DNS Master and Slave Configuration

-->

DNS Server

DNS server is part of a global network of server that translate host name like www.facebook.com into numeraical IP address like 119.82.69.202 which computer on the Net use to communicate with each other. This is allow us to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

Types of DNS Server.

• A master DNS server for your domain(s), which stores authoritative records for your domain.
• A slave DNS server, which relies on a master DNS server for data.
• A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers.
• A forwarding-only DNS server, which refers all requests to other DNS servers.
  

Master DNS ( Primary DNS Server )

The authoritative server that contains the master zone file, which can be modified to update DNS information about the zone, is called the primary master server, or just master server.

Slave DNS ( Secondary DNS Server )

The additional name servers for the zone are called secondary servers or slave servers. Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server.

Here I am using RHEL 5.5 64 bit operating System.

Domain name is = facebook.com

Master IP = 10.64.10.1 and host name is = server.example.com

Slave IP = 10.64.10.2 and host name is = slave.example.com

client IP = 10.64.10.3 and host name is = client.example.com

How to Setup Master DNS ( Primary DNS) Server.

First we check some file.

[root@server ~]# cat /etc/sysconfig/network

[root@server ~]# cat /etc/resolv.conf

[root@server ~]# cat /etc/hosts

Install Required RPMs.

[root@server ~] # yum install bind* caching-nameserver

[root@server ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@server ~]# cd /var/named/chroot/etc/

[root@server etc]# cp -p named.caching-nameserver.conf named.conf

[root@server etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@server etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@server etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options { listen-on port 53 { 127.0.0.1; 10.64.10.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 10.64.10.0/24; }; allow-query-cache { localhost; 10.64.10.0/24; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; 10.64.10.0/24; }; match-destinations { localhost; 10.64.10.0/24; }; recursion yes; include "/etc/named.rfc1912.zones"; }; include “/etc/rndc.key”;

Now mention the zone files in.

[root@server etc]# vim named.rfc1912.zones

zone "facebook.com" IN { type master; file "facebook.com.zone"; allow-update { none; }; allow-transfer { 10.64.10.2; }; }; zone "10.64.10.in-addr.arpa" IN { type master; file "rev-facebook.com.zone"; allow-update { none; }; allow-transfer { 10.64.10.2; }; };

Now create fowared zones files.

[root@server ~]# cd /var/named/chroot/var/named/

[root@server named]# cp -p localhost.zone facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.facebook.com. (                                                           42 ; serial (d. adams)                                                           3H ; refresh                                                         15M ; retry                                                           1W ; expiry                                                          1D ) ; minimum                    IN NS master.facebook.com.                       IN NS slave.facebook.com. master       IN    A   10.64.10.1 slave          IN    A   10.64.10.2 client          IN    A  10.64.10.3

Now create reverse zone file.

[root@server named]# cp -p named.local rev-facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.master.facebook.com. (                                                                               42 ; Serial                                                                          28800 ; Refresh                                                                           14400 ; Retry                                                                        3600000 ; Expire                                                                         86400 ) ; Minimum                  IN NS master.facebook.com.                 IN NS slave.facebook.com. 1               IN    PTR    master. 2               IN   PTR     slave. 3               IN   PTR    client.

Now Restart service.

[root@server named]# /etc/init.d/named restart

Stopping named:                               [ OK ]

Starting named:                                [ OK ]

Now check Master is running file.

[root@server named]# nslookup 10.64.10.1 Server: 10.64.10.1 Address: 10.64.10.1#53 1.10.64.10.in-addr.arpa name = master.

