Tag: Linux

SSL issue in CentOS

Error: SSL issue in yum repository during  yum update

Solution: 

  • Access server using ssh console
  • Open /etc/yum.conf and change configuration as follow:

            sslverify = false 
  • Add below line in all active repositories 

             sslverify = 0

Error: curl: (77) pbm with the SSL CA cert (path? access rights?)
Solution: 
  • Run following command to reinstall ca certificate and copy it to ca-bundle directory

  # yum reinstall ca-certificates openssl

  # mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates
 # wget ftp://ftp.rediris.es/volumes/sites/scientificlinux.org/scientific/6.7/i386/updates/fastbugs/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm
 # rpm2cpio ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm| cpio –idmv
 # cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

SSL issue in CentOS

Error: SSL issue in yum repository during  yum update

Solution: 

  • Access server using ssh console
  • Open /etc/yum.conf and change configuration as follow:

            sslverify = false 
  • Add below line in all active repositories 

             sslverify = 0

Error: curl: (77) pbm with the SSL CA cert (path? access rights?)
Solution: 
  • Run following command to reinstall ca certificate and copy it to ca-bundle directory

  # yum reinstall ca-certificates openssl

  # mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates
 # wget ftp://ftp.rediris.es/volumes/sites/scientificlinux.org/scientific/6.7/i386/updates/fastbugs/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm
 # rpm2cpio ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm| cpio –idmv
 # cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

Mount ISO Image in Linux/CentOS/Fedora

Procedure:

  • First create folder to mount ISO

  • # mkdir /mnt/isodata

  • After created mount point use mount command to mount iso file to /mnt/isodata folder

  • mount -t iso9660 -o loop /home/Data/data.iso /mnt/isodata

Options:

  1. -t: This option is use to indicate given file system type

  2. ISO 9660: It defines standard file system type structure to be used for CD/DVD ROMs

  3. -o:  Options are necessary with a -o argument followed by a separated comma string of options.

  4. loop: The loop device is a pseudo-device that often used for mounting CD/DVD ISO image and makes those files accessible as a block device

  • After mount image check data in folder

  • For permanent mounting enter below entry in /etc/fstab file as follow:
    /home/Data/data.iso  /mnt/isodata  iso9660  loop  0  0

  • Restart server and check permanent mount is working or not

Mount ISO Image in Linux/CentOS/Fedora

Procedure:

  • First create folder to mount ISO

  • # mkdir /mnt/isodata

  • After created mount point use mount command to mount iso file to /mnt/isodata folder

  • mount -t iso9660 -o loop /home/Data/data.iso /mnt/isodata

Options:

  1. -t: This option is use to indicate given file system type

  2. ISO 9660: It defines standard file system type structure to be used for CD/DVD ROMs

  3. -o:  Options are necessary with a -o argument followed by a separated comma string of options.

  4. loop: The loop device is a pseudo-device that often used for mounting CD/DVD ISO image and makes those files accessible as a block device

  • After mount image check data in folder

  • For permanent mounting enter below entry in /etc/fstab file as follow:
    /home/Data/data.iso  /mnt/isodata  iso9660  loop  0  0

  • Restart server and check permanent mount is working or not

Partitioning in Linux

Description:
  • This section shows you how to actually partition your hard drive with the fdisk utility. Linux allows only 4 primary partitions. You can have a much larger number of logical partitions by sub-dividing one of the primary partitions. Only one of the primary partitions can be sub-divided.
  • If partition size is more than 2 TB than you need to gdisk instead of fdisk. You need to convert from MBR to GPT you can do so (use caution with this) using gdisk.
Fdisk usage
  • fdisk is started by typing (as root) fdisk device at the command prompt. device might be something like /dev/hda or /dev/sda
  • The basic fdisk commands you need are:
  1. pprint the partition table
  2. ncreate a new partition
  3. ddelete a partition
  4. qquit without saving changes
  5. wwrite the new partition table and exit
  • Create New Partition on Linux
  1. Start a terminal.
  2. Start fdisk using the following command:
    # fdisk /dev/sda
  3. In fdisk, to create a new partition, type the following command:
    n
          1. When prompted to specify the Partition type, type p to create a primary partition or e to create an extended one. There may be up to four primary partitions. If you want to create more than four partitions, make the last partition extended, and it will be a container for other logical partitions
          2. When prompted for the Number, in most cases, type 3 because a typical Linux virtual machine has two partitions by default.
          3. When prompted for the Start cylinder, type a starting cylinder number or press Return to use the first cylinder available.
          4. When prompted for the Last cylinder, press Return to allocate all the available space or specify the size of a new partition in cylinders if you do not want to use all the available space.
          5. By default, fdisk creates a partition with a System ID of 83. If you’re unsure of the partition’s System ID, use the
            l
            Command to check it.
          6. Use the
            w
            Command to write the changes to the partition table.
             
