How to configure Yum server in Rhel5, Rhel6,

                                             How to configure Yum server in Rhel6

What is Yum Server?

YUM stands for Yellow dog Updater Modified, is a easy way to install, update  rpm packages on linux operating system and also there dependencies automatically.

Why is need?

In RHEL4 installing packages is a tedious process, some times its headache to install all the dependencies. So Red-hat come with a solution to overcome this dependencies problem in most situations, the solution for this is nothing but YUM implementation. This will resolve this dependency issue and other known issues.

In Rhel we can create two type of yum servers.

• Local yum server
• Sharing yum server  

Now I am going to configure local yum server.

1. First you create the directory where you copy the DVD.

root@localhost#] mkdir /yum

mount the DVD

root@localhost#] mount /media/DVD /yum
root@localhost#] cd /media/DVD
root@localhost#] cp -rv * /yum

now create the repo file for yum server

root@localhost#] vim /etc/yum.repos.d/server.repo
[yum]
name=yum
baseurl=file:///yum
enabled=1
gpgcheck=0

After you can check it by using this command

root@localhost#] yum list all

Now I am going to create sharing yum server in linux

We can use yum server in network as yum client through FTP and HTTP.

First you install vsftpd package for FTP

root@localhost#] rpm -ivh vsftpd

after that you mount the DVD as you want like mnt

root@localhots#] mount /media/DVD /mnt

and copy it into ftp default location.

root@localhost#] cd /mnt

root@localhost#] cp -rv * /var/ftp/pub

Now create the repo file in server

root@localhost#] vim /etc/yum.repos.d/server.repo
[server]
name=yum
baseurl=file:///var/ftp/pub
gpgcheck=0

Now if client want to use yum sverer then he can used through FTP or HTTP

On client side

root@localhost#] vim /etc/yum.repos.d/client.repo
[server]
name=yum
baseurl=ftp://192.168.2.1/pub/
gpgcheck=0

Now you can check it through command

root@localhost#] yum list all

We can do same from httpd

DNS Master and Slave Configuration

-->

DNS Server

DNS server is part of a global network of server that translate host name like www.facebook.com into numeraical IP address like 119.82.69.202 which computer on the Net use to communicate with each other. This is allow us to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

Types of DNS Server.

• A master DNS server for your domain(s), which stores authoritative records for your domain.
• A slave DNS server, which relies on a master DNS server for data.
• A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers.
• A forwarding-only DNS server, which refers all requests to other DNS servers.
  

Master DNS ( Primary DNS Server )

The authoritative server that contains the master zone file, which can be modified to update DNS information about the zone, is called the primary master server, or just master server.

Slave DNS ( Secondary DNS Server )

The additional name servers for the zone are called secondary servers or slave servers. Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server.

Here I am using RHEL 5.5 64 bit operating System.

Domain name is = facebook.com

Master IP = 10.64.10.1 and host name is = server.example.com

Slave IP = 10.64.10.2 and host name is = slave.example.com

client IP = 10.64.10.3 and host name is = client.example.com

How to Setup Master DNS ( Primary DNS) Server.

First we check some file.

[root@server ~]# cat /etc/sysconfig/network

[root@server ~]# cat /etc/resolv.conf

[root@server ~]# cat /etc/hosts

Install Required RPMs.

[root@server ~] # yum install bind* caching-nameserver

[root@server ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@server ~]# cd /var/named/chroot/etc/

[root@server etc]# cp -p named.caching-nameserver.conf named.conf

[root@server etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@server etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@server etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options { listen-on port 53 { 127.0.0.1; 10.64.10.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 10.64.10.0/24; }; allow-query-cache { localhost; 10.64.10.0/24; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; 10.64.10.0/24; }; match-destinations { localhost; 10.64.10.0/24; }; recursion yes; include "/etc/named.rfc1912.zones"; }; include “/etc/rndc.key”;

Now mention the zone files in.