Or

[root@server named]# nslookup master.facebook.com Server: 10.64.10.1 Address: 10.64.10.1#53 Name: master.facebook.com Address: 10.64.10.1

Or

[root@server named]# dig -x 10.64.10.1 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17417 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.10.64.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.10.64.10.in-addr.arpa. 86400 IN PTR master. ;; AUTHORITY SECTION: 10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com. 10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com. ;; ADDITIONAL SECTION: slave.facebook.com. 86400 IN A 10.64.10.2 master.facebook.com. 86400 IN A 10.64.10.1 ;; Query time: 1 msec ;; SERVER: 10.64.10.1#53(10.64.10.1) ;; WHEN: Tue Dec 25 06:04:19 2012 ;; MSG SIZE rcvd: 146

That means master is running fine.

How to Setup Slave DNS ( Secondary DNS) Server.

Install Required RPMs.

[root@slave ~] # yum install bind* caching-nameserver

[root@slave ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# cp -p named.caching-nameserver.conf named.conf

[root@slave etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@slave etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@slave etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options { listen-on port 53 { 127.0.0.1; 10.64.10.2; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; 10.64.10.0/24; }; allow-query-cache { localhost; 10.64.10.0/24; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; 10.64.10.0/24; }; match-destinations { localhost; 10.64.10.0/24; }; recursion yes; include "/etc/named.rfc1912.zones"; }; include “/etc/rndc.key”;

Now mention zone files.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# vim named.rfc1912.zones

zone "facebook.com" IN { type slave; file "slaves/facebook.com.zone"; masters { 10.64.10.1; }; }; zone "10.64.10.in-addr.arpa" { type slave; file "slaves/facebook.com.zone"; masters { 10.64.10.1; }; };

Now create the zones file.

[root@slave ~]# cd /var/named/chroot/var/named/slaves

[root@slave slaves]# vim facebook.com.zone

T$TL 86400 @ IN SOA master.facebook.com. root.facebook.com. ( 2010031200 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum

[root@slave slaves]# vim rev-facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.facebook.com. (                                                                          42 ; serial (d. adams)                                                                         3H ; refresh                                                                       15M ; retry                                                                          1W ; expiry                                                                         1D ) ; minimum

Create the Symbol link

[root@slave ~]# ln -s /var/named/chroot/var/named/slaves/facebook.com.zone /var/named/slaves/facebook.com.zone

[root@slave ~]# ls -la /var/named/slaves/facebook.com.zone

lrwxrwxrwx 1 root root 52 Dec 25 06:27 /var/named/slaves/facebook.com.zone -> /var/named/chroot/var/named/slaves/facebook.com.zone

Now change the permission

[root@slave ~]# chown named.named /var/named/chroot/var/named/slaves/rev-facebook.com.zone

[root@slave ~]# ls -l /var/named/chroot/var/named/slaves/rev-facebook.com.zone

-rw-r----- 1 named named 175 Dec 24 15:00 /var/named/chroot/var/named/slaves/rev-facebook.com.zone

Now Restart the service.

[root@slave ~]# /etc/init.d/named restart

Stopping named: [ OK ]

Starting named: [ OK ]

Now check the slave is working file.

[root@slave ~]# nslookup 10.64.10.2 Server: 10.64.10.2 Address: 10.64.10.2#53 2.10.64.10.in-addr.arpa name = slave.

Or

[root@slave ~]# nslookup slave.facebook.com Server: 10.64.10.2 Address: 10.64.10.2#53 Name: slave.facebook.com Address: 10.64.10.2

Or

[root@slave ~]# dig -x 10.64.10.2 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.2 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23303 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;2.10.64.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 2.10.64.10.in-addr.arpa. 86400 IN PTR slave. ;; AUTHORITY SECTION: 10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com. 10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com. ;; ADDITIONAL SECTION: slave.facebook.com. 86400 IN A 10.64.10.2 master.facebook.com. 86400 IN A 10.64.10.1 ;; Query time: 2 msec ;; SERVER: 10.64.10.2#53(10.64.10.2) ;; WHEN: Tue Dec 25 06:38:56 2012 ;; MSG SIZE rcvd: 145

Now check the client side.

