Posts Tagged ‘How-To’
March 1st, 2010 | 
Author: This simple How-To will explain a raw and dirt method to daemonize to http manager for ARECA Raid Controller.
If you have this controller on your system you should find in the bundled CD-ROM the following folder :
root PACKAGES -> Linux -> CLI -> version -> i386 -> cli32 PACKAGES -> Linux -> CLI -> version -> x86-64 -> cli32 PACKAGES -> Linux -> HTTP -> version.x.y.x -> i386 -> archttp32 PACKAGES -> Linux -> HTTP -> version.x.y.x -> x86-64 -> archttp32
Create a folder in your /usr/local folder called “areca” e and create into it two folders called “http” and “cli”
Copy the “cli32″ and “archttp32″ executable file that match your architecture (i386 or x86-64) in the specified folder, so you should have something similar :
[root@relay ~]# ls -lahR /usr/local/areca/ /usr/local/areca/: total 20K drwxr-xr-x 4 root root 4.0K Feb 12 10:28 . drwxr-xr-x 13 root root 4.0K Feb 12 10:26 .. dr-xr-xr-x 2 root root 4.0K Feb 12 10:27 cli dr-xr-xr-x 2 root root 4.0K Feb 12 10:42 http /usr/local/areca/cli: total 1.6M dr-xr-xr-x 2 root root 4.0K Feb 12 10:27 . drwxr-xr-x 4 root root 4.0K Feb 12 10:28 .. -r-xr-xr-x 1 root root 1.6M Dec 26 2008 cli32 /usr/local/areca/http: total 1.6M dr-xr-xr-x 2 root root 4.0K Feb 12 10:42 . drwxr-xr-x 4 root root 4.0K Feb 12 10:28 .. -r-xr-xr-x 1 root root 1.6M Dec 26 2008 archttp32 -rw-r--r-- 1 root root 91 Feb 12 10:42 archttpsrv.conf
Create a new file called “areca” in your /etc/init.d folder with the following content :
#!/bin/sh
#
# Startup script for the ARECA RAID CONTROLLER HTTP Monitor
#
# chkconfig: 2345 62 38
# description: HTTP Tools to monitor and manage ARECA RAID Controller
#
# processname: archttp32
# config: none
# lockfile: /var/lock/subsys/archttp32
#
# Author: Riccardo Riva
# WebSite: http://www.riccardoriva.com
#
# This script is realeased under the terms of the GPL.
#====================================================================
# Source function library
. /etc/init.d/functions
RETVAL=0
start() {
echo -n $"Starting ARECA HTTP Manager: "
daemon /usr/local/areca/http/archttp32 2>&1>/dev/null &
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/archttp32
return $RETVAL
}
stop() {
echo -n $"Stopping ARECA HTTP Manager: "
killproc archttp32
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/archttp32
return $RETVAL
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading ARECA HTTP Manager: "
killproc archttp32 -ALRM
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status archttp32
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/archttp32 ] && restart || :
;;
reload)
reload
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
exit 1
esac
exit $?
#---End of file---
Assing to it the right permission and ownership
chmod 755 /etc/init.d/areca chown root:root /etc/init.d/areca
You should also place in the executable file folder the configuration file, called “archttp32srv.conf” with the following content :
[GENERAL] BindingIp=0.0.0.0 HTTPPort=81 SMTPPort=25 ScanPci=YES ScanRs232=NO ScanInband=NO ConnInfo=NO [MAIL] Server=MAIL.SERVER.IP.ADDRESS # Please Change ME Sender=SENDERNAME # Please Change ME SenderMail=SENDERMAIL # Please Change ME Account= Password= MailToName1=RECEIVERNAME # Please Change ME MailToName2= MailToName3= MailToName4= MailAddr1=RECEIVERMAIL # Please Change ME MailAddr2= MailAddr3= MailAddr4= EvtLevel=3 NotifyForNoEvent=NO [SNMP] TrapIp1=SNMP.SERVER.IP.ADDRESS # Please Change ME TrapIp2=0.0.0.0 TrapIp3=0.0.0.0 TrapPort1=162 TrapPort2=162 TrapPort3=162 Community=public EvtLevel=3
And configure it for startup at boot time.
chkconfig areca on
I know it very dirt, but I had no time left to search a better way, maybe in the future.
Hope this help
Bye
Riccardo
Print This Post
In this tutorial I will describe how setup a complete mail server for relaying mail to another server, for example an IMAP server or an Exchange, tipically this machine will be placed in a DMZ network and will be reachable from internet.
I will explain how to install and configure :
- Postgrey : to do GreyListing on incoming mails and avoid SPAM.
- Postfix : to receive mails for local or remote mailboxes and do some checks for trash mail using RBL and internal options.
- Amavisd-New : to scan incoming mails form Viruses and SPAM.
- Clamd : to avoid Amavisd-new virus scan.
- Spamassassin : to avoid amavisd-new SPAM scan with Razor, Pyzor and DCC.
- Altermime : to add a disclaimer (both text and html) for the outgoing mail.
- Cyrus-Sasl : to enable sasl authentication for road warriors.
