Creating certification authority : $cd /etc/newcerts$openssl genrsa 2048 > ca-key.pem$openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem NOTE: Last command will ask for details of certificate provider. So, provide short namesCreating certificate for server using above CA certificate :$openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem $openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pemNOTE: First command...
Saturday, 31 December 2011
How to locally generate CA certificate and server - client certificate using CA on linux ?
Posted on 22:55 by Unknown
Friday, 30 December 2011
How to install mysql and configure SSL with it?
Posted on 04:11 by Unknown
* How to install mysql and configure SSL with it?* Received following error while I locally try to connect to mysql server over SSL.[root@]# mysql --ssl-cert=/var/lib/mysql/openssl-md5/ca-cert.pem --ssl-key=/var/lib/mysql/openssl-md5/client-key.pem --ssl-cert=/var/lib/mysql/openssl-md5/client-cert.pem -u root -p -v -v -vEnter password:ERROR 2026 (HY000): SSL connection errorMy used environment * Red Hat Enterprise Linux 5.7Required packages :* perl-DBD-MySQL-3.0007-2.el5perl-DBI-1.52-2.el5mysql-server-5.0.77-4.el5_6.6mysql-5.0.77-4.el5_6.6mysql-5.0.77-4.el5_6.6Resolution1....
Monday, 26 December 2011
How to generate UDP packets and capture them?
Posted on 08:54 by Unknown
Guys,I had a chance to generate UDP packets and send them to another host. This was needed for testing a specific problem that I had faced. The problem is that I had to see huge Recv-Q at "netstat -apln|grep -i 'syslog' prior to RHEL 5.4. Now question is why does it show such huge value? But why do we see this at first place? No, we didn't see it at first place. Actually one monitoring software was complaining that there were lot of failure d UDP packets in "netstat -s" output and it also complained that number of such packets were also huge in...
Tuesday, 29 November 2011
How to configure rndc key with chrooted bind on linux?
Posted on 22:26 by Unknown
Environment : RHEL 6.1 .Here are the steps that I followed :1. vi /etc/rndc.conf and following line----options { default-server 127.0.0.1; default-key "rndckey";};server 127.0.0.1 { key "rndckey";};key "rndckey" { algorithm "hmac-md5"; secret "secret key will be placed here";};---2. cd /var/named/chroot/etc/3. $dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 256 -n HOST rndc4. cat *.private5. copy the key from private file and put it in /etc/rndc.conf at "secret" line.6. Do link :$ln -s /var/named/chroot/etc/rndc.conf...
Tuesday, 15 November 2011
How to rotate sudo log?
Posted on 00:35 by Unknown
Scenario : Sudo log files will keep the activities of sudo users and their login status in /var/log/sudolog.Tested platform : RHEL 5Solution : 1. Create a sudo log file and put it in /etc/sudoers. Then rotate it for 90 days. As an example :$touch /var/log/sudolog2. vi /etc/sudoers and add following lines :-----Defaults !syslogDefaults logfile = /var/log/sudolog-----Then save it.3. Rotating this log file :vi /etc/logrotate.d/sudolog and put following :------/var/log/sudolog {rotate 90size 5Mpostrotate/usr/bin/killall -HUP syslogdendscript}------4....
Friday, 23 September 2011
Details about SUID, SGID and Sticky bit permission on linux os
Posted on 00:50 by Unknown
* SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed. * SGID or setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file). * Sticky bit. It was used to trigger process to...
What are the CPU states found in "top" output?
Posted on 00:04 by Unknown
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st# us -> User CPU time: The time the CPU has spent running users’ processes that are not niced.# sy -> System CPU time: The time the CPU has spent running the kernel and its processes.# ni -> Nice CPU time: The time the CPU has spent running users’ process that have been niced.# wa -> iowait: Amount of time the CPU has been waiting for I/O to complete.# hi -> Hardware IRQ: The amount of time the CPU has been servicing hardware interrupts.# si -> Software...
Wednesday, 21 September 2011
How to check details of the rpm pacakge which is yet not installed?