[root@client ~]# nslookup 10.64.10.1 Server: 10.64.10.1 Address: 10.64.10.1#53 1.10.64.10.in-addr.arpa name = master. [root@client ~]# nslookup 10.64.10.2 Server: 10.64.10.1 Address: 10.64.10.1#53 2.10.64.10.in-addr.arpa name = slave.

                                                                                               

                                                                                         Thanks & Regards

                                                                                         Manish Singh Bhandari

How to install a looback interface in Ubuntu 12.04

            
                    How to install a looback interface in Ubuntu 12.04

After successful installation of GNS3, we will install loopback adapter on our Ubuntu,Centos, Redhat and Fedora systems, so that we can telnet into your routers.

Loopback tap installation on Ubuntu 12.04

$ sudo –i
#apt-get install uml-utilities
#modprobe tun
#tunctl                                       ( This will create loopback interface tap0 )
#ifconfig tap0 10.64.10.100 netmask 255.0.0.0 up
#ifconfig

If you want to add one more loopback interface

#tunctl                                       ( This will create loopback interface tap1 )
#ifconfig tap1 10.64.10.100 netmask 255.0.0.0 up

Loopback tap installation on Centos/Redhat/Fedora.We need tunctl which is not available in our local repositories. So we’ll have to add RPMForge
repository. Steps to add this repo is given here

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge (Steps are the same for other 2 distros as well)

Ok lets install tunctl

$ su -
Password:                                       (Type in your root password here)
# yum install tunctl
# modprobe tun
# cd /usr/sbin
#./tunctl                                     ( This will create loopback interface tap0 )
# /sbin/ifconfig tap0 10.100.100.100 netmask 255.255.255.0 up
# /sbin/ ifconfig                ( verify that tap0 is up and given ip is assigned.)

If you want to add one more loopback interface

#./tunctl                                        ( This will create loopback interface tap1 )
# /sbin/ifconfig tap1 10.100.101.100 netmask 255.255.255.0 up

Important: Add these lines to iptables

sudo iptables -I INPUT -j ACCEPT -i tap0
sudo iptables -I OUTPUT -j ACCEPT -o tap0

How to configure the DNS Server in RHEL5.5

DNS Server

The Domain Name Server plays an important role in making Internet traffic possible. A DNS server is part of a global network of servers that translate host names, like www.facebook.com, into numerical IP (Internet Protocol) addresses, like 208.20.202.20, which computers on the Net use to communicate with each other. This allows us to use easy to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

The advantage of having your own DNS server is it can process requests for traffic on your internal network without having to rely on another DNS server outside of your network. All the traffic is localized on your secure and internal network. Basically, this is a security feature because your LAN is essentially "hidden" from the outside world.

Real Time's DNS Servers run on Linux, giving them the stability and reliability everyone needs. It's also very cost effective because, like other Linux servers, a Linux DNS server can run on less expensive hardware than other operating systems.

As part of the installation, Real Time will also configure the server to your needs and specifications while keeping security as a top priority. Since it is built and designed in house, the server can be completely customized.
 

-->

How to configure the DNS Server in RHEL5.5

[root@node1 ~]# yum install bind* caching-nameserver

[root@node1 ~]# /etc/init.d/named restart;chkconfig named on

[root@node1 ~]# cd /var/named/chroot/etc/

[root@node1 ~]# cp -p named.caching-nameserver.conf named.conf

[root@node1 ~]# vim named.rfc1912.zones

Copy two zone in this file;

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

[root@node1 ~]# vim named.conf

Change few things in this file:

// named.caching-nameserver.conf

//

// Provided by Red Hat caching-nameserver package to configure the

// ISC BIND named(8) DNS server as a caching only nameserver

// (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// DO NOT EDIT THIS FILE - use system-config-bind or an editor

// to create named.conf - edits to this file will be lost on

// caching-nameserver package upgrade.

