install
HowTo: Password lesslogin in linux.
Password less logins allow you get get into the server even the password has been changed or expired ,
It can be achieve by single unix command you can use either this or the detailed steps given below. It will prompt password for server2, once it is over the next login will be the password less
[root@srv-51 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub syncfuser@192.168.1.52
Detailed steps :
1, Generate public key on server-1, ignore this step if it is already exist
[root@srv-51 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 8f:99:9f:8f:ba:bf:15:ca:6b:1f:83:06:a2:1a:9c:59 root@srv-51 The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | | | E . S . | | . + . . B o . | | = . + * + | | o o.= o | | . o=B+o | +-----------------+
3, Grab the key and add it in the authorized_keys file in server2
[root@srv-51 ~]# cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz9iTxsWIYZyLtGN47MQZkSrPqXoGwATAKD/ZqIyemFRvKnlkSllkEEQ7+MlMstz6HvONfTJuJROegELqTIA7PoR43LTTKw7zfqJtt1J4fUH/6mbYlB5bedXtl/7L9auRYr276d04CFUCKfINEG4KJXYlbuSM8Mr5ZiUvLCkiu4Jx77DSy0iWaDa90C6cEbl1vRX9yl1pdWQbAMuazYLfiDPOnbqb7JtcI9du5bNEuFuA26VahaYbaYtXFnKBbKrCUMzTHT2uuNesYpckUHT4f0T1fU9qNsAYBlyQBgMIu/2qdJ+Y8luMVCkydXx8ZJmSTmAp+yR+qaZDYCqujrvjdQ== root@localhost.localdomain
4, Server2 authorized_keys key entry is looks like this
[root@srv-52 ~]# cat /home/syncfuser/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz9iTxsWIYZyLtGN47MQZkSrPqXoGwATAKD/ZqIyemFRvKnlkSllkEEQ7+MlMstz6HvONfTJuJROegELqTIA7PoR43LTTKw7zfqJtt1J4fUH/6mbYlB5bedXtl/7L9auRYr276d04CFUCKfINEG4KJXYlbuSM8Mr5ZiUvLCkiu4Jx77DSy0iWaDa90C6cEbl1vRX9yl1pdWQbAMuazYLfiDPOnbqb7JtcI9du5bNEuFuA26VahaYbaYtXFnKBbKrCUMzTHT2uuNesYpckUHT4f0T1fU9qNsAYBlyQBgMIu/2qdJ+Y8luMVCkydXx8ZJmSTmAp+yR+qaZDYCqujrvjdQ== root@localhost.localdomain
Finally output will be like this
[root@srv-51 ~]# ssh syncfuser@192.168.1.52 Last login: Wed Jun 25 17:08:25 2014 from 192.168.1.51 [syncfuser@srv-52 ~]$
Now server1 root user can enter password less to the syncfuser on server2. 🙂
HowTo: Tomcat Logging – log customized with {X-Forwarded-For}
Tomcat is allowing us to track back logs with enamours of information by customizing the log pattern. There is preset patten is available, we can also implement is in single line
I enabled few more information like execution time , request size , cookies etc..
Default tag should be like this
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
Common : %{X-Forwarded-For}i %l %u %t “%r” %s %b
Combined : %{X-Forwarded-For}i %l %u %t %r %s %b %{User-Agent}i %{Referer}i %{Cookie}i
You can change either Common or Combined
I have implemented my own pattern like below, so it should more detailed
pattern="%h %{X-Forwarded-For}i %l %u %t "%r" %s %b "%{User-Agent}i" "%{Referer}i" "%{Cookie}i" %T"
Access Log pattern new look
----------------------------- 192.168.1.185 - - - [18/Mar/2014:10:52:06 +0530] "GET /ajax/norm/list/status?ids=23%2C11%2C9%2C7%2C6%2C5%2C2%2C1%2C HTTP/1.1" 200 42 "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0" "http://192.168.1.188/norm/list" "JSESSIONID=4FD1DBEB911CD2E19AA4798F9A26DCA8" 0.007 -----------------------------Log Details : 192.168.1.185 : Remote host name (or IP address if resolveHosts is false) – : X-Forwarded-For – : Remote logical username – : Remote user that was authenticated [18/Mar/2014:10:52:06 +0530] : Date and time, in Common Log Format GET /ajax/norm/list/…… : First line of the request (method and request URI) HTTP/1.1 : Request protocol 200 : HTTP status code of the response 42 : Bytes sent, excluding HTTP headers (Content size) Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0: User Agent http://192.168.1.188/norm/list : Referer JSESSIONID=4FD1DBEB911CD2E19AA4798F9A26DCA8 : Cookie header 0.007 : Time taken to process the request, in seconds
Once every thing has been done you can restart the tomcat to make it effect, more options are given below
%a – Remote IP address%A – Local IP address
%b – Bytes sent, excluding HTTP headers, or ‘-‘ if zero
%B – Bytes sent, excluding HTTP headers
%h – Remote host name (or IP address if resolveHosts is false)
%H – Request protocol
%l – Remote logical username from identd (always returns ‘-‘)
%m – Request method (GET, POST, etc.)
