RHEL: Add DVD to YUM repository

Insert the Red Hat Enterprise Linux Server DVD into your DVD-ROM drive and mount it under /media/. In my case, the DVD was automounted under/media/RHEL_5.7 x86_64 DVD/. Then, as root, create a new file in the yum repository directory:
# vim /etc/yum.repos.d/rhel-dvd.repo

This file contains the metadata of the repository. I found a template here (check that link if you need more information about the parameters) and adapted it to fit my needs:
[rhel-dvd]
name=Red Hat Enterprise Linux $releasever - $basearch - DVD
baseurl=file:///media/RHEL_5.7%20x86_64%20DVD/Server/
enabled=1
gpgcheck=1
gpgkey=file:///media/RHEL_5.7%20x86_64%20DVD/RPM-GPG-KEY-redhat-release

Save and close the file. Done! Now we can use yum to install new packages and resolve dependencies. If you want to remove the DVD from the yum sources, simply change enabled=1 to enabled=0

How to Setup Rsync with SSH on UNIX / Linux (rsync without password)

1. Test rsync over ssh (with password):

Do a rsync to make sure it asks for the password for your account on the remote server, and successfully copies the files to the remote server.

The following example will synchronize the local folder /home/ramesh to the remote folder /backup/ramesh (on 192.168.200.10 server).

We discussed in detail about rsync in our previous 15 rsync examples articles.

This should ask you for the password of your account on the remote server.

rsync -avz -e ssh /home/ramesh/ ramesh@192.168.200.10:/backup/ramesh/

2. ssh-keygen generates keys.

Now setup ssh so that it doesn’t ask for password when you perform ssh. Use ssh-keygen on local server to generate public and private keys.

$ ssh-keygen
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Note: When it asks you to enter the passphrase just press enter key, and do not give any password here.

3. ssh-copy-id copies public key to remote host

Use ssh-copy-id, to copy the public key to the remote host.

ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.200.10

Note: The above will ask the password for your account on the remote host, and copy the public key automatically to the appropriate location. If ssh-copy-id doesn’t work for you, use the method we discussed earlier to setup ssh password less login.

4. Perform rsync over ssh without password

Now, you should be able to ssh to remote host without entering the password.

ssh 192.168.200.10

Perform the rsync again, it should not ask you to enter any password this time.

rsync -avz -e ssh /home/ramesh/ ramesh@192.168.200.10:/backup/ramesh/

If you want to schedule this rsync backup job automatically, use cron to set it up.

THE PERFECT TORTOISESVN ALTERNATIVE FOR LINUX, NOW WITH GIT INTEGRATION AS A PLUS

Install RabbitVCS in Ubuntu

1. Add the RabbitVCS Ubuntu PPA:

sudo add-apt-repository ppa:rabbitvcs/ppa && sudo apt-get update

2. Install RabbitVCS:

- For Nautilus 2:

sudo apt-get install rabbitvcs-core rabbitvcs-nautilus rabbitvcs-cli

- For Nautilus 3 (Ubuntu 11.10, 12.04):

sudo apt-get install rabbitvcs-core rabbitvcs-nautilus3 rabbitvcs-cli

- For Thunar:

sudo apt-get install rabbitvcs-core rabbitvcs-cli rabbitvcs-thunar

Once installed, restart Nautilus / Thunar (for Nautilus, type “nautilus -q” in a terminal).

Optional: If you also want to install the RabbitVCS Gedit extension, use the following command:

sudo apt-get install rabbitvcs-gedit




Install Java JDK 7 on Ubuntu 12.04 (JavaFX is included in the installation)

This package provides Oracle Java JDK 7 (which includes JRE, the Java browser plugin and JavaFX). However, you can’t only install Oracle JRE – the PPA only provides the full Oracle JDK7 package.

