June 27, 2012 Leave a comment
Add these lines to your virtual host configuration
This will redirect the http://www.domain.com to domain.com permanently
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
June 27, 2012 Leave a comment
If you want to enable some ports of your linux machine for external users then you have to know below things first.
1. Service name you want to open up
2. Is it a tcp or udp service?
3. Port number(s) uses by service?
Example:
To enable ssh access to your box from anywhere on for Class A networks, you could use something like
iptables -A allowed -p tcp –dport 22 -s 10.2.0.0/16 -j ACCEPT
iptables -A allowed -p udp –dport 22 -s 10.2.0.0/16 -j ACCEPT
iptables -A allowed -p tcp –dport 22 -s 10.8.0.0/16 -j ACCEPT
iptables -A allowed -p udp –dport 22 -s 10.8.0.0/16 -j ACCEPT
This allows both udp and tcp traffic from either of the two class A networks to access port 22 on your machine.
June 26, 2012 Leave a comment
We can reset root Password using two techniques. First one is using the mysqladmin command and second one is using the mysql safemode technique. I have describe both the technique below.
Technique 1. Using Mysqladmin command
#mysqladmin -u root -p password ‘new-password’
Technique 2. Using Mysql safe mode
# /etc/init.d/mysql stop
# mysqld_safe –skip-grant-tables &
# mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD(“newpassword”) where User=’root’;
mysql> flush privileges;
mysql> quit
# /etc/init.d/mysql stop
# /etc/init.d/mysql start
June 25, 2012 Leave a comment
The quick and easy solution for MySQL failover is Master Slave Replication.But in reality it needs some support for failover. Because if you are using Master Slave Replication for your application and suddenly the Master Node dies, then how your application will know about this? You have to change the database configuration file again to point it to Slave Node if Master Node died.
To solve this problem I wrote a simple bash script which will watch the instances and serve the DB through SSH tunnel to the application server. You just need to run this bash script through nohup.
One more thing you have to configure before running the script is to generate a ssh key in the app server and have to add the key in the DB Server’s authorized_keys file.
Command to generate ssh keys in app server is – ssh-keygen -t rsa
Then scp $HOME/.ssh/id_rsa.pub user@dbserver@1 hostname:$HOME
ssh user@dbserver’s hostname
cat id_rsa.pub >> $HOME/.ssh/authorized_keys
Repeat the steps for dbserver@2
Step-1:
Create a script Ex: vi /etc/mysqaltunnel.sh
Add these lines to the file…
#!/bin/bash
node1=(192.168.2.101)
node2=(192.168.2.100)nodestatus1=$(telnet $node1 3306 < /dev/null | wc -l)
nodestatus2=$(telnet $node2 3306 < /dev/null | wc -l)mailuser=”tapas.mishra@wordpress.com”
if [ $nodestatus1 -eq 1 ]; then
pidnode1=`ps aux | grep -v grep | grep “ssh -f -L 3306:$node1:3306 root@$node1 -N” | awk ‘{print $2}’`
kill -9 $pidnode1
fi
if [ $nodestatus2 -eq 1 ]; then
pidnode2=`ps aux | grep -v grep | grep “ssh -f -L 3306:$node2:3306 root@$node2 -N” | awk ‘{print $2}’`
kill -9 $pidnode2
echo “The script found Secondary Node is down. However trying to connect the Primary Node.” | mail -s Secondary Node is unstable $mailuser
fi
if
ps aux | grep -v grep | grep “ssh -f -L 3306:$node1:3306 root@$node1 -N”; then
echo “Process is running”
exit
else
if
ps aux | grep -v grep | grep “ssh -f -L 3306:$node2:3306 root@$node2 -N”; then
echo “Process is running”
exit
else
echo “Starting the Primary Node”
if [ $nodestatus1 -eq 3 ]; then
ssh -f -L 3306:$node1:3306 root@$node1 -N
exit
else
echo “Node is unstable”
echo “The script found Primay Node is down. However trying to connect the Secondary Node.” | mail -s Primary Node is unstable $mailuser
echo “Trying with Secondary Node”
if [ $nodestatus2 -eq 3 ]; then
ssh -f -L 3306:$node2:3306 root@$node2 -N
exit
else
echo “Both the nodes are unstable”
echo “The script found both nodes are down. Please chek manually and fix the problem.” | mail -s Primary Node is unstable $mailuser
fi
fi
fi
fi
exit
Step-2:
Create a separate file which will run with nohup and in that file we will run the mysqltunnel.sh in loop.
