Thursday, November 26, 2009

Linux How To: How To SSH Without Password Authentication

Often you need to remotely run utilities on other machines through unattended batch process or cron job. ssh allows you to execute code on remote machine. However in normal usage it prompts you for password which makes it hard to use in unattended processes. Here is a simple way to eliminate the need for specifying password every time when connecting through ssh.

Let's assume your want to connect to remote machine named remote as user named user.

Keep reading here.

Perhaps there is a stale lock file?

Cannot create link /etc/mtab~
Perhaps there is a stale lock file?



I resolved this by removing /etc/mtab~ and then remounting the partition.

Monday, November 23, 2009

What is LVM (Second part).


Logical volume management is a widely-used technique for deploying logical rather than physical storage. With LVM, "logical" partitions can span across physical hard drives and can be resized (unlike traditional ext3 "raw" partitions). A physical disk is divided into one or more physical volumes (Pvs), and logical volume groups (VGs) are created by combining PVs as shown in the following picture. Notice the VGs can be an aggregate of PVs from multiple physical disks.


Usefull commands:
1) pvscan
This command scans all disks for physical volumes.
# pvscan
pvscan -- reading all physical volumes (this may take a while...)
pvscan -- ACTIVE   PV "/dev/sda3" of VG "system_vg"   [7.49 GB / 0 free]
pvscan -- ACTIVE   PV "/dev/sdb"  of VG "software_vg" [27.99 GB / 0 free]
pvscan -- ACTIVE   PV "/dev/sdc"  of VG "software_vg" [8.96 GB / 0 free]
pvscan -- ACTIVE   PV "/dev/sdd"  of VG "software_vg" [46.55 GB / 36.51 GB free]
pvscan -- total: 4 [91.03 GB] / in use: 4 [91.03 GB] / in no VG: 0 [0]

2) pvdisplay
This command displays attributes of volume groups.
# vgdisplay system_vg
--- Volume group ---
VG Name               system_vg
VG Access             read/write
VG Status             available/resizable
VG #                  0
MAX LV                256
Cur LV                12
Open LV               11
MAX LV Size           255.99 GB
Max PV                256
Cur PV                1
Act PV                1
VG Size               7.49 GB
PE Size               4 MB
Total PE              1918
Alloc PE / Size       1918 / 7.49 GB
Free  PE / Size       0 / 0
VG UUID               eJAhF8-Ztnp-X6Bn-k4LN-t7Uw-5N2O-qXQv40

3) lvdispla
This command displays attributes of a logical volume.
# lvdisplay /dev/system_vg/home_lv
--- Logical volume ---
LV Name                /dev/system_vg/home_lv
VG Name                system_vg
LV Write Access        read/write
LV Status              available
LV #                   2
# open                 1
LV Size                500 MB
Current LE             125
Allocated LE           125
Allocation             next free
Read ahead sectors     1024
Block device           58:1

Thursday, November 19, 2009

What is LVM?

LVM is a Logical Volume Manager for the Linux operating system. There are now two version of LVM for Linux:
  • LVM 2 - The latest and greatest version of LVM for Linux.
    LVM 2 is almost completely backward compatible with volumes created with LVM 1. The exception to this is snapshots (You must remove snapshot volumes before upgrading to LVM 2)
    LVM 2 uses the device mapper kernel driver. Device mapper support is in the 2.6 kernel tree and there are patches available for current 2.4 kernels.
  • LVM 1 - The version that is in the 2.4 series kernel,
    LVM 1 is a mature product that has been considered stable for a couple of years. The kernel driver for LVM 1 is included in the 2.4 series kernels, but this does not mean that your 2.4.x kernel is up to date with the latest version of LVM.
Keep reading the second part

    Wednesday, November 18, 2009

    Does encrypted lvm increase server security ?

    Encrypted root With LVM on Fedora 8

    Overview

    This recipe details how you can install F8 (and most likely also F7 and CentOS 5) on a system such that everything except /boot is encrypted. This recipe makes use of your full disc (no unused space is left after it's completed), and doesn't require booting into a Live DVD (important because many of my machines don't have DVD drives on them, many don't even have CD drives). It also does not require a second hard drive.

    Stories abound about laptops being lost, and data possibly exposed because of it. I'm also concerned about someone breaking into my house and stealing our backup server, and through that exposing sensitive or confidential client data for many of our customers. I'm actually not that worried about the loss of the machines, they're cheap computers and data on our home backup server is duplicated at our facility. So, I like to run encrypted file-systems. 

    Keep reading here..

    Monday, November 16, 2009

    How to download a directory tree with ftp

    Linux: Download all file from ftp server recursively

    You can use ncftpget command to download entire ftp directory and sub directories from remote ftp server. Let us say you would like to download /www-data directory and all subdirectories inside this one from ftp.nixcraft.net server. You need to use ncftpget command.

    Install ncftp client

    ncftp client software can be downloaded from http://www.ncftp.com/ncftp/ and works with FreeBSD, Solaris and all most all UNIX variant. You can also run command as follows to install ncftp:
    $ sudo apt-get install ncftp

    FTP get directory recursively

    ncftpget is Internet file transfer program for scripts and advance usage. You need to use command as follows:

    $ ncftpget –R –v –u "ftpuser" ftp.nixcraft.net /home/vivek/backup /www-data

    Keep reading here

     

    Friday, November 13, 2009

    TCP Wrappers Configuration Files

    To determine if a client machine is allowed to connect to a service, TCP wrappers reference the following two files, which are commonly referred to as hosts access files:
    • /etc/hosts.allow
    • /etc/hosts.deny
    When a client request is received by a TCP wrapped service, it takes the following basic steps:
    1. The service references /etc/hosts.allow. — The TCP wrapped service sequentially parses the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule, it allows the connection. If not, it moves on to step 2.
    2. The service references /etc/hosts.deny. — The TCP wrapped service sequentially parses the /etc/hosts.deny file. If it finds a matching rule is denies the connection. If not, access to the service is granted.
    The following are important points to consider when using TCP wrappers to protect network services:
    • Because access rules in hosts.allow are applied first, they take precedence over rules specified in hosts.deny. Therefore, if access to a service is allowed in hosts.allow, a rule denying access to that same service in hosts.deny is ignored.
    • Since the rules in each file are read from the top down and the first matching rule for a given service is the only one applied, the order of the rules is extremely important.
    • If no rules for the service are found in either file, or if neither file exists, access to the service is granted.
    • TCP wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately without restarting network services.

       


    Wednesday, November 11, 2009

    No such client module online_update

    MACHINE:~ # you
    No such client module online_update

    Run 'yast2 -h' for help on usage
    MACHINE:~ # id
    uid=0(root) gid=0(root) grupos=0(root)
    MACHINE:~ # uname -a

    rpm -ivh yast2-online-update-2.6.17-59.i586.rpm