%p – Local port on which this request was received
%q – Query string (prepended with a ‘?’ if it exists)
%r – First line of the request (method and request URI)
%s – HTTP status code of the response
%S – User session ID
%t – Date and time, in Common Log Format
%u – Remote user that was authenticated (if any), else ‘-‘
%U – Requested URL path
%v – Local server name
%D – Time taken to process the request, in millis
%T – Time taken to process the request, in seconds
%I – current request thread name (can compare later with stacktraces)
%f – X-Forwarded-For IP address
%F – X-Forwarded-For address
Bash: History appending for multiple sessions
I got a requirement for listing all the command history if multiple terminal sessions using in different region for the single user. I followed the below steps.
step1 : Create a new file with the below entries
root@appserver:# cat /etc/profile.d/bash_history.sh function share_history { history -a history -c history -r } HISTSIZE=99999 HISTCONTROL=ignoredups HISTTIMEFORMAT=`echo -e "33[1;34m%d/%h/%Y 33[1;31m%H:%M:%S 33[0m"` PROMPT_COMMAND='share_history' shopt -u histappend
Step2: activate it in run-time
root@appserver:# source /etc/profile.d/bash_history.sh
Now you can see the list of aged histories
Sample Output :
1005 26/Dec/2013 14:23:08 vi /etc/profile.d/bash_history.sh 1006 26/Dec/2013 14:23:27 source /etc/profile.d/bash_history.sh 1007 26/Dec/2013 14:23:31 history
Info: NFS Server&Client Setup
Server Side
NFS share with read/write privilege for the specified UID and GID, So even root will denied to write or read in that particular mount point and completly secure from everything.
Install required packages of NFS server.
apt-get install nfs-kernel-server nfs-common portmap
After the installation of NFS server edit /etc/exports fileand add a line as follows.
/mnt/nfs 192.168.0.0/24(rw,sync,anonuid=106,anongid=114,no_subtree_check) ↓ ↓ ↓ NFSsharepath | network | Options(Here we need to set user id and group id of tomcat user)
Restart nfs server after making necessary changes in the exports file.
#service nfs-kernel restart
Client side Linux
Install nfs client packages on NFS client machine. Mount nfs share in the client machine.
apt-get install portmap nfs-common
Make the following entry in /etc/fstab/
192.168.1.175:/mnt/nfs /home/nfs nfs rsize=8192,wsize=8192,timeo=14,intr ↓ ↓ ↓ Network share details Mount point Filesystem
Client Side Windows
Install nfs services for windows through control panel add or remove windows component wizard.
Edit Windows registery and make changes as follows in the registery.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS \CurrentVersion\Default
1, Create two DWORD values namely AnonymousUid and AnonymousGid
2, Set these values to the UID and GID as set in the NFS server for tomcat user (Eg:-106,114)
3, Restart NFS service.
Go to all programs- Administrative tools- Services for network filesystem and Start service of ClientForNFS.
Select properties of clientfornfs and set permissions as per the requirement. (Eg:- Read&write permission for the
script: Bash script to backup MySQL databases.
#!/bin/bash # Simple script to backup MySQL databases # # You have to enter the credintials, the scritp will make backup of all the databases # including information schema and perfomance schema as well, and store it as a gunzip format # in the backup directory. Each databases are dump as seperate files. # # This will maintain 30 days backup. If you need to extend, edit the WEIGHT as your own. # Website : https://enlook.wordpress.com , http://planetcure.info , http://xtermpro.com # Created by : Anandbabu # ################################################################################################# # Parent backup directory backup_parent_dir="/backup/" #Enter multiple email ID using space Email="email@domain.com email@domain.com" Email_Content="/tmp/Mail_db" WEIGHT=30 # 30 days # MySQL settings mysql_user="my_database_user" mysql_password='database_password' mysql_databases="Default_database" #Creating file for email [ ! -f ${Email_Content} ] && touch ${Email_Content} || :> ${Email_Content} E_mail(){ for email in ${Email} do cat ${Email_Content} | mail -s "Notification: Mysql Database Backup $@ from MyServer " ${email} -aFrom:Backup\<backup@domain.com\> done } # Read MySQL password from stdin if empty if [ -z "${mysql_password}" ]; then echo -n "Enter MySQL ${mysql_user} password: " >> ${Email_Content} read -s mysql_password echo fi # Check MySQL password echo exit | mysql --user=${mysql_user} --password=${mysql_password} -B 2>/dev/null if [ "$?" -gt 0 ]; then echo "MySQL ${mysql_user} password incorrect" >> ${Email_Content} E_mail