vi /etc/nohup.sh
Add the below lines in nohup.sh
#!/bin/bash
while(true)
do
/bin/sh /etc/mysqltunnel.sh 1>&2
sleep 1;
done
Step-3
Now we are ready to run the scripts. Just have to follow two more steps.
chmod +x /etc/mysqltunnel.sh
chmod +x /etc/nohup.sh
Now we are ready to run the script.
nohup sh /etc/nohup.sh > custom-out.log &
Now test the script by stooping the service MySQL in both server one by one.
Have a Luck :)
June 24, 2012 1 Comment
netstat -nr is the command which will provide you the contents of the routing table.
# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
119.226.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
How to Change Your Default Gateway?
You will need to update your /etc/sysconfig/network file to reflect the change. This file is used to configure your default gateway
NETWORKING=yes
HOSTNAME=newhost
GATEWAY=192.168.3.1
June 23, 2012 Leave a comment
Suppose we want to take a backup of user’s account or doing some Maintenance of a Linux Machine.
So for that first of all we have to block the user’s to login into their account to maintain data integrity of user’s backup files.
By using below method we can do that easily.
Edit the pam file located in /etc/pam.d/ directory for the service you want to control.
Example : Suppose you want to do control ssh service
Step 1:
Add below line in /etc/pam.d/sshd file if it is not available.
account required pam_nologin.so
Step 2:
Create the /etc/nologin file,
# touch /etc/nologin
This should disable the login from ssh for every user except root user.
Step 3:
To re-enable the login just remove /etc/nologin
# rm –rf /etc/nologin
June 23, 2012 Leave a comment
You can use tcpwrappers to Block user,ip,daemon from outside or your inside network.
For allow use host.allow file and to block use host.deny file.
Step 1. Use your favorite editor like vi.
Step 2. Type vi /etc/hosts.deny
Step 3. At the bottom line just type “ALL:ALL:deny” to restricted all of daemon process
Step 4. Save it.
Step 5. Open “/etc/hosts.allow” with vi editor
Step 6. At the bottom line “ALL ( some ip that you want to allow):allow” to allow anything from that IP address
Step 7. Save it.
June 23, 2012 3 Comments
Step 1 – (On your server)
Install python-setuptools on your server, you’ll need it to install gitosis.
As root:
yum -y install python-setuptools
Step 2 – (On your server)
As root:
yum install git
Step 3 – (On your server)
Install gitosis.
As root:
git clone git://eagain.net/gitosis.git
(it should download stuff and create a gitosis directory)
cd gitosis
python setup.py install
Step 4 – (On your server)
Make a user called git.
adduser git
Give your new user git a password.
passwd git
Step 5 – (On your client)
The whole point of gitosis is to transfer files via ssh using a shared key process (ie: no password required to login to user git on your server). Now before you go and start doing it the manual way – don’t. Gitosis must create and maintain the authorized_keys file.
As your normal user on your client/development box:
ssh-keygen -t rsa (take the defaults)
There is now a new file called id_rsa.pub in ~/.ssh/
Copy the id_rsa.pub file to the server:
scp ~/.ssh/id_rsa.pub git@someServer.com:/home/git/
Step 6 – (On your server)
I’m assuming you’re still root on the server.
Change to the git user.
su git
cd /home/git
gitosis-init < id_rsa.pub
It should reply with Initialized empty Git repository in ./ – twice..