[root@server etc]# vim named.rfc1912.zones

zone "facebook.com" IN { type master; file "facebook.com.zone"; allow-update { none; }; allow-transfer { 10.64.10.2; }; }; zone "10.64.10.in-addr.arpa" IN { type master; file "rev-facebook.com.zone"; allow-update { none; }; allow-transfer { 10.64.10.2; }; };

Now create fowared zones files.

[root@server ~]# cd /var/named/chroot/var/named/

[root@server named]# cp -p localhost.zone facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.facebook.com. (                                                           42 ; serial (d. adams)                                                           3H ; refresh                                                         15M ; retry                                                           1W ; expiry                                                          1D ) ; minimum                    IN NS master.facebook.com.                       IN NS slave.facebook.com. master       IN    A   10.64.10.1 slave          IN    A   10.64.10.2 client          IN    A  10.64.10.3

Now create reverse zone file.

[root@server named]# cp -p named.local rev-facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.master.facebook.com. (                                                                               42 ; Serial                                                                          28800 ; Refresh                                                                           14400 ; Retry                                                                        3600000 ; Expire                                                                         86400 ) ; Minimum                  IN NS master.facebook.com.                 IN NS slave.facebook.com. 1               IN    PTR    master. 2               IN   PTR     slave. 3               IN   PTR    client.

Now Restart service.

[root@server named]# /etc/init.d/named restart

Stopping named:                               [ OK ]

Starting named:                                [ OK ]

Now check Master is running file.

[root@server named]# nslookup 10.64.10.1 Server: 10.64.10.1 Address: 10.64.10.1#53 1.10.64.10.in-addr.arpa name = master.

Or

[root@server named]# nslookup master.facebook.com Server: 10.64.10.1 Address: 10.64.10.1#53 Name: master.facebook.com Address: 10.64.10.1

Or

[root@server named]# dig -x 10.64.10.1 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17417 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.10.64.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.10.64.10.in-addr.arpa. 86400 IN PTR master. ;; AUTHORITY SECTION: 10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com. 10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com. ;; ADDITIONAL SECTION: slave.facebook.com. 86400 IN A 10.64.10.2 master.facebook.com. 86400 IN A 10.64.10.1 ;; Query time: 1 msec ;; SERVER: 10.64.10.1#53(10.64.10.1) ;; WHEN: Tue Dec 25 06:04:19 2012 ;; MSG SIZE rcvd: 146

That means master is running fine.

How to Setup Slave DNS ( Secondary DNS) Server.

Install Required RPMs.

[root@slave ~] # yum install bind* caching-nameserver

[root@slave ~]# /etc/init.d/named restart;chkconfig named on ( restart the service and make it permanent running )

Make the named.conf file and sysmbol link.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# cp -p named.caching-nameserver.conf named.conf

[root@slave etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@slave etc]# ls -la /etc/named.conf

lrwxrwxrwx 1 root root 32 Dec 22 16:39 /etc/named.conf -> /var/named/chroot/etc/named.conf

Now Generate the Key. Edit it into named.conf

[root@slave etc]# rndc-confgen -a -b 512

include “/etc/rndc.key”;

Now Edit the named.conf file.

options { listen-on port 53 { 127.0.0.1; 10.64.10.2; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; 10.64.10.0/24; }; allow-query-cache { localhost; 10.64.10.0/24; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; 10.64.10.0/24; }; match-destinations { localhost; 10.64.10.0/24; }; recursion yes; include "/etc/named.rfc1912.zones"; }; include “/etc/rndc.key”;

Now mention zone files.

[root@slave ~]# cd /var/named/chroot/etc/

[root@slave etc]# vim named.rfc1912.zones

zone "facebook.com" IN { type slave; file "slaves/facebook.com.zone"; masters { 10.64.10.1; }; }; zone "10.64.10.in-addr.arpa" { type slave; file "slaves/facebook.com.zone"; masters { 10.64.10.1; }; };

Now create the zones file.