- Fetchmail : to eventually fetch the mail from another mail server.
- Apache : to create a reverse proxy to reach a webmail service on the internal web server.
I’ll describe all steps needed to install it on RHEL or CentOS because the steps are identical for both distributions and because are my favourites ones.
I’m assuming you’re going to install a 64bit operating system, but if you choose to install the 32bit version pay only attention for some packages to fit your architecture.
First of all you have to install you operating systems. I’ll not explain this process because it’s very simple, but I’ll suggest you to NOT customize the system during the installation procedure, it will be done later.
At the first reboot, disable both Selinux and Firewall, then reboot again and login to your system as user root.
This post will explain how to disable IPv6 in a system running Debian GNU/Linux or Ubuntu Linux.
You should want to disable IPv6 for compatibility reason or if you not plan to use it for speed up your system and/or to avoid loading of unuseful modules on system start up.
For disable the protocol you have to edit
/etc/modprobe.d/aliases
file and change two lines as follow :
#alias net-pf-10 ipv6 net-pf-10 off
You should also tell to your kernel to not load IPv6 module by blacklisting it at the boot, for doing so edit
/etc/modprobe.d/blacklist
file adding the following line :
blacklist ipv6
Reboot your system and check with the following command if the module ipv6 is not present :
lsmod |grep ipv6
You’ve done
Hope this help
Bye
Riccardo
Print This Post
This pot will show some useful example on how to use the “grep” command to find an occurency in a Linux system.
Grep searches the input file (or files) for lines containing a match to a given pattern. Whe an occurency math it copies to standard input the line with the occurrency or you should rediret the output whatever you want.
You should simpy invoke grep with the following :
grep 'STRING' filename
The above is a very simple use f grep, infact it check only in a single file searching all the occurency for ‘STRING’.
You should also use it to find ‘STRING1 STRING2′ in all files in your current location, running ::
grep 'STRING1 STRING2' *
or if you want to make the same research on a given path (i.e. all files in /etc) you should use :
grep 'STRING1 STRING2' /etc/*
Notice the use of single quotes; This are not essential but in this example it was required since the name contains a space. Double quotes could also have been used in this example.
In case of too much occurency you should redirect the output o a file to make more comfortable the research, for example using :
grep 'STRING 1 STRING2" /etc/* > /tmp/grepresults.txt
The following is a simple list for Grep Regular Expression
grep can search for complicated pattern to find what you need using some special characters used to create a regular expression:
`.’ The period `.’ matches any single character.
`?’ The preceding item is optional and will be matched at most once.
`*’ The preceding item will be matched zero or more times.
`+’ The preceding item will be matched one or more times.
for example, a regular expression search would be :
grep "\<[A-Za-z].*" file
The search above will search for any word which begins with a letter upper or lower case.
For more details check :
man grep
Hope this help
Bye
Riccardo
Print This Post
The following is a simple script to monitor a Software Raid configuration on a Linux System.
It execute a /proc/mdstat check to search a ‘blocks_’ occurency which indicates problems on the Raid system and in case of match it notify the system administrator with a mail message.
It should be very useful for non-presidiated system, even if I always prefer Hardware Raid.
#!/bin/bash # # Script created by Riccardo Riva # http://www.riccardoriva.com # # It check a Software Raid subsystem and notify by mail any occurency problem # Define variable LOG_FILE=/tmp/raid-check.log SYSTEM=`uname --nodename` MAILTO='systemadmin@mail.exp' # Checking /proc/mdstat cat /proc/mdstat | grep 'blocks.*_' > $LOG_FILE # Define function in case of problems detected if [ $? -eq 0 ] then echo "The $SYSTEM system has RAID failures on it." >> $LOG_FILE echo "Below is the output from /proc/mdstat" >> $LOG_FILE echo "===========================================" >> $LOG_FILE cat /proc/mdstat >> $LOG_FILE echo "===========================================" >> $LOG_FILE cat $LOG_FILE | mail -s 'URGENT: RAID disk failure detected' $MAILTO fi # Deleting log file rm -f >> $LOG_FILE # Exit exit 0
Save the file above as /usr/local/bin/raidcheck.sh and assign to it correct permission and ownership with the folowing :
chmod 700 /usr/local/bin/raidcheck.sh chown root:nobody /usr/local/bin/raidcheck.sh
Change the email address variable with a real email address who will receive the notification.
You should now schedule the script execution at every time interval you want (i.e. twice a day, or hourly if you are paranoic).
Remember that is better to be paranoic that have a degraded system with unrecoverable data.
Hope this help
Bye
Riccardo
Print This Post
Hi all, the following will be a quick and dirt list of commands for use “dd” in a linux system for various task.