  1. Create a file system on the new partition. We recommend that you use the same file system as on the other partitions. In most cases it will be either the Ext4 or ReiserFS file system. For example, to create the Ext4 file system, enter the following command:
    # mkfs.ext4 /dev/sda3
       Or
    # mkfs -t ext4 /dev/sda3
  2. Create a directory that will be a mount point for the new partition and mount partition in that directory. For example, to name it data, enter:
    # mkdir /data
    # mount /dev/sda3  /data
  3. Make changes in your static file system information by editing the /etc/fstab file in any of the available text editors. For example, add the following string to this file:
    /dev/sda3 /data ext4 defaults 0 0
    Save /etc/fstab file after making changes
Gdisk Usage:
  • Gdisk is use to create more than 2 TB partition because fdisk support up to 2 TB.
  • The basic fdisk commands you need are:
  1. pprint the partition table
  2. ncreate a new partition
  3. ddelete a partition
  4. qquit without saving changes
  5. wwrite the new partition table and exit
  • Method of create new partition will be same as fdisk.

Partitioning in Linux

Description:
  • This section shows you how to actually partition your hard drive with the fdisk utility. Linux allows only 4 primary partitions. You can have a much larger number of logical partitions by sub-dividing one of the primary partitions. Only one of the primary partitions can be sub-divided.
  • If partition size is more than 2 TB than you need to gdisk instead of fdisk. You need to convert from MBR to GPT you can do so (use caution with this) using gdisk.
Fdisk usage
  • fdisk is started by typing (as root) fdisk device at the command prompt. device might be something like /dev/hda or /dev/sda
  • The basic fdisk commands you need are:
  1. pprint the partition table
  2. ncreate a new partition
  3. ddelete a partition
  4. qquit without saving changes
  5. wwrite the new partition table and exit
  • Create New Partition on Linux
  1. Start a terminal.
  2. Start fdisk using the following command:
    # fdisk /dev/sda
  3. In fdisk, to create a new partition, type the following command:
    n
          1. When prompted to specify the Partition type, type p to create a primary partition or e to create an extended one. There may be up to four primary partitions. If you want to create more than four partitions, make the last partition extended, and it will be a container for other logical partitions
          2. When prompted for the Number, in most cases, type 3 because a typical Linux virtual machine has two partitions by default.
          3. When prompted for the Start cylinder, type a starting cylinder number or press Return to use the first cylinder available.
          4. When prompted for the Last cylinder, press Return to allocate all the available space or specify the size of a new partition in cylinders if you do not want to use all the available space.
          5. By default, fdisk creates a partition with a System ID of 83. If you’re unsure of the partition’s System ID, use the
            l
            Command to check it.
          6. Use the
            w
            Command to write the changes to the partition table.
             
  1. Create a file system on the new partition. We recommend that you use the same file system as on the other partitions. In most cases it will be either the Ext4 or ReiserFS file system. For example, to create the Ext4 file system, enter the following command:
    # mkfs.ext4 /dev/sda3
       Or
    # mkfs -t ext4 /dev/sda3
  2. Create a directory that will be a mount point for the new partition and mount partition in that directory. For example, to name it data, enter:
    # mkdir /data
    # mount /dev/sda3  /data
  3. Make changes in your static file system information by editing the /etc/fstab file in any of the available text editors. For example, add the following string to this file:
    /dev/sda3 /data ext4 defaults 0 0
    Save /etc/fstab file after making changes
Gdisk Usage:
  • Gdisk is use to create more than 2 TB partition because fdisk support up to 2 TB.
  • The basic fdisk commands you need are:
  1. pprint the partition table
  2. ncreate a new partition
  3. ddelete a partition
  4. qquit without saving changes
  5. wwrite the new partition table and exit
  • Method of create new partition will be same as fdisk.

