Thursday, April 28, 2016

SHELL Scripting

Example1:

 #/bin/bash

a=''
case $@ in
        testfile) for user in $(cat $1);do
                echo "Adding user:" $user
                useradd -s /bin/false $user
                done
                ;;
        $a) echo "Usage: /root/createusers"
                ;;
        *) echo "Input File Not Found"

esac


Example2:

#!/bin/bash
case $@ in
postconf)
         echo "postroll"
         ;;
postroll)
         echo "postconf"
         ;;
*)
         echo "/root/random postconf|postroll"
         ;;
esac

Example3:

#/bin/bash

for (( counter=100; counter>1; counter-- ));do
        echo $counter
done
exit 0

Posted by at 1 comment:

Managing MariaDB

Creating database environment
  • yum -y install mariadb mariadb-libs mariadb-test
  • systemctl start mariadb
  • systemctl enable mariadb
  • mysql_secure_installation
    • set mysql root password
Creating a Database
  • mysql -uroot -p
    • create database friends;
    • use friends;
    • MariaDB [friends]> create table name (FirstName VARCHAR(40), LastName VARCHAR(40), age INT, year INT);
    • MariaDB [friends]> insert into name (FirstName,LastName,age,year) values ('Ion','Rivera',35,2010);
    • MariaDB [friends]> insert into name (FirstName,LastName,age,year) values ('Syl','Carrion',35,2010);
    • MariaDB [friends]> insert into name (FirstName,LastName,age,year) values ('Harold','Gray',35,2010);

MariaDB [friends]> select * from name;
+-----------+----------+------+------+
| FirstName | LastName | age  | year |
+-----------+----------+------+------+
| Ion       | Rivera   |   35 | 2010 |
| Syl       | Carrion  |   35 | 2010 |
| Harold    | Gray     |   35 | 2010 |
+-----------+----------+------+------+
3 rows in set (0.01 sec)

Managing User
  • MariaDB [(none)]> create user erick@localhost identified by '123456';
  • MariaDB [mysql]> select user from user where user='erick';
  • MariaDB [mysql]>use friends;
  • MariaDB [friends]> grant select,update,insert,delete on friends.* to erick@localhost;
  • MariaDB [friends]> flush privileges;
  • MariaDB [friends]> show grants for erick@localhost;
MariaDB [friends]> show grants for erick@localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for erick@localhost                                                                                   |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'erick'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `friends`.* TO 'erick'@'localhost'                                   |
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
  • [root@server6 ~]# mysql -uerick -p
  • MariaDB [(none)]> quit
Backing up Database
  • Creating a Logical Database Backup
    • mysqldump -u root -p friends > /root/friends-db.dump
    • mysqldump -u root -p --all-databases > /root/all-db.dump
  • Creating a Physical Database Backup
    • mount |grep mysql
    • mysql -uroot -p
    • MariaDB [(none)]> flush tables with read lock; or systemctl stop mariadb
    • [root@server6 ~]# lvcreate -L 5G -s -n lv_mariadb-snapshot /dev/vgsan/lv_mariadb
    • MariaDB [none]> unlock tables;
    • mkdir /mariadb_snapshot
    • mount -o nouuid /dev/vgsan/lv_mariadb-snapshot /mariadb_snapshot/
    • tar -cvf mariadb-snapshot.04-28-2016.tar /mariadb_snapshot/
    • umount /mariadb_snapshot
    • tar -tvf mariadb-snapshot.04-28-2016.tar
Restoring a Database backup
  • Logical Backup
    • mysql -u root -p < mariadb.backup
  • Physical Backup
    • systemctl stop mariadb
    • rm -rf /var/lib/mysql/*
    • tar -xvf mariadb-snapshot.tar -C /var/lib/
    • mv mariadb_snapshot/* mysql/
    • rm -rf mariadb_snapshot
    • semanage fcontext -a -t mysqld_db_t "(/var/lib/.*?)"
    • restorecon -Rv /var/lib/
Posted by at No comments:

Wednesday, April 27, 2016

Managing SSH

Configuring Key-based Authentication
  • generate key
    • ssh-keygen -t dsa
  • copy key to another server
    • ssh-copy-id server2
  • ssh without typing the key passphrase
    • ssh-agent /bin/bash
    • ssh-add