//

options {

listen-on port 53 { 127.0.0.1; 10.64.10.1; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

allow-query { 10.64.10.1; };

};

##############################################

zone "node1.example.com" IN {

type master;

file "node1.fow.zone";

allow-update { none; };

};

zone "10.64.10.in-addr.arpa" IN {

type master;

##############################################

[root@node1 ~]# cd /var/named/chroot/var/named

[root@node1 ~]# cp -p localhost.zone node1.fow.zone

[root@node1 ~]# cp -p named.zero node1.rev.zone

[root@node1 ~]# vim node1.fow.zone

Before change in this file:

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

After change in this file:#####################################

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

NS node1.example.com

A 10.64.10.1

[root@node1 ~]# vim node1.rev.zone

Befor chane in this file.

$TTL 86400

@ IN SOA localhost. root.localhost. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost.

###################################################

After chage in this file:

$TTL 86400

@ IN SOA node1.example.com root.node1.example.com (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1 IN NS node1.example.com

[root@node1 ~]# vim /etc/resolve.conf

nameserver 10.64.10.1

root@node1 ~]# /etc/init.d/named restart

Stopping named: . [ OK ]

Starting named: [ OK ]

How to check DNS Server is working

[root@node1 ~]# nslookup 10.64.10.1

Server: 10.64.10.1

Address: 10.64.10.1#53

1.10.64.10.in-addr.arpa name = node1.example.com.10.64.10.in-addr.arpa.

[root@node1 ~]# nslookup node1.example.com

Server: 10.64.10.1

Address: 10.64.10.1#53

Name: node1.example.com

Address: 10.64.10.1

Name: node1.example.com

Address: 127.0.0.1

Thanks & Regards

Manish Bhandari

rsync and Scp command in Linux

How to use Scp command in Linux Operating System.

With the scp (secure copy) command you can easily copy from and to a remote computer or between remote computers.

root@manish.bhadnari#] scp <Source> <destibation>



How to use rsynce command in Linux Operating System.

rsync is a program that behaves in much the same way that scp does, but has many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file already exists.

The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using an efficient checksum-search algorithm described in the technical report that accompanies this package.



@ How to Install rsync command in Linux.

#yum install rsync


@Comman rsync command options

    --delete : delete files that don't exist on sender (system)
    -v : Verbose (try -vv for more detailed information)
    -e "ssh options" : specify the ssh as remote shell
    -a : archive mode
    -r : recurse into directories
    -z : compress file data


For more details for rsync read mention link:

http://linux.about.com/library/cmd/blcmdl1_rsync.htm

How to configure rssh on RHEL 5.5

Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only

If you want to chroot users, then use rssh support chrooting option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/manish normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

First download the rssh rpm (rssh-2.3.3-1.fc16.x86_64.rpm)

Configuring rssh chroot

chroot directory : /users

root@mansh.bhandari#] wget -c

Another url is wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm

ftp://ftp.univie.ac.at/systems/linux/fedora/releases/16/Everything/x86_64/os/Packages/rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] rpm -ivh rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] mkdir /users

root@mansh.bhandari#] mkdir -p /users/{dev,etc,lib,usr,bin}

root@mansh.bhandari#] mkdir -p /users/usr/bin

root@mansh.bhandari#] mkdir -p /users/usr/libexec/openssh/

root@mansh.bhandari#] mkdir -p /users/libexec/openssh

Create /users/dev/null:

root@mansh.bhandari#] mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:

root@mansh.bhandari#] cd /users/etc

root@mansh.bhandari#] cp /etc/ld.so.cache .

root@mansh.bhandari#] cp /etc/ld.so.conf .

root@mansh.bhandari#] cp /etc/nsswitch.conf .

root@mansh.bhandari#] cp /etc/passwd .

root@mansh.bhandari#] cp /etc/group .

root@mansh.bhandari#] cp /etc/hosts .

root@mansh.bhandari#] cp /etc/resolve.conf .

Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:

root@mansh.bhandari#] cd /users/usr/bin

root@mansh.bhandari#] cp /usr/bin/scp .

root@mansh.bhandari#] cp /usr/bin/rssh .

root@mansh.bhandari#] cp /usr/bin/sftp .

root@mansh.bhandari#] cd /users/usr/libexec/openssh/

root@mansh.bhandari#] cp /usr/libexec/openssh/sftp-server .

or

root@manish.bhandari#] cp /usr/lib/openssh/sftp-server . (not found)

root@manish.bhandari#] cd /users/usr/libexec/

root@manish.bhandari#] cp /usr/libexec/rssh_chroot_helper .

OR
root@manish.bhandari#] cp /usr/lib/rssh/rssh_chroot_helper (not found)

root@manish.bhandari#] cd /users/bin/

root@manish.bhandari#] cp /bin/sh .
OR
root@manish.bhandari#] cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:

ldd /usr/bin/sftp

Output:

linux-gate.so.1 =>  (0×00456000)

libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)

libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)

libutil.so.1 => /lib/libutil.so.1 (0x008ba000)

libz.so.1 => /usr/lib/libz.so.1 (0×00110000)

libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)

libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)

libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0×00656000)

libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0×00271000)

libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0×00304000)

libcom_err.so.2 => /lib/libcom_err.so.2 (0×00777000)

libdl.so.2 => /lib/libdl.so.2 (0×00123000)

libnss3.so => /usr/lib/libnss3.so (0×00569000)

libc.so.6 => /lib/libc.so.6 (0x00b6c000)

libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0×00127000)

libkeyutils.so.1 => /lib/libkeyutils.so.1 (0×00130000)

/lib/ld-linux.so.2 (0×00525000)

libplc4.so => /usr/lib/libplc4.so (0x008c9000)

libplds4.so => /usr/lib/libplds4.so (0×00133000)

libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)

libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)

libselinux.so.1 => /lib/libselinux.so.1 (0×00341000)

libsepol.so.1 => /lib/libsepol.so.1 (0×00964000)

You need to copy all those libraries to /lib and other appropriate location. However, I recommend using this automated script called l2chroot:

root@manish.bhandari#] cd /sbin

root@manish.bhandari#] wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt

root@manish.bhandari#] chmod +x l2chroot

Open l2chroot and set BASE variable to point to chroot directory (jail) location:

BASE=”/users”

Now copy all shared library files

root@manish.bhandari#] l2chroot /usr/bin/scp

root@manish.bhandari#] l2chroot /usr/bin/rssh

root@manish.bhandari#] l2chroot /usr/bin/sftp

root@manish.bhandari#] l2chroot /usr/libexec/openssh/sftp-server
OR
root@manish.bhandari#] l2chroot /usr/lib/openssh/sftp-server (not found)

root@manish.bhandari#] l2chroot /usr/libexec/rssh_chroot_helper
OR
root@manish.bhandari#] l2chroot /usr/lib/rssh/rssh_chroot_helper

root@manish.bhandari#] l2chroot /bin/sh
OR
root@manish.bhandari#]l2chroot /bin/bash

Modify syslogd configuration

root@mansh.bhandari#] vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS=”-m 0″
Append -a /users/dev/log
SYSLOGD_OPTIONS=”-m 0 -a /users/dev/log”
Save and close the file. Restart syslog:

root@manish.bhandari#] /etc/init.d/syslog restart

Set chroot path

Open configuration file /etc/rssh.conf:


root@manish.bhandari#] vi /etc/rssh.conf


Set chrootpath to /users


chrootpath=/users


user=manish:022:00010:”/users”
Save and close the file. If sshd is not running start it:


root@manish.bhandari#] /etc/init.d/sshd restart

Set chroot path:

root@manish.bhandari3] vim /etc/rssh.conf

chrootpath=/users

Subsystem sftp internal-sftp

root@manish.bhandari#] /etc/init.d/sshd restart

Add user to jail

root@manish.bhandari#] useradd -m -d /users/manish -s /usr/bin/rssh manish

root@manish.bhandari#] passwd manish

Now vivek can login using sftp or copy files using scp:

root@manish.bhandari#] sftp manish@192.168.100.xx

manish@192.168.100.x password

sftp>

sftp> ls

sftp > pwd

Remote working directory : /users/manish

sftp > cd /tmp

Couldn't canonicalise: No such file or directory

User manish is allowed to login to server to trasfer files, but not allowed to browse entier file system.