Posted on 22:33 by Unknown
Pass "-qpil" to rpm command. As an example :#rpm -qpil tftp-0.49-7.el6.x86_64.rpmName : tftp Relocations: (not relocatable)Version : 0.49 Vendor: Red Hat, Inc.Release : 7.el6 Build Date: Mon 18 Jul 2011 03:10:21 PM EDTInstall Date: (not installed) Build Host: x86-002.build.bos.redhat.comGroup : Applications/Internet Source RPM: tftp-0.49-7.el6.src.rpmSize : 46554 License: BSDSignature : (none)Packager...
Saturday, 17 September 2011
How to access windows share from Linux machine
Posted on 02:10 by Unknown
Ans : Mount windows share using cifs file system (a kernel module) or add mount entries in fstab fileExample :#mount -t cifs \\Win_IP\WIN_SHARE /mnt or# cat /etc/fstab . . . . . \\win_ip\winshare /mnt cifs credentials=/root/.smbpasswd 0 0Note :win_ip = win server name = win IP winshare = share directory on windows./mnt = mounted directory on linux/root/.smbpasswd = contains login credentials to access windows sharecifs = filesytem nameManual test :$smbclient -L //win_ip -U workgroup/win_userNote : You can configure autofs to automatically...
Friday, 16 September 2011
How do I determine if my x86-compatible Intel system is multi-processor, multi-core or supports hyperthreading?
Posted on 12:07 by Unknown
Guys,We need to know about multi-processor, multi-core or supports hyperthreading. Here are the details :Physical ID (Physical processor or socket ID): The physical id value is a number assigned to each processor socket. The number of unique physical id values on a system tells you the number of CPU sockets that are in use. All logical processors (cores or hyperthreaded images) contained within the same physical processor will share the same physical id value.Siblings (ie chield , logical processor): The siblings value tells you how many logical...
How to check whether current running kernel is tainted(contaminated) or not ?
Posted on 12:05 by Unknown
The Linux kernel maintains a"taint state" which is included in kernel error messages. The taint state provides an indication whether something has happened to the running kernel that affects whether a kernel error or hang can be troubleshoot effectively by analysing the kernel source code. Some of the information in the taint relates to whether the information provided by the kernel in an error message can be considered trustworthy.Following command could be used :# cat /proc/sys/kernel/tainted536870912Use the following to decipher the taint value...
How to find out which process is using swap space?
Posted on 03:31 by Unknown
If we would like to sort out the running or queueing process as per swap usage we can do like :#top Then press capital "o" (ie "O") followed by "p" and press enter. Now processes should be sorted by their swap usage.We can also use bash script to pick up the process from /proc file system. So, use the following script :-----#!/bin/bash# Get current swap usage for all running processesSUM=0OVERALL=0for DIR in `find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]"` ; doPID=`echo $DIR | cut -d / -f 3`PROGNAME=`ps -p $PID -o comm --no-headers`for...
Wednesday, 14 September 2011
Ethernet Device firmware and Linux kernel
Posted on 22:21 by Unknown
Guys,I would like to just clarify about the firmware of Ethernet(NIC) and firmware that comes along with Linux kernel. Both are two different but their aim is same. Hardware vendor deploys firmware(certain amount of code or program to interact with hardware) in NVRAM (non-volatile RAM not normal RAM). Once we attach the NIC with machine it'll be automatically activated. We can view its version like :#ethtool -i eth0Now kernel also contains firmware. This will be loaded in RAM and will override on vendor provided firmware. So, this firmware will...
Saturday, 10 September 2011
Concept about Linux Page Cache and pdflush
Posted on 12:32 by Unknown
Concept about Linux Page Cache and pdflush :When we try to write data, Linux caches this information in an area of memory called the page cache. We can check this cache memory using free, vmstat or top command. Even we can get information in /proc/meminfo. [kmaiti@kmaiti ~]$ cat /proc/meminfo MemTotal: 3848964 kBMemFree: 2463928 kBBuffers: 98976 kBCached: 408372 kBSwapCached: 0 kBActive: 616324 kBInactive: 380376 kBActive(anon): 489800 kBInactive(anon): 58324 kBActive(file):...
What is I/O Scheduler for a Hard Disk on linux?