We can now remove id_rsa.pub as we don’t need it anymore.
rm id_rsa.pub
Now we must set some directory and file permissions to let sshd see the new authorized_keys file.
chmod 755 /home/git
chmod 700 /home/git/.ssh
chmod 644 /home/git/.ssh/authorized_keys
chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Step 7 – (On your client)
We’re pretty much done server side. Now we’re going to configure the server via the client.
Although I assume this is obvious, you need to install git on your client machine.
git clone git@someServer.com:gitosis-admin.git
cd gitosis-admin
You should see a gitosis.conf file and keydir directory. Here’s the thing, anything you need to configure on the server, you actually configure here and commit the changes to the server. Open up gitosis.conf in your favorite text editor
Make a new group name for your project. It really doesn’t matter what you name this group. Add users to the member section who will need push access.
[group myTeam]
members = (copy and paste the user from the members = line in the [group gitosis-admin] section)
writable = myNewProject
Save the file. Why did we use that members=user@someServer.com? If you look in the keydir directory, you’ll see your public key with the filename user@someServer.com.pub. These are your users (minus the .pub).
Step 8 – (On your client)
You’ve just made a configuration change. You want the server to allow user@someServer.com to have write access to a project called myNewProject. You must commit this change to the server.
git commit -a -m “Allow the machine I am on right now write access to myNewProject”
git push
Now it’s time to make the directory that will contain your project files. Move up out of the gitosis-admin directory.
cd ..
mkdir myNewProject
cd myNewProject
git init
git remote add origin git@someServer.com:myNewProject.git
Add your files, move some files, create some files. Put some files in the myNewProject directory.
Now we can commit the initial push to the server.
git add .
git commit -a -m “This is my initial commit for myNewProject”
git push origin master:refs/heads/master
Git will do some neat things and push things to the server. Now to delete the directory you just created.. Yeah, I said it.
cd ..
rm -fr myNewProject
And now to pull myNewProject from the server using clone..
git clone git@someServer.com:myNewProject
Now you have a version of your code you can actually use, make changes and commit to the server using normal git commands.
As of now, you have a fully functioning git server with a project and a client that can make changes. But what about other people?
Step 9 – (On your client)
So your friend Bob wants to help you out with myNewProject. Have Bob generate his own id_rsa.pub and send it you. When you have it:
cd gitosis-admin
Assuming Bob’s id_rsa.pub is in your home directory, move it to the key directory renaming it at the same time:
mv ~/id_rsa.pub keydir/bob.pub
Tell git about the new file:
git add keydir/bob.pub
Edit your gitosis.conf file again. Look for the members line in myNewProject and add Bob to it:
members = user@someServer.com bob
Now you could add bob to be in the gitosis-admin group if you wanted him to be able to do what you’re doing now. How much do you trust Bob?
Save the file and quit. It’s time to tell your server about Bob and send Bob’s public key.
git commit -a -m “Added commit rights to Bob on myNewProject”
git push
The server will automatically add Bob’s public key to authorized_keys. Do not attempt to add him manually.
June 21, 2012 Leave a comment
If you are getting error message while running a bash script like mentioned below:
error message: /bin/bash^M: bad interpreter: no such file or directory
Then follow below steps to rectify it.
sed -i s/{ctrl+v}{ctrl+m}// filename
or
Install a packege – dos2unix
yum install dos2unix
Then issue a comand
dos2unix scriptname
June 20, 2012 1 Comment
In this script I used 2 number of servers but you can define n number of server there.
============================================================
#!/bin/bash
yum -y install sshpass
arrayIp=(192.168.2.1 192.168.2.3)
user=root
arryPass=(demo123 test123)
len=${#arrayIp[*]} #Num elements in array
i=0
while [ $i -lt $len ]; do
ip=${arrayIp[$i]}
pass=${arrayPass[$i]}
sshpass -p $pass ssh -r -o StrictHostKeyChecking=no $user@$ip ‘yum -y install httpd’
let i++
done
Tapas Mishra 