GATEWAY0=192.168.28.2

DNS1=192.168.28.150

nano /etc/sysconfig/network

HOSTNAME=server1.sourav.com

DNS1=192.168.28.150

SEARCH=sourav.com

Restart Network

# systemctl restart network

Disable SELINUX:

# vi /etc/selinux/config

Set SELINUX to disabled

SELINUX=disabled

Turn off IPTables

systemctl disable iptables

systemctl stop iptables

Set DNS:

# nano /etc/resolv.conf

Add these two lines

search sourav.com

nameserver 192.168.28.150

Run Updates

# yum update –y

Install prerequisite packages

All at once

# yum install glibc glibc-devel gcc python*

python-devel libacl-devel krb5-workstation

krb5-libs pam_krb5 bind-utils wget man ntp -y

Or one at a time

# yum install glibc –y

# yum install glibc-devel –y

# yum install gcc -y

# yum install python* -y

# yum install python-devel -y

# yum install libacl-devel -y

# yum install krb5-workstation -y

# yum install krb5-libs -y

# yum install pam_krb5 -y

# yum install bind-utils -y

# yum install wget -y

# yum install man -y

# yum install ntp -y

Make and Change to samba-master directory

# mkdir /samba-master

# cd /samba-master

Remove any previous Versions of Samba

# yum remove samba* -y

Download latest stable version of Samba

(currently 4.1.12)(for me only this version worked)

# wget http://www.samba.org/samba/ftp/stable/samba-4.1.12.tar.gz

Un gzip the samba files

# tar –xzf samba-4.1.12.tar.gz

Change to the 0folder that the Samba files went into

cd samba-4.1.12

Complile and Install Samba

# ./configure –-enable-selftest --enable-debug

# make

# make install

Edit Path

nano /etc/profile.d/custom.sh

Add these two lines and save

export PATH=$PATH:/usr/local/samba/sbin

export PATH=$PATH:/usr/local/samba/bin

chmod +x /etc/profile.d/custom.sh

Restart Server

# shutdown now -r

Provision Domain

# /usr/local/samba/bin/samba-tool domain provision

(Just type enter to accept the default values,

the password should be complex alphanumeric

otherwise an error will arise)

Add Samba to startup

# vi /etc/rc.d/rc.local

Add the following line and save

/usr/local/samba/sbin/samba

chmod +x /etc/rc.d/rc.local

Restart Server

# shutdown now -r

Verify Samba Version

# /usr/local/samba/sbin/samba -V

# /usr/local/samba/bin/smbclient --version

Verify Domain Info

# /usr/local/samba/bin/smbclient -L localhost -U%

Check DNS Forwarder

# vi /usr/local/samba/etc/smb.conf

Verify DNS forwarder is set to your Internet DNS IP

dns forwarder = 192.168.28.2

Verify your DNS Settings for Linux

# vi /etc/resolv.conf'

Verify your nameserver is set to your AD Servers IP Address

(The IP of the Server we just setup)

search sourav.com

nameserver 192.168.28.150

Verify DNS setting on you network interface

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Verify you DNS1 is set to your AD Servers IP Address

(The IP of the Server we just setup)

DNS1="192.168.28.2"

#MUST CHANGE THIS TO

YOUR HOST IP ADDRESS!!

Verify DNS is Working by Issuing the

following commands

# host -t SRV _ldap._tcp.sourav.com.

# host -t SRV _kerberos._udp.sourav.com.

# host -t A server1.sourav.com.

Setup Kerberos

# mv /etc/krb5.conf /etc/krb5.conf.orig

# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf

# vi /etc/krb5.conf

Verify it look like this and has your domain info

[libdefaults]

default_realm = SOURAV.COM

dns_lookup_realm = false

dns_lookup_kdc = true

Restart Server

# shutdown now -r

Test Kerberos

# kinit administrator@SOURAV.COM

# klist

Start NTP and set it to run on startup

systemctl start ntpd

systemctl enable ntpd

Source://https://www.youtube.com/watch?v=CJrKkMCnXP0

Sourav Bhattacharya

Linux Faculty/Enthusiast for 7 years

Kolkata

Friday, February 6, 2015

ifconfig not found,use nmcli d and set the IP Adress on CentOS 7

By default on the core minimal configuration of CentOS Server ifconfig is not present

you have to install net-tools rpm from the dvd under the Packages folder to get ifconfig

use nmcli d to see the available network cards

from GUI mode(if GUI is available ) use the command

nmtui

to set the ip

vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s17
UUID=7f1aff2d-b154-4436-9497-e3a4dedddcef
ONBOOT=no
HWADDR=00:0C:29:A1:B5:D6
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes

For DHCP
Find the below lines in config File.
BOOTPROTO=none
ONBOOT=no

and replace with

BOOTPROTO=dhcp
ONBOOT=yesNow Restart network service by typing below command.

systemctl restart network

For Static IP.
Find the below lines in config File.
BOOTPROTO=none
ONBOOT=no

and replace with

BOOTPROTO=static
ONBOOT=yes

And add the below lines at the end of the file.

