Remote installation of centos linux

Advertisements

Remote installation of centos linux
Remote installation or installing centos linux from a remote location can be done is a few ways. We can do remote installation using mainly three methods. NFS, FTP and HTTP. And when doing remote installation we can pull the graphical screen via VNC to our local system. We can categorize the installation again into two. Attended and unattended. In attended installation, we have to sit in front of the system and give answers. In unattended installation, we can write the answers into a file and notify the installation process to read the answers from it. In linux unattended installation can be done with kickstart file. We can save all things in some installation server and configure network instillation via PXE so that it'll need just a few clicks for the entire installation. We will discuss all the following methods in this article.

Configuring dhcp server in linux

Advertisements

DHCP is Dynamic host configuration protocol
The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default route and routing prefix. DHCP eliminates the manual task by a network administrator. It also provides a central database of devices that are connected to the network and eliminates duplicate resource assignments.
In addition to IP addresses, DHCP also provides other configuration information, particularly the IP addresses of local Domain Name Server (DNS), network boot servers, or other service hosts. Let's see how to install  and configure dhcp server in a centos 5 or redhat el5 system.

Here we will set the dhcp server for the network 192.168.137.0/24

Network 192.168.137.0/24

Client's ip range        192.168.137.150 - 192.168.137.250
Gateway 192.168.137.1
Bcast 192.168.137.255
DNS servers  8.8.8.8 and 8.8.4.4

The package name is dhcp. We will install usign yum.
[root@server ~]# yum install dhcp
[root@server ~]# rpm -q dhcp
dhcp-3.0.5-13.el5
[root@server ~]#

/etc/dhcpd.conf - is the  main configuration file

/var/lib/dhcpd  - Lease directory
/var/lib/dhcpd/dhcpd.leases - IPV4 Leases

The default dhcp configuration file will be a reference to the sample file.
[root@server ~]# cat /etc/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#[root@server ~]#

We will copy the sample file and edit it.
root@server ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcpd.conf
root@server ~]# cat  /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.137.0 netmask 255.255.255.0 {
        option routers                  192.168.137.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "lap.work";
        option domain-name-servers      8.8.8.8, 8.8.4.4;
        range dynamic-bootp 192.168.137.150 192.168.137.250;
        default-lease-time 21600;
        max-lease-time 43200;
}
[root@server ~]#

Check the service and start it.
[root@server ~]# /etc/init.d/dhcpd status
dhcpd is stopped
[root@server ~]# /etc/init.d/dhcpd start
Starting dhcpd:                                            [  OK  ]
[root@server ~]# chkconfig dhcpd on

Now from the client machine we can set the network settings on the eth0 device to dhcp and restart the network.

DHCP works in DORA format

Client sends DHCPDISCOVER (D)
Server sends DHCPOFFER (O)
Client sends DHCPREQUEST (R)
Server sends DHCPACK (A)

Now on taling the /var/log/messages on dhcp server we can see that all this happens while we restart the network on client
[root@server ~]# tail -f /var/log/messages
Feb 27 22:50:09 server dhcpd: DHCPDISCOVER from 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPOFFER on 192.168.137.250 to 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPREQUEST for 192.168.137.250 (192.168.137.100) from 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPACK on 192.168.137.250 to 00:0c:29:8d:16:93 via eth0

The lease file at the server side is stored at
[root@server ~]# cat /var/lib/dhcpd/dhcpd.leases
# All times in this file are in UTC (GMT), not your local timezone.   This is
# not a bug, so please don't ask about it.   There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature.   If this is inconvenient or confusing to you, we sincerely
# apologize.   Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5-RedHat

lease 192.168.137.250 {
  starts 1 2012/02/27 17:04:49;
  ends 1 2012/02/27 23:04:49;
  binding state active;
  next binding state free;
  hardware ethernet 00:0c:29:8d:16:93;
}
[root@server ~]#

If you want you can make a separate log file for dhcp
add this line
log-facility local8;

so makes the dhcpd.conf
root@server ~]# cat  /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.137.0 netmask 255.255.255.0 {
        option routers                  192.168.137.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "lap.work";
        option domain-name-servers      8.8.8.8, 8.8.4.4;
        range dynamic-bootp 192.168.137.150 192.168.137.250;
        default-lease-time 21600;
        max-lease-time 43200;
log-facility local8;
}
[root@server ~]#
Restart the dhcpd service
touch the file /var/log/dhcpd.log
and in /etc/syslog.conf
add the line
local8.*       /var/log/dhcpd.log
and restart syslog servce

In client machine. It gets the ip 192.168.137.250  which is in the range we specified.
[root@server ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:8D:16:93
          inet addr:192.168.137.250  Bcast:192.168.137.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe8d:1693/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:544 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:39256 (38.3 KiB)  TX bytes:130376 (127.3 KiB)
          Interrupt:75 Base address:0x2000