IPTABLES Commands

IPTables
         Iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.
Types of Chains
Iptables uses three different chains: input, forward, and output
a>   Input – This chain is used to control the behavior for incoming connections. For example, if a user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port to a rule in the input chain.
b>  Forward – This chain is used for incoming connections that aren’t actually being delivered locally. Think of a router – data is always being sent to it but rarely actually destined for the router itself; the data is just forwarded to its target. Unless you’re doing some kind of routing, Nating, or something else on your system that requires forwarding, you won’t even use this chain.
·         There’s one sure-fire way to check whether or not your system uses/needs the forward chain.
      # iptables -L –v
c>   Output This chain is used for outgoing connections. For example, if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.
      # Iptables –L |grep policy
·         Above command is use to find the default policy for rule that you haven’t define in chain
      # iptables --policy INPUT ACCEPT
# iptables --policy OUTPUT ACCEPT
# iptables --policy FORWARD ACCEPT
If you get above output then iptables ACCEPT such a connection which were not defined.
If output is as follow then iptables drop connection which not define in rule:
# iptables --policy INPUT DROP
# iptables --policy OUTPUT DROP
# iptables --policy FORWARD DROP

Connection-specific Responses

With your default chain policies configured, you can start adding rules to iptables so it knows what to do when it encounters a connection from or to a particular IP address or port. In this guide, we’re going to go over the three most basic and commonly used “responses”.
Accept – Allow the connection.
Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.
Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

Allowing or Blocking Specific Connections

-A = Append rule to existing chain. Iptables starts at the top of its list and goes through each rule until it finds one that it matches
-I = Insert rule in chain. Iptables add new chain in firewall
As we mentioned earlier, a lot of protocols are going to require two-way communication. For example, if you want to allow SSH connections to your system, the input and output chains are going to need a rule added to them. But, what if you only want SSH coming into your system to be allowed? Won’t adding a rule to the output chain also allow outgoing SSH attempts?
That’s where connection states come in, which give you the capability you’d need to allow two way communication but only allow one way connections to be established. Take a look at this example, where SSH connections FROM 10.10.10.10 are permitted, but SSH connections TO 10.10.10.10 are not. However, the system is permitted to send back information over SSH as long as the session has already been established, which makes SSH communication possible between these two hosts.
# iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -p tcp --sport 22 -d 10.10.10.10 -m state --state ESTABLISHED -j ACCEPT

Saving Changes

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes.  This command can differ depending on your distribution:
Ubuntu:
sudo /sbin/iptables-save
Red Hat / CentOS:
/sbin/service iptables save
Or
/etc/init.d/iptables save
List the currently configured iptables rules:
# iptables -L

Delete Firewall Rules

To display line number along with other information for existing rules, enter:
# iptables -L INPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers | less
# iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1
You will get the list of IP. Look at the number on the left, then use number to delete it. For example delete line number 4, enter:
# iptables -D INPUT 4
OR find source IP 202.54.1.1 and delete from rule:
# iptables -D INPUT -s 202.54.1.1 -j DROP
Adding the -v option will give you packet and byte information, and adding -n will list everything numerically. In other words – hostnames, protocols, and networks are listed as numbers.
To clear all the currently configured rules, you can issue the flush command.
# iptables -F

Crontab in Linux

Crontab:

Description: crontab stands for “cron table,” because it uses the job scheduler cron to execute tasks; cron itself is named after “chronos,” the Greek word for time.