IPADDR=192.168.28.51
NETMASK=255.255.255.0
GATEWAY=192.168.28.50
DNS1=192.168.28.50

File will look like below after changes.
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s17
UUID=f0c5b37d-299a-43cb-b74b-618bb252d129
ONBOOT=yes
HWADDR=00:0C:29:B1:C5:BB
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPADDR=192.168.28.51
NETMASK=255.255.255.0
GATEWAY=192.168.28.50
DNS1=192.168.28.50

Now Restart network service by typing below command.
systemctl restart network

you can use /etc/sysconfig/network file for hostname and DNS .
HOSTNAME=server1.sourav.com
DNS1=192.168.0.50
DNS2=4.2.2.2
SEARCH=sourav.com

DHCP with MAC-Binding on CentOS 7

mount -o loop /dev/cdrom /media

cd /media/Packages

rpm -ivh dhcp.....rpm

nano /etc/dhcp/dhcpd.conf

rpm -ivh

#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page

# create new

option domain-name "sourav.com";

option domain-name-servers 192.168.28.150 ;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.28.255;

option routers 192.168.28.50;

default-lease-time 600;

max-lease-time 7200;

subnet 192.168.28.0

netmask 255.255.255.0
{

range dynamic-bootp 192.168.28.190 192.168.28.195;

}
host client{
option host-name "client.sourav.com";
hardware ethernet 00:0c:29:ff:5b:64;
fixed-address 192.168.28.192;
}

save and exit

systemctl start dhcpd

systemctl enable dhcpd

start the client

nano /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=84c05b0f-7a4f-477b-80ca-758fbddf39d9
ONBOOT=yes
HWADDR=00:0C:29:5D:DD:7D

save and exit

systemctl restart network

go to dhcp server

you should see the leased ip on

nano /var/lib/dhcpd/dhcpd.leases

and if you type

systemctl status dhcpd

you should see if it is running including the lease information

Tuesday, February 3, 2015

EUI-64 conversion for CCNA

It's a really good video.

Apache with SSL,HTTPS configuration on CentOS 7

sudo yum install httpd
sudo systemctl enable httpd.service
sudo yum install mod_ssl
sudo mkdir /etc/httpd/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

    openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
    req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
    -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
    -days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
    -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
    -keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
    -out: This tells OpenSSL where to place the certificate that we are creating.
Then you have to fill up like this
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Example
Locality Name (eg, city) [Default City]:Example
Organization Name (eg, company) [Default Company Ltd]:Example Inc
Organizational Unit Name (eg, section) []:Example Dept
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:webmaster@example.com
Then
sudo nano /etc/httpd/conf.d/ssl.conf
Find the section that begins with . We need to make a few changes here to ensure that our SSL certificate is correctly applied to our site.
First, uncomment the DocumentRoot line and edit the address in quotes to the location of your site's document root. By default, this will be in /var/www/html, and you don't need to change this line if you have not changed the document root for your site. However, if you followed a guide like our Apache virtual hosts setup guide, your site's document root may be different.
DocumentRoot "/var/www/example.com/public_html"

Next, uncomment the ServerName line and replace www.example.com with your domain name or server IP address (whichever one you put as the common name in your certificate):
ServerName www.example.com:443
Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to the directory we made at /etc/httpd/ssl:
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
sudo apachectl restart

sudo apachectl restart

Source:https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

Monday, February 2, 2015

Install Webmin on CentOS 7

nano /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
rpm --import http://www.webmin.com/jcameron-key.asc
yum install webmin -y
chkconfig webmin on
service webmin start
firewall-cmd --permanent --add-port=10000/tcp
rom another pc go tohttp://192.168.28.150:10000
log in as root

The /etc/hosts and /etc/resolv.conf file for Bind server on CentOS 7

/etc/hosts file should contain

127.0.0.1 localhost server1
192.168.28.150 server1.sourav.com server1

/etc/resolv.conf should contain

search sourav.com
nameserver 127.0.0.1

My Network Configuration file looks like this

TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens33"
UUID="9a7aed2a-76a6-48c7-a320-f581c760e8d4"
ONBOOT="yes"
IPADDR0="192.168.28.150"
PREFIX0="24"
GATEWAY0="192.168.28.2"
DNS1="127.0.0.1"
HWADDR="00:0C:29:5D:DD:7D"

Vsftpd with SSL-TLS on CentOS 7

after installing vsftpd you have to perform
setsebool -P ftp_home_dir=1

sudo mkdir /etc/ssl/private

To create the certificate and the key in a single file, we can use this command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

go to /etc/vsftpd/vsftpd.conf
comment the line
anonymous_enable=YES
uncomment the line
chroot_local_user=YES
add the line

dual_log_enable=YES
At the end add those lines
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
save the file
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-port=21/udp
firewall-cmd --permanent --add-port=20/tcp
firewall-cmd --permanent --add-port=20/udp
firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload
service vsftpd restart
chkconfig vsftpd on