Posted on 12:24 by Unknown
The 2.6 LinuxKernel includes selectable I/O schedulers. They control the way the Kernel commits reads and writes to disks – the intention of providing different schedulers is to allow better optimisation for different classes of workload.Why does kernel need IO scheduler?ANS : Without an I/O scheduler, the kernel would basically just issue each request to disk in the order that it received them. This could result in massive HardDisk thrashing: if one process was reading from one part of the disk, and one writing to another, the heads would have...
Wednesday, 7 September 2011
How sendmail works?
Posted on 11:55 by Unknown
How sendmail works?Outbound email :1. MUA passes the email to sendmail , which creates in the /var/spool/mqueue (mail queue) directory two files that hold the message while sendmail processes it.2. To create a unique filename for a particular piece of email, sendmail generates a random string and uses that string in filenames pertaining to the email.3. The sendmail daemon stores the body of the message in a file named df (data file) followed by the generated string.4. It stores the headers and other information in a file named qf (queue file) followed...
How to send one mail to "relay server"(another mail server) using sendmail?
Posted on 10:23 by Unknown
1. Configure sendmail as stated at http://kmaiti.blogspot.com/2011/09/how-to-install-and-configure-sendmail.html2. edit /etc/mail/sendmail.mcAdd this line to sendmail.mc:define(`SMART_HOST',`[smarthost.example.net]')dnl3. Rebuild the sendmail.cf :#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf4.Restart sendmail:/etc/rc.d/init.d/sendmail restart5. Now send mail and check the maillog. Log will show relay name. If above is configured on 192.168.1.2. If relay server is 192.168.1.3 and if SMTP server which will actually receive mail is : 192.168.1.4...
How to install and configure sendmail?
Posted on 10:22 by Unknown
Ans :1. Install : #yum install sendmail*#yum install m4*2. vi /etc/mail/sendmail.mc Make commented like to accept all network :----dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl----save this file.3. Execute following command :#m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf4. Dont forget to add the following line to your /etc/hosts.allow file:----sendmail: ALL----5. Set DAEMON to yes in /etc/sysconfig/sendmail----DAEMON=yesQUEUE=1h----5. Do following :#chkconfig sendmain on#service sendmail startTesting :1. Check whether port...
Tuesday, 6 September 2011
What is arp?
Posted on 11:26 by Unknown
What is arp?Ans : This is a command to manipulate the system ARP cache. Arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.Note : This program is obsolete. For replacement check ip neighborAdd entry of another machine's IP and MAC address :#arp -s arp -i eth0 -s 10.65.211.133 00:16:3e:74:8d:85 pubView the arp cache :#arp -n #arp -vDelete arp cache entry :#arp -d Cache...
Monday, 5 September 2011
What is the magic SysRq key?
Posted on 11:28 by Unknown
What is the magic SysRq key?It is a 'magical' key combo you can hit which the kernel will respond to regardless of whatever else it is doing, unless it is completely locked up.How do I enable the magic SysRq key?1. CONFIG_MAGIC_SYSRQ=yes in kernel config file(which has inside /boot)2. in /proc/sys/kernel/sysrq: echo value > /proc/sys/kernel/sysrqvalue = 0 - disable sysrq completely 1 - enable all functions of sysrq 2 - enable control of console logging level 4 - enable control of keyboard (SAK, unraw)...
Sunday, 4 September 2011
ACL and MASK in linux
Posted on 10:01 by Unknown
When we set default ACL permission along with masking then there should not be any effect of masking bit. But apart from above all, mode of file and directory gets preference at kernel level. While we create any file, kernel passes mode 0666 to its *open* system call and it passes mode 0777 to *mkdir* system call during creating directory. Then based on the value of umask it sets permission of the file and directory. We know effective permission is mapped to masking permission while we pass extended attributes to setfacl. So, directory can inherit...
How does linux system set permission of files and directories while it uses default mask?
Posted on 09:48 by Unknown
Ans : Kernel system call(open and mkdir) passes mode/permission 0666 to file and 0777 to directory during creation of file or directory. These are default value. As per value of umask it calculates permission by doing NOT AND logic operation. I shall describe how permissions are set. As per this mode, file won't get execution any time but directory will get. Bash and console program uses 666 for file and 777 for directory. To confirm this I have analysed one umask value and calculated exact permission of file and directory.Lets say we set umask...
Subscribe to:
Posts (Atom)