[root@server6 ~]# ssh-agent /bin/bash
[root@server6 ~]# ssh-add
Enter passphrase for /root/.ssh/id_dsa:
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
[root@server6 ~]# ssh server7
Last login: Wed Apr 27 17:20:44 2016 from 192.168.23.148

Changing ssh port
  • vim /etc/ssh/sshd_config
    • Port 2022
    • semanage port -a -t ssh_port_t -p tcp 2022
    • semanage port -l|grep ssh
      • ssh_port_t                     tcp      2022, 22
    • firewall-cmd --permanent --add-port=2022/tcp
    • firewall-cmd --reload
Creating SSH Tunnels
  • on server1
    • ssh -fNL 4444:server8.example.com:80 root@server7.example.com -p 2022
    • elinks http://localhost:4444
[root@server6 ~]# netstat -tulpen|grep -i ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          22725      1694/sshd
tcp        0      0 127.0.0.1:4444          0.0.0.0:*               LISTEN      0          174870     15288/ssh
tcp6       0      0 :::22                   :::*                    LISTEN      0          22734      1694/sshd
tcp6       0      0 ::1:4444                :::*                    LISTEN      0          174869     15288/ssh

  • ssh -fNL 2020:www.sandervanvugt.nl:80 root@server8.example.com
  • elinks http://www.sandervanvugt.nl:2020
Posted by at No comments:

Setting up an SMTP server

Email Server Roles

  • Email Transmission: SMTP
  • Email Reception: POP, IMAP
  • End user mail clients: Evolution, mutt
Configuring postfix
  • on server1
  • vim /etc/postfix/main.cf
    • inet_interfaces = all
    • myorigin = example.com
    • mydestination=
    • inet_protocols=ipv4
  • on server2
    • relayhost = [server1.example.com]
    • inet_interfaces = loopback-only
    • mynetworks = 127.0.0.0/8 [::1]/128
    • mydestination=
    • inet_protocols=ipv4
  • send mail from server2 to a user on server1.
Posted by at No comments:

Configuring iSCSI Target and Initiator

Configuring iSCSI Target

  • installation
    • yum -y install targetcli
    • systemctl start target
    • systemctl enable target
  • enable iscsi-target service in firewalld
    • firewall-cmd --permanent --add-service=iscsi-target
    • firewall-cmd --reload
  • using partition
    • fdsik /dev/sdb
    • create new 3G partition
      • n
      • p
      • +3G
      • w
  • if DNS is not configured make sure to add servers in /etc/hosts
    • 192.168.23.145 server6 server6.example.com
    • 192.168.23.144 server7 server7.example.com
    • 192.168.23.146 server8 server8.example.com

  • configuring target
    • targetcli
      • create block
        • cd backstores
          • /backstores> block/ create block1 /dev/vgsan/lv_san1
          • /backstores> block/ create block2 /dev/vgsan/lv_san2
      • create target
        • cd iscsi
          • /iscsi> create iqn.2016-04.com.example:target
      • create acls
        • /iscsi> cd iqn.2016-04.com.example:target/
        • /iscsi/iqn.20...xample:target> cd tpg1/
        • /iscsi/iqn.20...e:target/tpg1> acls/ create iqn.2016-04.com.example:server7
        • /iscsi/iqn.20...e:target/tpg1> acls/ create iqn.2016-04.com.example:server8
      • create luns
        • /iscsi/iqn.20...e:target/tpg1> luns/ create /backstores/block/block1
        • /iscsi/iqn.20...e:target/tpg1> luns/ create /backstores/block/block2
      • configure portals - if 0.0.0.0:3260 is already exist delete it first.
        • /iscsi/iqn.20...e:target/tpg1> portals/ delete 0.0.0.0 3260
        • /iscsi/iqn.20...e:target/tpg1> portals/ create 192.168.23.145 3260 <-- IP of target server.
/> ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 2]
  | | o- block1 ................................................................. [/dev/vgsan/lv_san1 (2.0GiB) write-thru activated]
  | | o- block2 ................................................................. [/dev/vgsan/lv_san2 (2.0GiB) write-thru activated]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 1]
  | o- iqn.2016-04.com.example:target .................................................................................... [TPGs: 1]
  |   o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
  |     o- acls .......................................................................................................... [ACLs: 2]
  |     | o- iqn.2016-04.com.example:server7 ...................................................................... [Mapped LUNs: 1]
  |     | | o- mapped_lun0 ................................................................................ [lun0 block/block1 (rw)]
  |     | o- iqn.2016-04.com.example:server8 ...................................................................... [Mapped LUNs: 1]
  |     |   o- mapped_lun1 ................................................................................ [lun1 block/block2 (rw)]
  |     o- luns .......................................................................................................... [LUNs: 2]
  |     | o- lun0 .............................................................................. [block/block1 (/dev/vgsan/lv_san1)]
  |     | o- lun1 .............................................................................. [block/block2 (/dev/vgsan/lv_san2)]
  |     o- portals .................................................................................................... [Portals: 1]
  |       o- 192.168.23.145:3260 .............................................................................................. [OK]
  o- loopback ......................................................................................................... [Targets: 0]