1. To add our PPA and install the latest Oracle Java (JDK) 7 in Ubuntu, use the commands below:

#sudo add-apt-repository ppa:webupd8team/java
#sudo apt-get update && sudo apt-get install oracle-jdk7-installer

2. After the installation you have enable the jdk:

#update-alternatives –display java

3. Check if Ubuntu uses Java JDK 7

#java -version

If all went right the answer should be something like this:
java version “1.7.0_07″
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) Server VM (build 23.3-b01, mixed mode)

4. Check what compiler is used:

#javac -version

The correct answer should be like this:
javac 1.7.0_07

5. Adding JAVA_HOME to environment
Edit /etc/environment and add JAVA_HOME=/usr/lib/jvm/java-7-oracle to the end of the file.
First open a Terminal (Applications → Accessories → Terminal), then enter:

#sudo gedit /etc/environment

Append to the end of the file:
JAVA_HOME=/usr/lib/jvm/java-7-oracle

6. Removing Oracle JDK 7
If you don’t want to use Oracle Java (JDK) 7 anymore and want to go back to OpenJDK, all you have to do is remove the Oracle JDK7 Installer and the previous Java (OpenJDK, etc.) version will be used:

#sudo apt-get remove oracle-jdk7-installer

Pidgin Startup Read Error on Ubuntu

vim .profile
export NSS_SSL_CBC_RANDOM_IV=0

Sudo restriction: (Not to run specific commands)

kannadhasan  ALL=ALL, !/usr/sbin/visudo, !/etc/sudoers, /usr/bin/passwd, !/usr/bin/vim, !/usr/bin/gedit, !/usr/bin/geany, !/usr/bin/vi, /usr/bin/nano, /bin/chown, /bin/mount, /bin/umount

Where as, the user can run all the commands except the above.

Dell Optiplex 390 Reboot Issue in Linux

for debian squeeze amd64 on Dell latidute 390MT, with sandy bridge use reboot=pci

in details :

$>sudo nano /etc/default/grub change the : GRUB_CMDLINE_LINUX_DEFAULT="quiet" to : GRUB_CMDLINE_LINUX_DEFAULT="reboot=pci quiet"

(cltr+0, cltr+x)

$>sudo update-grub

reboot now works perfect

CentOS 6.2 Installing LDAP Directory Services using CLI

Install openldap servers and clients:

yum install openldap-servers openldap-clients

Edit your ldap.conf file and enter the IP address or domain name of your server:

vi /etc/openldap/ldap.conf

URI ldap://192.168.1.222

BASE dc=shan,dc=com

Copy the sample files from /usr/share/openldap to /etc/openldap and var/lib/ldap:

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Setup a new root password:

slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Copy the password as you need to enter the password in slapd.conf:

vi /etc/openldap/slapd.conf

:%s/dc=my-domain/dc=shan/g  #This regex will replace all the instances of my-domain with your domain name.

rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Create a root.ldif file and enter the entries below:

vi /root/root.ldif

#root

dn: dc=shan,dc=com

dc: shan

objectClass: dcObject

objectClass: organizationalUnit

ou: shan.com

#staff

dn: ou=staff,dc=shan,dc=com

ou: staff

objectClass: organizationalUnit

Remove everything in slapd.d dir and tell the slapd for root.ldif file:

rm -rf /etc/openldap/slapd.d/*

slapadd -n 2 -l /root/root.ldif

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

Set the appropriate permissions:

chown -R ldap:ldap /var/lib/ldap

chown -R ldap:ldap /etc/openldap/slapd.d

Make sure the service is on on the runlevel 3:

chkconfig –level 235 slapd on

service slapd start

rm -rf /etc/openldap/slapd.d/*

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

chown -R ldap:ldap /etc/openldap/slapd.d

service slapd restart

Create an SSL certificate:

cd /etc/pki/tls/certs

rm slapd.pem

make slapd.pem

chmod 640 slapd.pem

chown :ldap slapd.pem

ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/cacerts/slapd.pem

vi /etc/sysconfig/ldap

SLAPD_LDAPS=yes

vi /etc/openldap/slapd.conf

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

TLSCertificateFile /etc/pki/tls/certs/slapd.pem

TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

vi /etc/openldap/ldap.conf

TLS_CACERTDIR /etc/openldap/cacerts

TLS_REQCERT never

Test if everything is up and working fine:

rm -rf /etc/openldap/slapd.d/*

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

chown -R ldap:ldap /etc/openldap/slapd.d

service slapd restart

ldapsearch -x -ZZ -h localhost (TLS)

ldapsearch -x -H ldaps://localhost (SSL)