[root@slave ~]# cd /var/named/chroot/var/named/slaves

[root@slave slaves]# vim facebook.com.zone

T$TL 86400 @ IN SOA master.facebook.com. root.facebook.com. ( 2010031200 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum

[root@slave slaves]# vim rev-facebook.com.zone

$TTL 86400 @ IN SOA master.facebook.com. root.facebook.com. (                                                                          42 ; serial (d. adams)                                                                         3H ; refresh                                                                       15M ; retry                                                                          1W ; expiry                                                                         1D ) ; minimum

Create the Symbol link

[root@slave ~]# ln -s /var/named/chroot/var/named/slaves/facebook.com.zone /var/named/slaves/facebook.com.zone

[root@slave ~]# ls -la /var/named/slaves/facebook.com.zone

lrwxrwxrwx 1 root root 52 Dec 25 06:27 /var/named/slaves/facebook.com.zone -> /var/named/chroot/var/named/slaves/facebook.com.zone

Now change the permission

[root@slave ~]# chown named.named /var/named/chroot/var/named/slaves/rev-facebook.com.zone

[root@slave ~]# ls -l /var/named/chroot/var/named/slaves/rev-facebook.com.zone

-rw-r----- 1 named named 175 Dec 24 15:00 /var/named/chroot/var/named/slaves/rev-facebook.com.zone

Now Restart the service.

[root@slave ~]# /etc/init.d/named restart

Stopping named: [ OK ]

Starting named: [ OK ]

Now check the slave is working file.

[root@slave ~]# nslookup 10.64.10.2 Server: 10.64.10.2 Address: 10.64.10.2#53 2.10.64.10.in-addr.arpa name = slave.

Or

[root@slave ~]# nslookup slave.facebook.com Server: 10.64.10.2 Address: 10.64.10.2#53 Name: slave.facebook.com Address: 10.64.10.2

Or

[root@slave ~]# dig -x 10.64.10.2 ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> -x 10.64.10.2 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23303 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;2.10.64.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 2.10.64.10.in-addr.arpa. 86400 IN PTR slave. ;; AUTHORITY SECTION: 10.64.10.in-addr.arpa. 86400 IN NS master.facebook.com. 10.64.10.in-addr.arpa. 86400 IN NS slave.facebook.com. ;; ADDITIONAL SECTION: slave.facebook.com. 86400 IN A 10.64.10.2 master.facebook.com. 86400 IN A 10.64.10.1 ;; Query time: 2 msec ;; SERVER: 10.64.10.2#53(10.64.10.2) ;; WHEN: Tue Dec 25 06:38:56 2012 ;; MSG SIZE rcvd: 145

Now check the client side.

[root@client ~]# nslookup 10.64.10.1 Server: 10.64.10.1 Address: 10.64.10.1#53 1.10.64.10.in-addr.arpa name = master. [root@client ~]# nslookup 10.64.10.2 Server: 10.64.10.1 Address: 10.64.10.1#53 2.10.64.10.in-addr.arpa name = slave.

                                                                                               

                                                                                         Thanks & Regards

                                                                                         Manish Singh Bhandari

How to install a looback interface in Ubuntu 12.04

            
                    How to install a looback interface in Ubuntu 12.04

After successful installation of GNS3, we will install loopback adapter on our Ubuntu,Centos, Redhat and Fedora systems, so that we can telnet into your routers.

Loopback tap installation on Ubuntu 12.04

$ sudo –i
#apt-get install uml-utilities
#modprobe tun
#tunctl                                       ( This will create loopback interface tap0 )
#ifconfig tap0 10.64.10.100 netmask 255.0.0.0 up
#ifconfig

If you want to add one more loopback interface

#tunctl                                       ( This will create loopback interface tap1 )
#ifconfig tap1 10.64.10.100 netmask 255.0.0.0 up

Loopback tap installation on Centos/Redhat/Fedora.We need tunctl which is not available in our local repositories. So we’ll have to add RPMForge
repository. Steps to add this repo is given here

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge (Steps are the same for other 2 distros as well)

Ok lets install tunctl

$ su -
Password:                                       (Type in your root password here)
# yum install tunctl
# modprobe tun
# cd /usr/sbin
#./tunctl                                     ( This will create loopback interface tap0 )
# /sbin/ifconfig tap0 10.100.100.100 netmask 255.255.255.0 up
# /sbin/ ifconfig                ( verify that tap0 is up and given ip is assigned.)