And also the nameserver details
[root@server ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search lap.work
nameserver 8.8.8.8
nameserver 8.8.4.4
[root@server ~]#

The lease file at the client is
[root@server ~]# cat /var/lib/dhclient/dhclient-eth0.leases
lease {
  interface "eth0";
  fixed-address 192.168.137.250;
  option subnet-mask 255.255.255.0;
  option routers 192.168.137.1;
  option dhcp-lease-time 21600;
  option dhcp-message-type 5;
  option domain-name-servers 8.8.8.8,8.8.4.4;
  option dhcp-server-identifier 192.168.137.100;
  option domain-name "lap.work";
  renew 1 2012/2/27 19:37:49;
  rebind 1 2012/2/27 22:34:52;
  expire 1 2012/2/27 23:19:52;
}
[root@server ~]#

Verifying signatures using GPG or PGP

Advertisements

GPG - GNU Privacy Guard
GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.

installing a gpg key. GPG is compatible with pgp ( Pretty good privacy). So you can install pgp key aslo.
gpg --import name.gpg

[root@work2 src]# gpg --import sendmail2011.asc
gpg: key A97884B0: public key "Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

Listing the installed gpg keys. This will list all the GPG/PGP keys currently installed on your system.
gpg --list-keys

[root@work2 src]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/CEEEF43B 2011-12-14
uid                  Sendmail Signing Key/2012 <sendmail@Sendmail.ORG>
sub   2048R/1998F74E 2011-12-14

pub   2048R/A97884B0 2011-01-04
uid                  Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>
sub   2048R/620439A5 2011-01-04

Verifying a package. Now verifying the signature using the signature file downloaded against the key installed.
gpg --verify name.x.x.x.sig name.x.x.x.tar.gz

[root@work2 src]# gpg --verify sendmail.8.14.5.tar.gz.sig sendmail.8.14.5.tar.gz
gpg: Signature made Mon 16 May 2011 09:40:21 AM IST using RSA key ID A97884B0
gpg: Good signature from "Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5872 6218 A913 400D E660  3601 39A4 C77D A978 84B0
[root@work2 src]#

Installation of Linux Malware Detect or maldet

Advertisements

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Some other antivirus scanners are rkhunter and chkrootkit.

Recovering a deleted file if there is still a running process asosciated with it

Advertisements

Recovering a deleted file in linux operating system if there is still a running process asosciated with it.

This is very interesting. We know filename is just a link to the inode. If we delet a file, only the link betweek filename to inode is removed. The data in the inode remains same until it is readded to the free list of inodes and allocated to an another file.

We can check this with a small example.

Here we create a text file with name filename.txt as follows.
[root@work1 ~]# vi filename.txt
[root@work1 ~]# cat filename.txt
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
[root@work1 ~]#

Now we view that file using less
[root@work1 ~]# less filename.txt
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
filename.txt (END)

Without quitting the less command, we delete the filename.txt from another terminal.
[root@work1 ~]# rm -rf filename.txt

Now try to cat it. Its gone!
[root@work1 ~]# cat  filename.txt
cat: filename.txt: No such file or directory
[root@work1 ~]#

Now using lsof command get the pid of the less process associated with the filename.txt
[root@work1 ~]# lsof | grep filename.txt
less      5315      root    4r      REG      253,0      140    1115137 /root/filename.txt (deleted)
[root@work1 ~]#

2nd field is the pid. i.e 5315

Now try cat the following
[root@work1 ~]# cat /proc/5315/fd/
0  1  2  3  4
[root@work1 ~]# cat /proc/5315/fd/4
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
[root@work1 ~]#

You can see its the very same file content.

Now just copy that to our desired file
[root@work1 ~]# cp /proc/5315/fd/4 filename.txt

Its done.
[root@work1 ~]# cat filename.txt
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
This is a test file
[root@work1 ~]#

Now we will see what are the content of /proc/pid/
[root@work1 ~]# ls /proc/5354/
attr  cmdline          cpuset  environ  fd      limits    maps  mounts      oom_adj    root       smaps  statm   task
auxv  coredump_filter  cwd     exe      limits  loginuid  mem   mountstats  oom_score  schedstat  stat   status  wchan
[root@work1 ~]#

/proc/[pid]
There is a numerical subdirectory for each running process; the subdirectory is named by the process ID. Each such subdirectory contains the following pseudo-files and directories

/proc/PID/cmdline
This holds the complete command line for the process, unless the process is a zombie. In the latter case, there is nothing in this file: that is, a read on this file will return 0 characters. The command-line arguments appear in this file as a set of strings separated by null bytes ('\0'), with a further null byte after the last string.