http://pensacola-tech.com/pensacola/2010/05/05/configure-rssh/

                                                                                                                                 Manish Bhandari

Process Monitoring Scripts in Linux

#!/bin/bash
#set -x
#
#Variable secetion 
#=====================================================
#list process to monitor in the variable below;
PROGRAM1="firefox"
#Variabele check to see if $PROGRAM1
#is running
APPCHK=$(ps aux | grep -c $PROGRAM1 )
#$Company & Site variable are for populating the alert email
COMPANY="Hungama"
SITE="JMX"
# $SUPPORTSTAFF is the recipient of our alert email
SUPPORTSTAFF="manish.bhandari@fosteringlinux.com"
#=======================================================
# The ‘if’ statement below checks to see if the process is running
# with the ‘ps’ command.  If the value is returned as a ’0′ then
# an email will be sent and the process will be safely restarted.
#
echo "COUNT IS " $APPCHK

if [ $APPCHK -eq '1' ];then
echo mail -s "Manish PBX at $COMPANY $SITE may be down " $SUPPORTSTAFF >> notrunning.log
else
echo "$PROGRAM1 is running $APPCHK processes" >> manish-check.log
fi
echo $APPCHK
exit

How to create new partition on Linux

Here i create new partition on 4 setps:

Step #1 For create new partition used fdisk command;

Following command will list all detected hard disks:
root@manish.bhandari#] fdisk -l | grep '^Disk'

Output:

Disk /dev/sda: 251.0 GB, 251000193024 bytes
Disk /dev/sdb: 251.0 GB, 251000193024 bytes

To partition the disk - /dev/sdb, enter:
root@manish.bhandari#] fdisk /dev/sdb

The basic fdisk commands you need are:

• m - print help
• p - print the partition table
• n - create a new partition
• d - delete a partition
• q - quit without saving changes
• w - write the new partition table and exit

for avoid to reboot the system type this command;

root@manish.bhandari#] partprobe

Step #2 Format the new disk partition using mkfs.ext3 or mkfs.ext4 command;

root@manish.bhandari#] mkfs.ext4 /dev/sdb1

Step #3 Mount the new partition using command but first you create mount point /manish and mount command to mount /dev/sdb1;

root@manish.bhandari#] mkdir /manish

root@manish.bhandari#] mount /dev/sdb1 /manish

root@manish.bhandari#] df -h

Step #4 Update /etc/fstab file for parment mount;

root@manish.bhandari#] vim /etc/fstab

/dev/sdb1                           /manish                           ext4                defaults           1   2


Thanks & Regards
                                                                                                                     Manish Bhandari

How to mount iso image in Linux

Q How to mount iso image in linux

 Ans root@manish.bhandari#] mount -o loop example.iso /mnt

        root@manish.bhandari#] ls /mnt

Now mount the iso permanently

root@manish.bhandari#] vim /etc/fstab

/iso/rhel-server-5.5-x86_64-dvd.iso /mnt        iso9660   loop          0 0



                                             That' s all

                                                                                                                    Thanks & Regards
                                                                                                                         Manish Bhandari

Virtulization in Linux

                                 KVM Installation and configuration

What is the difference between KVM and Xen?

Xen is an external hypervisor; it assumes control of the machine and divides resources among guests. On the other hand, KVM is part of Linux and uses the regular Linux scheduler and memory management. This means that KVM is much smaller and simpler to use; it is also more featureful; for example KVM can swap guests to disk in order to free RAM.