If you want to add one more loopback interface

#./tunctl                                        ( This will create loopback interface tap1 )
# /sbin/ifconfig tap1 10.100.101.100 netmask 255.255.255.0 up

Important: Add these lines to iptables

sudo iptables -I INPUT -j ACCEPT -i tap0
sudo iptables -I OUTPUT -j ACCEPT -o tap0

How to configure the DNS Server in RHEL5.5

DNS Server

The Domain Name Server plays an important role in making Internet traffic possible. A DNS server is part of a global network of servers that translate host names, like www.facebook.com, into numerical IP (Internet Protocol) addresses, like 208.20.202.20, which computers on the Net use to communicate with each other. This allows us to use easy to memorize or intuitive URLs and e-mail addresses instead of a long string of numbers.

The advantage of having your own DNS server is it can process requests for traffic on your internal network without having to rely on another DNS server outside of your network. All the traffic is localized on your secure and internal network. Basically, this is a security feature because your LAN is essentially "hidden" from the outside world.

Real Time's DNS Servers run on Linux, giving them the stability and reliability everyone needs. It's also very cost effective because, like other Linux servers, a Linux DNS server can run on less expensive hardware than other operating systems.

As part of the installation, Real Time will also configure the server to your needs and specifications while keeping security as a top priority. Since it is built and designed in house, the server can be completely customized.
 

-->

How to configure the DNS Server in RHEL5.5

[root@node1 ~]# yum install bind* caching-nameserver

[root@node1 ~]# /etc/init.d/named restart;chkconfig named on

[root@node1 ~]# cd /var/named/chroot/etc/

[root@node1 ~]# cp -p named.caching-nameserver.conf named.conf

[root@node1 ~]# vim named.rfc1912.zones

Copy two zone in this file;

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

[root@node1 ~]# vim named.conf

Change few things in this file:

// named.caching-nameserver.conf

//

// Provided by Red Hat caching-nameserver package to configure the

// ISC BIND named(8) DNS server as a caching only nameserver

// (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// DO NOT EDIT THIS FILE - use system-config-bind or an editor

// to create named.conf - edits to this file will be lost on

// caching-nameserver package upgrade.

//

options {

listen-on port 53 { 127.0.0.1; 10.64.10.1; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

allow-query { 10.64.10.1; };

};

##############################################

zone "node1.example.com" IN {

type master;

file "node1.fow.zone";

allow-update { none; };

};

zone "10.64.10.in-addr.arpa" IN {

type master;

##############################################

[root@node1 ~]# cd /var/named/chroot/var/named

[root@node1 ~]# cp -p localhost.zone node1.fow.zone

[root@node1 ~]# cp -p named.zero node1.rev.zone

[root@node1 ~]# vim node1.fow.zone

Before change in this file:

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

After change in this file:#####################################

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

NS node1.example.com

A 10.64.10.1

[root@node1 ~]# vim node1.rev.zone

Befor chane in this file.

$TTL 86400

@ IN SOA localhost. root.localhost. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost.

###################################################

After chage in this file:

$TTL 86400

@ IN SOA node1.example.com root.node1.example.com (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

1 IN NS node1.example.com

[root@node1 ~]# vim /etc/resolve.conf

nameserver 10.64.10.1

root@node1 ~]# /etc/init.d/named restart

Stopping named: . [ OK ]

Starting named: [ OK ]

How to check DNS Server is working

[root@node1 ~]# nslookup 10.64.10.1

Server: 10.64.10.1

Address: 10.64.10.1#53

1.10.64.10.in-addr.arpa name = node1.example.com.10.64.10.in-addr.arpa.

[root@node1 ~]# nslookup node1.example.com

Server: 10.64.10.1

Address: 10.64.10.1#53

Name: node1.example.com

Address: 10.64.10.1

Name: node1.example.com

Address: 127.0.0.1

Thanks & Regards

Manish Bhandari

rsync and Scp command in Linux

How to use Scp command in Linux Operating System.