Note: Some additional steps

Open /etc/nsswitch.conf and edit the entry ‘hosts’ and add the ldap first so clients can authenticate  from ldap:

vi /etc/nsswitch.conf

hosts: ldap files

Add the rule in firewall for port 636

iptables -I INPUT -m state –state NEW -p tcp -s 192.168.1.222/24 –dport 636 -j ACCEPT

OSSEC Deployment

OSSEC HIDS Manager/Agent Installation

Download the latest version and verify its checksum.

Note

On some systems, the command md5, sha1 or wget may not exist, so try md5sum, sha1sum or lynx respectively instead.

# wget http://www.ossec.net/files/ossec-hids-2.6.tar.gz

# wget http://www.ossec.net/files/ossec-hids-2.6_checksum.txt

# cat ossec-hids-2.6_checksum.txt

MD5 (ossec-hids-2.6.tar.gz) = f4140ecf25724b8e6bdcaceaf735138a

SHA1 (ossec-hids-2.6.tar.gz) = 258b9a24936e6b61e0478b638e8a3bfd3882d91e

MD5 (ossec-agent-win32-2.6.exe) = 7d2392459aeab7490f28a10bba07d8b5

SHA1 (ossec-agent-win32-2.6.exe) = fdb5225ac0ef631d10e5110c1c1a8aa473e62ab4

# md5sum ossec-hids-2.6.tar.gz

MD5 (ossec-hids-2.6.tar.gz) = f4140ecf25724b8e6bdcaceaf735138a

# sha1sum ossec-hids-2.6.tar.gz

SHA1 (ossec-hids-2.6.tar.gz) = 258b9a24936e6b61e0478b638e8a3bfd3882d91e

Installing the Server

1. Extract the compressed package and run the “./install.sh” script (It will guide you through the installation).

# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)

# cd ossec-hids-*

# ./install.sh

What kind of installation do you want (server, agent, local or help)?

 Server

Server installation chosen.

Setting up the installation environment.

1.  Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec

Installation will be made at /var/ossec .

1. Configuring the OSSEC HIDS.

3.1- Do you want e-mail notification? (y/n) [y]: y

What’s your e-mail address? Gnanamani.h@payoda.com

We found your SMTP server as: 192.168.1.8

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y

Running syscheck (integrity check daemon).

3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y

3.4- Do you want to enable active response? (y/n) [y]: y

- Do you want to enable the firewall-drop response? (y/n) [y]: y

- Do you want to add more IPs to the white list? (y/n)? [n]: n

3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: y

- Remote syslog enabled.

3.6- Setting the configuration to analyze the following logs:

– /var/log/messages

– /var/log/auth.log

– /var/log/syslog

– /var/log/mail.info

- If you want to monitor any other file, just change

the ossec.conf and add a new localfile entry.

Any questions about the configuration can be answered

by visiting us online at http://www.ossec.net .

–— Press ENTER to continue —–

1. 4.    # /opt/ossec/bin/ossec-control start

Managing Agents

            Add an agent

1. # /opt/ossec/bin/manage_agents

***************************************

* OSSEC HIDS v1.4 Agent manager.

*

* The following options are available: *

****************************************

(A)dd an agent (A).

(E)xtract key for an agent (E).

(L)ist already added agents (L).

(R)emove an agent (R).

(Q)uit.

1. Choose your action: A,E,L,R or Q: A
2. Adding a new agent (use ‘\q’ to return to the main menu).

Please provide the following:

* A name for the new agent: Username/ClientMachinename

* The IP Address of the new agent: ClientIpaddress(eg:192.168.4.61 )

* An ID for the new agent[001]: 001

Agent information:

ID:001

Name:Username/ClientMachinename

IP Address:ClientIpaddress(eg:192.168.4.61 )

Confirm adding it?(y/n): y

Agent added.