KVM only run on processors that supports x86 hvm (vt/svm instructions set) whereas Xen also allows running modified operating systems on non-hvm x86 processors using a technique called paravirtualization. KVM does not support paravirtualization for CPU but may support paravirtualization for device drivers to improve I/O performance.

System requirements:

Minimum system requirements:

• 6GB free disk space (6GB plus the required disk space recommended by the guest operating system per guest. For most operating systems more than 6GB of disk space is recommended. )
• 2GB of RAM. (2GB of RAM plus additional RAM virtualized guests.)

Xen para-virtualization requirements:
Para-virtualized guests require a Red Hat Enterprise Linux 5 installation tree available over the network using the NFS, FTP or HTTP protocols.

Xen full virtualization requirements:

Full virtualization with the Xen Hypervisor requires:
• an Intel processor with the Intel VT extensions,
• an AMD processor with the AMD-V extensions, or
• an Intel Itanium processor.

KVM requirements:

The KVM hypervisor requires:
• an Intel processor with the Intel VT and the Intel 64 extensions, or
• an AMD processor with the AMD-V and the AMD64 extensions.

Installation of XEN and KVM installation in RHELx 64 bit.

First create the yum server

root@manish.bhandari#] vim /etc/yum.repo/yum.repo
 [server]

 name=yum server

baseurl=file:///mnt/Server
gpgcheck=0

[VT]
name=VT
baseurl=file:///mnt/VT
gpgcheck=0
:wq!


Now check the virtualization flag

root@manish.bhandari#] egrep '(vmx|svm)' --color=always /proc/cpuinfo
or
root@manish.bhandari#] grep -E 'svm|vmx' /proc/cpuinfo

XEN virtualization required packages are:

XEN : The xen package contains the hypervisor and basic virtualization tools.

Kernel-xen : The kernel-xen package contains a modified Linux kernel which runs as a virtual machine guest on the hypervisor.
Python-virtinst : Provides the virt-install command for creating virtual machines.
libvirt : libvirt is an API library for interacting with hypervisors. libvirt uses the xm virtualization framework and the virsh command line tool to manage and control virtual machines.

libvirt-python : The libvirt-python package contains a module that permits applications written in the Python programming language to use the interface supplied by the libvirt API.
virt-manager : virt-manager, also known as Virtual Machine Manager, provides a graphical tool for administering virtual machines. It uses libvirt library as the management API.

root@manish.bhandari#] yum install xen kernel-xen virt-manager libvirt libvirt-python python-virtinst virt-manager

KVM virtualization required packages are:

KVM : The kvm package contains the KVM kernel module providing the KVM
hypervisor on the default Red Hat Enterprise Linux kernel.

root@manish.bhandari#] yum install virt-manager kvm* libvirt libvirt-python python-virtinst qemu*

Then start the libvirtd service :

root@manish.bhandari#] /etc/init.d/libvirtd start

To check if KVM has successfully been installed, run

root@manish.bhandari#] virsh -c qemu:///system list

It should display something like this:
Id Name
State
----------------------------------

To configure the bridge create a file br0

root@manish.bhandari#] vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
GATEWAY=192.168.4.1
IPADDR=192.168.4.12       (bash machine IP)
NETMASK=255.255.255.0
ONBOOT=yes
Modify /etc/sysconfig/network-scripts/ifcfg-eth0 as follow

root@manish.bhandri#] vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
#BOOTPROTO=none
#DNS1=145.253.2.75
#GATEWAY=192.168.0.1
HWADDR=00:1e:90:f3:f0:02
#IPADDR=192.168.4.12
#NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0

Then restart the system
root@manish.bhandari#] init 6

Now run the following command to start virtual machine.

root@manish.bhandari#] virt-manager

Then install virtual machine as your requirement :

                                                                                                                    Thanks &  Regards
                                                                                                                     Manish Bhandari