Failed exit 1 else echo "MySQL ${mysql_user} password correct." >> ${Email_Content} fi # Create backup directory and set permissions backup_date=`date +%Y_%m_%d_%H_%M` backup_dir="${backup_parent_dir}/${backup_date}" echo "Backup directory: ${backup_dir}" >> ${Email_Content} mkdir -p "${backup_dir}" chmod 700 "${backup_dir}" # Get MySQL databases mysql_databases=`echo 'show databases' | mysql --user=${mysql_user} --password=${mysql_password} -B | sed /^Database$/d` # Backup and compress each database for database in $mysql_databases do if [[ "$database" =~ "information_schema" || "$database" =~ "performance_schema" ]] ; then additional_mysqldump_params="--skip-lock-tables" else additional_mysqldump_params="" fi echo "Creating backup of \"${database}\" database" >> ${Email_Content} mysqldump ${additional_mysqldump_params} --user=${mysql_user} --password=${mysql_password} ${database} | gzip > "${backup_dir}/${database}.sql.gz" chmod 600 "${backup_dir}/${database}.sql.gz" done ##Removing folder older than 30 days ECOUT="" echo "" >> ${Email_Content} ECOUT=`find ${backup_parent_dir} -type d -ctime +$WEIGHT` if [ -z $ECOUT ]; then echo "No more older backups to remove" >> ${Email_Content} E_mail Success exit else echo "Following older backups are removed" >> ${Email_Content} for i in $ECOUT do rm -rvf $i 1>>${Email_Content} 2>>${Email_Content} done E_mail Success exit fi
Error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Each time while am installing VSFTPD on ubuntu and enable chroot for the users it will refuse to login to the home directory because of write permission in its parent dir, to fix this I used the command
chmod a-w /path/to/the/ftp/home
but is was most annoying and frustrating problem. I supposed to update the vsftpd package with security fix. the steps are below.
wget http://ftp.us.debian.org/debian/pool/main/v/vsftpd/vsftpd_3.0.2-3_amd64.deb dpkg -i vsftpd_3.0.2-3_amd64.deb echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf echo "seccomp_sandbox=NO" >> /etc/vsftpd.conf service vsftpd reload
now the FTP service will work calm in my server.
Error: While executing gem … (ArgumentError)
After installing ruby with rails , I got few error to install gems packages manager seems to be broken. Everytime you try to use gem install gem_name, you get the following error:
ERROR: While executing gem ... (Gem::GemNotFoundException)
I do the step below to upgrade rubygems, it will fine
gem install rubygems-update update_rubygems
Now I can install gems whatever I needed.
Howto : Install yum after installing OS on centos
Yum is a awesome tool written in python used to install packages in redhat flavours. It have ability to choose dependency packages as it own from the repository needed by the installing packages. If you missed to find yum in your server, follow the below steps to install
you can get the packages from here ftp://rpmfind.net/linux/centos/6.4/os/x86_64/Packages/
Use wget to download these pacakages.
Package list:
gpgme-1.1.8-3.el6.x86_64.rpm
pygpgme-0.1-18.20090824bzr68.el6.x86_64.rpm
python-iniparse-0.3.1-2.1.el6.noarch.rpm
python-pycurl-7.19.0-8.el6.x86_64.rpm
python-urlgrabber-3.9.1-8.el6.noarch.rpm
rpm-4.8.0-32.el6.x86_64.rpm
rpm-python-4.8.0-32.el6.x86_64.rpm
yum-3.2.29-40.el6.centos.noarch.rpm
yum-metadata-parser-1.1.2-16.el6.x86_64.rpm
yum-plugin-fastestmirror-1.1.30-14.el6.noarch.rpm
upgragde rpm to latest version to avoid package confilct error follow the below switchs
[root@anand ~]# cd /root/installer/ [root@anand installer]# rpm -ivh --replacefiles rpm-4.8.0-32.el6.x86_64.rpm warning: rpm-4.8.0-32.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Preparing... ########################################### [100%] 1:rpm ########################################### [100%] [root@anand installer]# mv rpm-4.8.0-32.el6.x86_64.rpm ../. [root@anand installer]# rpm -ivh * warning: gpgme-1.1.8-3.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID c105b9de: NOKEY Preparing... ########################################### [100%] 1:yum-metadata-parser ########################################### [ 11%] 2:rpm-python ########################################### [ 22%] 3:python-pycurl ########################################### [ 33%] 4:python-urlgrabber ########################################### [ 44%] 5:python-iniparse ########################################### [ 56%] 6:gpgme ########################################### [ 67%] 7:pygpgme ########################################### [ 78%] 8:yum-plugin-fastestmirro ########################################### [ 89%] 9:yum ########################################### [100%]
Now you can create a package repository as your own. floks 🙂