1. Choose your action: A,E,L,R or Q: E

Available agents:

ID: 001, Name: Username/ClientMachinename, IP: ClientIpaddress(eg:192.168.4.61 )

Provide the ID of the agent to extract the key (or ‘\q’ to quit): 001

Agent key information for ‘001’ is:

MDAxIG1hcnMgMTkyLjE2OC42NS40MCBmY2UzMjM4OTc1ODgzYTU4ZWM3YTRkYWJiZTJmMjQ2Y2ViODhmMzl mYjE3MmI4OGUzMTE0MDczMzVhYjk2OTRh

** Press ENTER to return to the main menu.

Note:Agent Key must Copy & Paste in Client Machine

Client Machine

Installing Agents

1- What kind of installation do you want (server, agent, local or help)? agent

- Agent(client) installation chosen.

2- Setting up the installation environment.

- Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec

- Installation will be made at /var/ossec .

3- Configuring the OSSEC HIDS.

3.1- What’s the IP Address of the OSSEC HIDS server?: IPaddress of server

-        Adding Server IP

-        (Note: if not shown this option put server ip entry manually after installation in /var/ossec/etc/ossec.conf

<client>

<server-ip>192.168.1.160</server-ip>

</client>)

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y

- Running syscheck (integrity check daemon).

3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y

- Running rootcheck (rootkit detection).

3.4 – Do you want to enable active response? (y/n) [y]: y

3.5- Setting the configuration to analyze the following logs:

– /var/log/messages

– /var/log/authlog

– /var/log/secure

– /var/log/xferlog

– /var/log/maillog

- If you want to monitor any other file, just change

the ossec.conf and add a new localfile entry.

Any questions about the configuration can be answered

by visiting us online at http://www.ossec.net .

–— Press ENTER to continue —–

1. # /opt/ossec/bin/ossec-control start

# /opt/ossec/bin/manage_agents

****************************************

* OSSEC HIDS v1.3 Agent manager.

* The following options are available: *

****************************************

(I)mport key from the server (I).

(Q)uit.

Choose your action: I or Q: I

* Provide the Key generated by the server.

* The best approach is to cut and paste it.

*** OBS: Do not include spaces or new lines.

Paste it here (or ‘\q’ to quit):

MDAxIG1hcnMgMTkyLjE2OC42NS40MCBmY2UzMjM4OTc1ODgzYTU4ZWM3YTRkYWJiZTJmMjQ2Y2ViODhmMzl mYjE3MmI4OGUzMTE0MDczMzVhYjk2OTRh

Agent information:

ID:001

Name:Username/ClientMachinename

IP Address:ClientIpaddress(eg:192.168.4.61 )

Confirm adding it?(y/n): y

Added.

** Press ENTER to return to the main menu.

****************************************

* OSSEC HIDS v1.3 Agent manager.

* The following options are available: *

****************************************

(I)mport key from the server (I).

(Q)uit.

Choose your action: I or Q: Q

** You must restart the server for your changes to have effect.

manage_agents: Exiting ..

Now that the agent installation is complete, we can start the OSSEC HIDS service by

running the following command:

# /opt/ossec/bin/ossec-control start

The agent starts and connects to the server. You can verify this by checking the agent

logs (/var/ossec/logs/ossec.log) and finding messages similar to the following near the end

of the file:

2007/10/10 23:25:48 ossec-agentd: Connecting to server (192.168.4.61:1514).

2007/10/10 23:25:48 ossec-agentd(4102): Connected to the server.

Installing the Windows Agent

Begin by running the installation executable ossec-agent-win32-1.4.exe as seen in Figure 2.1,

to open the wizard.

Launching the Installer

Click Next to start the installation.

Review the license agreement and then click I Agree to continue

Accepting the License Text

Choose the components you want to install, and click Next

Selecting Components

Managing the Agent

Connecting to the Server (PuTTY )

Running manage_agents (Enter E to extract the agent key for the current Windows host )

Copying the Key to the Clipboard ( Enter your ID(eg: 002), select the key information,

and copy it to the clipboard )

Pasting the Key

Confirming the Import

 Starting the OSSEC HIDS

Confirming the Server Connection