With the scp (secure copy) command you can easily copy from and to a remote computer or between remote computers.

root@manish.bhadnari#] scp <Source> <destibation>



How to use rsynce command in Linux Operating System.

rsync is a program that behaves in much the same way that scp does, but has many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file already exists.

The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using an efficient checksum-search algorithm described in the technical report that accompanies this package.



@ How to Install rsync command in Linux.

#yum install rsync


@Comman rsync command options

    --delete : delete files that don't exist on sender (system)
    -v : Verbose (try -vv for more detailed information)
    -e "ssh options" : specify the ssh as remote shell
    -a : archive mode
    -r : recurse into directories
    -z : compress file data


For more details for rsync read mention link:

http://linux.about.com/library/cmd/blcmdl1_rsync.htm

How to configure rssh on RHEL 5.5

Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only

If you want to chroot users, then use rssh support chrooting option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/manish normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

First download the rssh rpm (rssh-2.3.3-1.fc16.x86_64.rpm)

Configuring rssh chroot

chroot directory : /users

root@mansh.bhandari#] wget -c

Another url is wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm

ftp://ftp.univie.ac.at/systems/linux/fedora/releases/16/Everything/x86_64/os/Packages/rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] rpm -ivh rssh-2.3.3-1.fc16.x86_64.rpm

root@mansh.bhandari#] mkdir /users

root@mansh.bhandari#] mkdir -p /users/{dev,etc,lib,usr,bin}

root@mansh.bhandari#] mkdir -p /users/usr/bin

root@mansh.bhandari#] mkdir -p /users/usr/libexec/openssh/

root@mansh.bhandari#] mkdir -p /users/libexec/openssh

Create /users/dev/null:

root@mansh.bhandari#] mknod -m 666 /users/dev/null c 1 3

Copy required /etc/ configuration files, as described above to your jail directory /users/etc:

root@mansh.bhandari#] cd /users/etc

root@mansh.bhandari#] cp /etc/ld.so.cache .

root@mansh.bhandari#] cp /etc/ld.so.conf .

root@mansh.bhandari#] cp /etc/nsswitch.conf .

root@mansh.bhandari#] cp /etc/passwd .

root@mansh.bhandari#] cp /etc/group .

root@mansh.bhandari#] cp /etc/hosts .

root@mansh.bhandari#] cp /etc/resolve.conf .

Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:

root@mansh.bhandari#] cd /users/usr/bin

root@mansh.bhandari#] cp /usr/bin/scp .

root@mansh.bhandari#] cp /usr/bin/rssh .

root@mansh.bhandari#] cp /usr/bin/sftp .

root@mansh.bhandari#] cd /users/usr/libexec/openssh/

root@mansh.bhandari#] cp /usr/libexec/openssh/sftp-server .

or

root@manish.bhandari#] cp /usr/lib/openssh/sftp-server . (not found)

root@manish.bhandari#] cd /users/usr/libexec/

root@manish.bhandari#] cp /usr/libexec/rssh_chroot_helper .

OR
root@manish.bhandari#] cp /usr/lib/rssh/rssh_chroot_helper (not found)

root@manish.bhandari#] cd /users/bin/

root@manish.bhandari#] cp /bin/sh .
OR
root@manish.bhandari#] cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:

ldd /usr/bin/sftp

Output:

linux-gate.so.1 =>  (0×00456000)

libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)

libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)

libutil.so.1 => /lib/libutil.so.1 (0x008ba000)

libz.so.1 => /usr/lib/libz.so.1 (0×00110000)

libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)

libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)

libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0×00656000)

libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0×00271000)

libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0×00304000)

libcom_err.so.2 => /lib/libcom_err.so.2 (0×00777000)

libdl.so.2 => /lib/libdl.so.2 (0×00123000)

libnss3.so => /usr/lib/libnss3.so (0×00569000)

libc.so.6 => /lib/libc.so.6 (0x00b6c000)

libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0×00127000)

libkeyutils.so.1 => /lib/libkeyutils.so.1 (0×00130000)