/proc/PID/cpu
Current and last cpu in which it was executed.

/proc/PID/cwd
This is a symbolic link to the current working directory of the process.

/proc/PID/environ
This file contains the environment for the process.

/proc/PID/exe
Under Linux 2.2 and later, this file is a symbolic link containing the actual pathname of the executed command. This symbolic link can be dereferenced normally; attempting to open it will open the executable.
Under Linux 2.0 and earlier /proc/[pid]/exe is a pointer to the binary which was executed, and appears as a symbolic link

/proc/PID/fd
This is a subdirectory containing one entry for each file which the process has open, named by its file descriptor, and which is a symbolic link to the actual file. Thus, 0 is standard input, 1 standard output, 2 standard error, etc.

/proc/PID/maps
A file containing the currently mapped memory regions and their access permissions.

/proc/PID/mem
This file can be used to access the pages of a process's memory through open(2), read(2), and lseek(2).

/proc/PID/root
UNIX and Linux support the idea of a per-process root of the file system, set by the chroot(2) system call. This file is a symbolic link that points to the process's root directory, and behaves as exe, fd/*, etc. do.

/proc/PID/stat
Status  information  about  the  process.

/proc/PID/statm
Provides information about memory status in pages.

/proc/PID/status
Provides much of the information in /proc/[pid]/stat and /proc/[pid]/statm in a format that's easier for humans to parse.

For more information regarding the fields under /proc/pid kindly run the following command
#man 5 proc

warning: unsupported SASL server implementation: cyrus

Advertisements

You may get this error while enabling the smtp_auth using cyrus with postfix

[root@work1 postfix-2.9.1]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@work1 postfix-2.9.1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

Errors:
tail -f /var/log/maillog
Feb 23 15:54:17 work1 postfix/postfix-script[10991]: starting the Postfix mail system
Feb 23 15:54:17 work1 postfix/master[10992]: daemon started -- version 2.9.1, configuration /etc/postfix
Feb 23 15:57:22 work1 postfix/smtpd[10996]: warning: unsupported SASL server implementation: cyrus
Feb 23 15:57:22 work1 postfix/smtpd[10996]: fatal: SASL per-process initialization failed
Feb 23 15:57:23 work1 postfix/master[10992]: warning: process /usr/libexec/postfix/smtpd pid 10996 exit status 1
Feb 23 15:57:23 work1 postfix/master[10992]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Reason and solution:
The Postfix-with-Cyrus-SASL build procedure has changed. You now need to specify -DUSE_CYRUS_SASL in addition to -DUSE_SASL_AUTH

Run the command as follows:
[root@work1 postfix-2.9.1]# make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" AUXLIBS="-L/usr/lib -lsasl2"

Now it works
[root@work1 postfix-2.9.1]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@work1 postfix-2.9.1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 work1.lap.work ESMTP Postfix
ehlo localhost
250-work1.lap.work
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH GSSAPI LOGIN PLAIN DIGEST-MD5 CRAM-MD5 NTLM
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Configuring simple DNS using bind or named

Advertisements

Configuring simple DNS using bind or named

I was searching for a simple DNS implementation using bind. But couldnt find one. So I'm posting this here. Here we are configuring dns for a domain lap.work

Server side configuration :
Install the bind and other needed packages
yum install bind-chroot bind bind-devel bind-utils caching-nameserver

Change the directory to /var/named/chroot/etc/ as we have installed chroot package. The ROOTDIR of named changed to /var/named/chroot
#cd /var/named/chroot/etc/

Create a named.conf using the sample files created by caching-nameserver
cat named.* > named.conf

Edit the named.conf as follows
[root@server ~]# cat /var/named/chroot/etc/named.conf
options {
        directory       "/var/named";
};

zone "lap.work" IN {
        type master; // This is the forward zone declaration for the domain lap.work
        file "lap.work.zone";
};

zone "137.168.192.in-addr.arpa" IN {
        type master; // This is the reverse zone declaration for the domain lap.work
        file "lap.work.local";
};
[root@server ~]#

Now creating the forward and reverse zone files.
[root@server ~]# cd /var/named/chroot/var/named/
cp localdomain.zone lap.work.zone
cp named.local lap.work.local

Create the forward zone as follows
[root@server named]# cat  lap.work.zone
$TTL    86400
@               IN SOA  lap.work. root (
                                        43              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           ns1.lap.work.
                IN MX  10       work1.lap.work.

www             IN A            192.168.137.10
ftp             IN A            192.168.137.10
mail            IN A            192.168.137.10
work1           IN A            192.168.137.10
ns1             IN A            192.168.137.10
[root@server named]#