 

 Example of crontab format with commented fields is as follows:

# Minute   Hour   Day of Month       Month          Day of Week        Command 
    
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)     /usr/bin/find
                          
    0        2          12             *               0,6           
 

Some crontab command

# crontab -l  View crontab file, if any 
 
# crontab -r  Remove crontab file, if any 
 
# crontab -e  Edit (or create) user's crontab file (starts the editor automatically) 
 
# crontab file  Replace existing crontab file (if any) with file
 
 

Field Descriptions: 

Minute   hour    dayOfMonth    month    dayOfWeek    command
where:

minute values range from 0 to 59, 

hour values range from 0 to 23, 

dayOfMonth values range from 1 to 31, 

month values range from 1 to 12, 

dayOfWeek values range from 0 to 6, with 0 meaning Sunday 
  

Field Values: 

NUM
 
A single value
 
NUM-NUM
 
A range of values
 
NUM,NUM-NUM,...
 
A comma separated list of values or ranges (remember no spaces after commas!)
 
*
 
Wildcard, meaning match all possible values 

(Note: Don't use a wildcard for the minute field, and rarely for the hour!)

Examples: 

# Example 1:  0,30 8-17 * * 1-5 cmd
Answer: Run cmd on the half-hour from 8:00 AM to 5:30 PM, Monday thru Friday
 
# Example 2:  0 12 1,15 * 5 cmd
Answer: Run cmd at noon each Friday AND the first and fifteenth of every month

# Example 3:  17 3 * * 1 cmd
Answer: Run cmd at 3:17 AM Monday (a backup program perhaps)
 

Password Less SSH Between Centos

Password Less SSH Connection between Two Centos Server

Description

Here I have explained password less ssh configuration between two centos server. Please find below steps to configure it. Password less ssh configuration require when you want to upload backup using ssh.

Scenario:

Server 1: Source Server
Operating System: Centos 6
IP Address: 10.0.0.1
Server 2: Destination Server
Operating System: Centos 6
IP Address: 20.0.0.1

Procedure

  • Login to Server1 using root user
  • create the public key and private key by following command
# ssh-keygen -t rsa
  • It will ask for passphrase just press enter if you do not want to set any passphrase
  • After creating these keys you have to copy to the remote host [Server2] which you want to connect without password
  • Login to Server2 remote host.
  • Check .ssh directory is there or not by locate .ssh command
  • If .ssh directory is not there than create the directory by mkdir /root/.ssh
  • Give permission to .ssh directory using below command
# chmod 700 .ssh
  • Restart ssh service in Server2 using below command
# /etc/init.d/ssh restart
  • Come back to  Server1 and copy the key to the remote server [Server2] by following command
# cat id_rsa.pub | ssh -p 2220 root@20.0.0.1 ‘cat >>.ssh/authorized_keys’
Note: – You have to enter this command if port is different from 22 otherwise you can just follow the simple command
# ssh-copy-id  root@20.0.0.1
  • After that you can check the ssh login to the remote server [Server2]
# ssh –p 2220 root@20.0.0.1
  • It will not prompt you for the password and directly you will get the prompt.

Password Less SSH Between Centos

Password Less SSH Connection between Two Centos Server

Description

Here I have explained password less ssh configuration between two centos server. Please find below steps to configure it. Password less ssh configuration require when you want to upload backup using ssh.

Scenario:

Server 1: Source Server
Operating System: Centos 6
IP Address: 10.0.0.1
Server 2: Destination Server
Operating System: Centos 6
IP Address: 20.0.0.1

Procedure

  • Login to Server1 using root user
  • create the public key and private key by following command
# ssh-keygen -t rsa
  • It will ask for passphrase just press enter if you do not want to set any passphrase
  • After creating these keys you have to copy to the remote host [Server2] which you want to connect without password
  • Login to Server2 remote host.
  • Check .ssh directory is there or not by locate .ssh command
  • If .ssh directory is not there than create the directory by mkdir /root/.ssh
  • Give permission to .ssh directory using below command
# chmod 700 .ssh
  • Restart ssh service in Server2 using below command
# /etc/init.d/ssh restart
  • Come back to  Server1 and copy the key to the remote server [Server2] by following command
# cat id_rsa.pub | ssh -p 2220 root@20.0.0.1 ‘cat >>.ssh/authorized_keys’
Note: – You have to enter this command if port is different from 22 otherwise you can just follow the simple command
# ssh-copy-id  root@20.0.0.1
  • After that you can check the ssh login to the remote server [Server2]
# ssh –p 2220 root@20.0.0.1
  • It will not prompt you for the password and directly you will get the prompt.