/lib/ld-linux.so.2 (0×00525000)

libplc4.so => /usr/lib/libplc4.so (0x008c9000)

libplds4.so => /usr/lib/libplds4.so (0×00133000)

libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)

libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)

libselinux.so.1 => /lib/libselinux.so.1 (0×00341000)

libsepol.so.1 => /lib/libsepol.so.1 (0×00964000)

You need to copy all those libraries to /lib and other appropriate location. However, I recommend using this automated script called l2chroot:

root@manish.bhandari#] cd /sbin

root@manish.bhandari#] wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt

root@manish.bhandari#] chmod +x l2chroot

Open l2chroot and set BASE variable to point to chroot directory (jail) location:

BASE=”/users”

Now copy all shared library files

root@manish.bhandari#] l2chroot /usr/bin/scp

root@manish.bhandari#] l2chroot /usr/bin/rssh

root@manish.bhandari#] l2chroot /usr/bin/sftp

root@manish.bhandari#] l2chroot /usr/libexec/openssh/sftp-server
OR
root@manish.bhandari#] l2chroot /usr/lib/openssh/sftp-server (not found)

root@manish.bhandari#] l2chroot /usr/libexec/rssh_chroot_helper
OR
root@manish.bhandari#] l2chroot /usr/lib/rssh/rssh_chroot_helper

root@manish.bhandari#] l2chroot /bin/sh
OR
root@manish.bhandari#]l2chroot /bin/bash

Modify syslogd configuration

root@mansh.bhandari#] vi /etc/sysconfig/syslog

Find line that read as follows:
SYSLOGD_OPTIONS=”-m 0″
Append -a /users/dev/log
SYSLOGD_OPTIONS=”-m 0 -a /users/dev/log”
Save and close the file. Restart syslog:

root@manish.bhandari#] /etc/init.d/syslog restart

Set chroot path

Open configuration file /etc/rssh.conf:


root@manish.bhandari#] vi /etc/rssh.conf


Set chrootpath to /users


chrootpath=/users


user=manish:022:00010:”/users”
Save and close the file. If sshd is not running start it:


root@manish.bhandari#] /etc/init.d/sshd restart

Set chroot path:

root@manish.bhandari3] vim /etc/rssh.conf

chrootpath=/users

Subsystem sftp internal-sftp

root@manish.bhandari#] /etc/init.d/sshd restart

Add user to jail

root@manish.bhandari#] useradd -m -d /users/manish -s /usr/bin/rssh manish

root@manish.bhandari#] passwd manish

Now vivek can login using sftp or copy files using scp:

root@manish.bhandari#] sftp manish@192.168.100.xx

manish@192.168.100.x password

sftp>

sftp> ls

sftp > pwd

Remote working directory : /users/manish

sftp > cd /tmp

Couldn't canonicalise: No such file or directory

User manish is allowed to login to server to trasfer files, but not allowed to browse entier file system.

http://pensacola-tech.com/pensacola/2010/05/05/configure-rssh/

                                                                                                                                 Manish Bhandari

Process Monitoring Scripts in Linux

#!/bin/bash
#set -x
#
#Variable secetion 
#=====================================================
#list process to monitor in the variable below;
PROGRAM1="firefox"
#Variabele check to see if $PROGRAM1
#is running
APPCHK=$(ps aux | grep -c $PROGRAM1 )
#$Company & Site variable are for populating the alert email
COMPANY="Hungama"
SITE="JMX"
# $SUPPORTSTAFF is the recipient of our alert email
SUPPORTSTAFF="manish.bhandari@fosteringlinux.com"
#=======================================================
# The ‘if’ statement below checks to see if the process is running
# with the ‘ps’ command.  If the value is returned as a ’0′ then
# an email will be sent and the process will be safely restarted.
#
echo "COUNT IS " $APPCHK

if [ $APPCHK -eq '1' ];then
echo mail -s "Manish PBX at $COMPANY $SITE may be down " $SUPPORTSTAFF >> notrunning.log
else
echo "$PROGRAM1 is running $APPCHK processes" >> manish-check.log
fi
echo $APPCHK
exit