Configuring iSCSI Initiator

  • in server7.example.com
    • yum -y install iscsi-initiator-utils
    • systemctl start iscsi
    • systemctl enable iscsi
    • vim /etc/iscsi/initiatorname.iscsi
      • InitiatorName=iqn.2016-04.com.example:server7
    • discover targets at a given IP address
      • command is very long to memorize "man iscsiadm" and see the example at the bottom.
      • iscsiadm --mode discoverydb --type sendtargets --portal 192.168.23.145 --discover
    • login
      • command is very long to memorize "man iscsiadm" and see the example at the bottom
      • iscsiadm --mode node --targetname iqn.2016-04.com.example:target --portal 192.168.23.145:3260 --login
[root@server7 ~]# iscsiadm --mode discoverydb --type sendtargets --portal 192.168.23.145 --discover
192.168.23.145:3260,1 iqn.2016-04.com.example:target
[root@server7 ~]# iscsiadm --mode node --targetname iqn.2016-04.com.example:target --portal 192.168.23.145:3260 --login
Logging in to [iface: default, target: iqn.2016-04.com.example:target, portal: 192.168.23.145,3260] (multiple)
Login to [iface: default, target: iqn.2016-04.com.example:target, portal: 192.168.23.145,3260] successful.

  • to check 
    • yum -y install lsscsi
    • lsscsi
[root@server7 ~]# lsscsi
[1:0:0:0]    cd/dvd  NECVMWar VMware IDE CDR10 1.00  /dev/sr0
[2:0:0:0]    disk    VMware,  VMware Virtual S 1.0   /dev/sda
[2:0:1:0]    disk    VMware,  VMware Virtual S 1.0   /dev/sdb
[3:0:0:0]    disk    LIO-ORG  block1           4.0   /dev/sdc  <--iscsi device

  • creating filesystem using iscsi device
    • mkdir /data
    • mkfs.xfs /dev/sdc
  • make the filesystem persistent upon boot
    • vim /etc/fstab
      • /dev/sdc /data  xfs     _netdev 0 0 <--make sure to put _netdev - network device
      • mount /data
[root@server7 ~]# df -h /data
Filesystem      Size  Used Avail Use% Mounted on
/dev/sdc        2.0G   33M  2.0G   2% /data


Posted by at No comments:

Tuesday, April 26, 2016

Setting up SAMBA server


  • Accessing samba share
    • smbclient -L //localhost
    • smbclient -U erick //localhost/data
  • Mounting samba share
    • yum -y install cifs-utils
      • mount -o username=erick //localhost/share /mnt
  • Installation
    • yum -y install samba samba-client
    • systemctl start smb nmb
    • systemctl enable smb nmb
    • firewall-cmd --permanent --add-service=samba
    • firewall-cmd --reload
  • Creating share with read access from specific user, changing workgroup and allowing specific network.
    • Create linux and samba user <-- linux user should exist first, before creating samba user.
      • useradd -s /sbin/nologin erick
      • smbpasswd -a erick
    • mkdir /sambashare
      • semanage fcontext -a -t samba_share_t "/sambashare(/.*)?"
      • restorecon -R -v /sambashare
      • setfacl -m u:erick:r-X /sambashare
      • getfacl /sambashare
    • vim /etc/samba/smb.conf
[global]
workgroup = TESTGROUP