Reverse zone file as
[root@server named]# cat  lap.work.local
$TTL    86400
@       IN      SOA     lap.work. root.lap.work.  (
                                      1997022701 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
         IN      NS      lap.work.
10       IN      PTR     work1.lap.work.
[root@server named]#

Change the permissions so that the following files belongs to the group named
[root@server named]# chown root.named /var/named/chroot/etc/named.conf
[root@server named]# chown root.named /var/named/chroot/var/named/lap.work.zone
[root@server named]# chown root.named /var/named/chroot/var/named/lap.work.local

start the named service.
[root@server named]# /etc/init.d/named start
Starting named:                                            [  OK  ]
[root@server named]#

client side configuration:
Edit the resolv.conf as follows.
[root@work1 ~]# cat /etc/resolv.conf
nameserver 192.168.137.100
[root@work1 ~]#

Testing the server using host and nslookup commands
[root@work1 ~]# host work1.lap.work
work1.lap.work has address 192.168.137.10
[root@work1 ~]# host -i 192.168.137.10
10.137.168.192.in-addr.arpa domain name pointer work1.lap.work.
[root@work1 ~]# nslookup work1.lap.work
Server:         192.168.137.100
Address:        192.168.137.100#53
Name:   work1.lap.work
Address: 192.168.137.10
[root@work1 ~]# nslookup 192.168.137.10
Server:         192.168.137.100
Address:        192.168.137.100#53
10.137.168.192.in-addr.arpa     name = work1.lap.work.
[root@work1 ~]#

How to open a range of ports in windows

Advertisements

You have to run the following command from the command prompt.

To open TCP ports 7000 to 7777 naming each rule as 7000-7777-tcp-Port_num, run the following command
FOR /L %I IN (7000,1,7777) DO netsh firewall add portopening TCP %I "7000-7777-tcp"%I

To open UDP ports 7000 to 7777 naming each rule as 7000-7777-udp-Port_num, run the following command
FOR /L %I IN (7000,1,7777) DO netsh firewall add portopening UDP %I "7000-7777-udp"%I

Extracting rar files in linux

Advertisements

In most Windows systems, there won't be any softwares to make .tar files. So you will be forced to create rar files using winrar or similar softwares. Still you can upload those file to linux machine and unpack them using unrar command. We will see how. We have to install a package named unrar in the linux system. Then it will provide the rar and unrar commands so that you can rar and unrar files.

For Debian or Ubuntu systems. :
# apt-get install unrar

For fedora Centos Redat systems :
# yum install unrar

For OpenBSD systems :
# pkg_add -v -r unrar

Or you can install it from source :

Download the package,
http://www.rarlab.com/rar/rarlinux-4.1.0.tar.gz
tar xvzf rarlinux-4.1.0.tar.gz
$ cd rar
$ ./unrar and ./rar

If you want you can copy these commands to /bin for easy access.
# cp rar unrar /bin

Usage:
#unrar e file_name.rar

Setting firewall using ufw

Advertisements

UFW is a firewall in Debian/Ubuntu Operating systems.

Enabling the firewall
root@suede:/# ufw enable

Firewall is active and enabled on system startup

Allowing ssh port :

root@suede:/# ufw allow 22/tcp
Rule added
root@suede:/# ufw allow 22/udp
Rule added

Listing the status :
root@suede:/# ufw status
Status: active
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/udp                     ALLOW       Anywhere
root@suede:/#

You can delete the rules as

root@suede:/# ufw delete allow 22
Rule deleted

You can also allow ports using name.

$ sudo ufw allow ssh
$ sudo ufw allow www
$ sudo ufw allow webmin

Install CHKROOTKIT on centos

Advertisements

This post explains how to install chkrootkit on linux.

Downloading and installing chkrootkit
Change to usr/local/src to download the package

#cd /usr/local/src

Download the package

#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Untar the source

#tar -zxvf chkrootkit.tar.gz

Install RKHunter in centos

Advertisements

This post explains how to install RKHunter  in Linux. Rootkit scanner is a scanning tool. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use. Can be downloaded from http://www.rootkit.nl

Moving a physical volume using pvmove

Advertisements

Suppose we want to move a physical volume /dev/sda3 from hard disk /dev/sda to /dev/sde3 of hard disk /dev/sde

First make the /dev/sde3 to a physical volume using the following command.
#pvcreate /dev/sde3

verify it using the command.
#pvs

add the newly created physical volume to the Volume group.
#vgextend  vg_name  /dev/sde3

Now move the /dev/sda3 to /dev/sde3
#pvmove   /dev/sda3  /dev/sde3

After completing the move, you can remove the  /dev/sda3 from the VG.
#vgreduce   vg_name  /dev/sda3

Now we can remove the physical volume itself
#pvremove /dev/sda3

You can check the vg status using following commands.
#vgs
#pvs
#lvs