[data]
        comment = data
        path = /sambashare
        browseable = yes
        writable = yes
        valid users = erick
        read only = yes
        hosts allow = 192.168.23.
    • systemctl restart smb
    • testparm <--checking configuration
    • smbclient -U erick //localhost/data <--test
  • Creating share with read/write and read access from multiple user.
    • Create linux and samba user <-- linux user should exist first, before creating samba user.
      • useradd -s /sbin/nologin dimple
      • useradd -s /sbin/nologin andrei
      • smbpasswd -a dimple
      • smbpasswd -a andrei
    • mkdir /sambashare2
      • semanage fcontext -a -t samba_share_t "/sambashare2(/.*)?"
      • restorecon -R -v /sambashare2
      • setfacl -m u:dimple:rwX /sambashare2
      • setfacl -m u:andrei:r-X /sambashare2
      • getfacl sambashare2
    • vim /etc/samba/smb.conf
[data2]
        comment = data2
        path = /sambashare2
        browseable = yes
        writable = yes
        valid users = dimple andrei
        read only = no

    • systemctl restart smb
    • testparm <--checking configuration
    • to test
      • yum -y install cifs-utils
      • mount -o username=dimple //localhost/data2 /dimple
        • user dimple should have rwx permission to data2
[root@server2 dimple]# df -h .
Filesystem         Size  Used Avail Use% Mounted on
//localhost/data2   18G  4.2G   14G  24% /dimple
[root@server2 dimple]# touch dimple.txt
[root@server2 dimple]# ls -l dimple.txt
-rw-r--r--. 1 dimple dimple 0 Apr 26 12:13 dimple.txt
      • mount -o username=andrei //localhost/data2 /andrei
        • user andrei should have read only access to data2
[root@server2 andrei]# df -h .
Filesystem         Size  Used Avail Use% Mounted on
//localhost/data2   18G  4.2G   14G  24% /andrei
[root@server2 andrei]# touch andrei.txt
touch: cannot touch ‘andrei.txt’: Permission denied

  • SMB multiuser mount
    • yum -y install cifs-utils
    • mkdir -p /mnt/sambashare
    • vim /root/smb-multiuser.txt
      • username=dimple
      • password=123456
    • chmod 0600 /root/smb-multiuser.txt
    • vim /etc/fstab
      • //server2/data2 /mnt/sambashare cifs defaults,sec=ntlmssp,credentials=/root/smb-multiuser.txt,multiuser 0 0
[root@server3 sambashare]# df -h .
Filesystem       Size  Used Avail Use% Mounted on
//server2/data2   18G  4.2G   14G  24% /mnt/sambashare
[root@server3 sambashare]# ls -l
total 4
-rw-r--r--. 1 1001 1001 17 Apr 26 12:19 dimple.txt
-rw-r--r--. 1 1001 1001  0 Apr 26 12:26 sample.txt

Posted by at No comments:

Setting up Kerberized NFS



  • Setting up Selinux for NFS
    • vim /etc/sysconfig/nfs
      • RPCNFSDARGS="-V 4.2"
    • semanage fcontext  -a -t public_content_rw_t "/secureshell(/.*)?"
    • restorecon -R -v /secureshare/

  • On NFS Server
    • make the keytab available in NFS server
      • cp /tmp/nfs.keytab /etc/krb5.keytab
    • start and enable nfs-server and nfs-secure-server
      • systemctl start nfs-server
      • systemctl enable nfs-server
      • systemctl start nfs-secure-server
      • systemctl enable nfs-secure-server
    • mkdir /secureshare
    • vim /etc/exports
      • /secureshare *.example.com(sec=krb5p,rw)
    • exportfs -r
    • firewall-cmd --permanent --add-service=nfs
    • firewall-cmd  --reload
  • On NFS Client server
    • make the keytab available in NFS client
      • cp /tmp/nfs.keytab /etc/krb5.keytab
    • systemctl start nfs-secure
    • systemctl enable nfs-secure
    • mount -o sec=krb5p,v4.2 server2:/secureshare /mnt
    • vim /etc/fstab
      • server2:/secureshare /mnt nfs defaults,v4.2,sec=krb5p 0 0
Before:

[root@server3 ~]# ls -dZ /secureshare
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /secureshare

After:

[root@server3 ~]# ls -dZ /secureshare
drwxr-xr-x. root root unconfined_u:object_r:public_content_rw_t:s0 /secureshare
Posted by at No comments:
Subscribe to: Posts (Atom)