First of all you should create an Hard Disk Image, for example if you want to create an image of your /dev/sda device, you should have another disk (with a writable partition) (i.e. /dev/sdb) with a directory (i.e. /home mounted on it) and simply type :
dd if=/dev/sda of=/home/sda.bin
Or even a partition backup using the same disk device for source and destination like the following (if for example you have /home mounted on /dev/sda2) :
dd if=/dev/sda1 of=/home/sda1.bin
You should even create a compress image of the same disk above, using GZIP, simply type the following :
dd if=/dev/sda1 | gzip > /home/sda1.bin.gz
One of the most useful use of dd (it’s saved my life a lot of time) will be :
dd if=/dev/sda of=sda.boot.mbr bs=512 count=1
With the above command, you have backuped up your MBR (Master Boot Record) of your /dev/sda device and in case of disaster you should restore it, for example booting with a live CD using the following :
dd if=sda.boot.mbr of=/dev/sda bs=512 count=1
You should also create a manual RAID1 between two disk by executing the followinf script with a cron job :
#!/bin/sh # LOG="/var/log/mirror.log" ADMIN="yourmail@yourprovider.ext" ERROR=0 echo `/bin/date` >$LOG 2>&1 /bin/dd if=/dev/sda of=/dev/sdb bs=1M >>$LOG 2>&1 ERROR=$? echo `/bin/date` >>$LOG 2>&1 if [ $ERROR -ne 0 ]; then cat $LOG | /bin/mail -s "Report mirror `uname -n`" $ADMIN fi
The above sript will copy the entire /dev/sda to /dev/sdb logging the process and send an email to your email address at the end for debug and monitoring purpose.
If the first hard disk (/dev/sda) fail, you should phisicaly umount it, and subsitute it with /dev/sdb then reboot the system.
Hope this help
Bye
Riccardo
Print This Post
In some situation you may want to avoid loading a Linux driver module automatically . For example:
- In some cases buggy driver causes kernel BUG or system fault on load so you just want to avoid the problem.
- If your system connected without a diskette / floppy drive; kernel will try to load floppy driver – disable floppy driver or module.
The Linux kernel get module information on boot from /etc/modprobe.conf file and /etc/modprobe.d/* file(s).
If you are using RHEL or CentOS do the following :
open your /etc/modprobe.conf file and turn of auto loading using following syntax:
alias driver-name off
If you are using Debian or Ubuntu do the following :
open /etc/modprobe.d/blacklist file and add driver name using following syntax:
blacklist driver-name
Reboot your system and use lsmod command to show the status of modules in the Linux Kernel.
Hope this help
Bye
Riccardo
Print This Post
This post will explain some best practice to adopt when you have VMware Virtual Center and/or VMware License Server on a virtual machine.
The main problem that can occur is that when your VM which contains the license server goes down and has been down for longer then 14 days you will not be able to boot it up again. This is because the grace period has expired, and ESX doesn’t let you power on any virtual machine for licensing problems.
What you can do to avoid this type of situation should be :
- Make sure you always have a “host based” license file on each of your ESX server. In all days job you don’t need it, but in some cases it could be useful to bypass the need to contact the license server. Obviously, after put online again your license server, you can revert to license server based configuration.
- You could also put the host the VM is on into evaluation mode. Than you should restart the VM and then revert to license server based configuration.
- You should also keep a copy of a VMware license server VM on a separate virtual machine external to your infrastructure, for example running on your notebook with VMware Workstation or VMware Server, and in case of need boot up that VM to have a valid license server.
- If you have some money you should consider also products like VMware vCenter Hearthbeat or Neverfail for VirtualCenter.
That’s all, you should now be safe.
Hope this help
Bye
Riccardo
Print This Post
At some customer sites I have to shutdown all Virtual Machines and all ESX hosts when a power failure occurs, but I didn’t find a place in which collect all informations needed to let all works.
Finally I collect all the information needed and adjust some script find all over the internet and the following is the result.
I’ve tested it on ESX Server 3.5 Update 4 with APC PowerChute Agent v2.2.3 and APC SMART-UPS 5000i UPS
The goal was to :
If a power failure occurs then wait some minutes to check if power come back, and if not :
- try to shutdown all virtual machines running on esx host with a soft shutdown command
- if soft shutdown above fail, shut them down with a hard shutdon command
- wait for virtual machine to shutdown (300 sec).
- if virtual machine is already running then do hard power off
- shutdown esx host
This post will explain hot-to configure a unique IP Address on multiple NICs (Phisical or Virtual) on Debian GNU/Linux (with a 2.6 kernel).
This post assume you have a 192.168.0.0/24 network and that you want to assign 192.168.0.10/24 to your system.
Read the rest of this entry »
Ethernet bonding refers to aggregate multiple ethernet channels together to form a single channel. This is primarily used for redundancy in ethernet paths or for load balancing. This page refers to ifenslave mode in particular to configure ethernet bonding on Linux systems, and so doesn’t limit itself to discussion of 802.3ad Trunk Aggregation.
I’ve used the following modes a lot of time under Debian or Ubuntu and on Open-E.
This post will explain how to configure a backup MX server for queuing mail for two (or more) domains if the primary mail server of those domains become unreachable.
I’ve tested this configuration for relaying mail to Microsoft Exchange, Postfix, QMail, Sendmail, Lotus Domino, Merak and other less common mail server without any kind of problems.
You could use Red Hat Enterprise Linux (RHEL) or CentOS without change an line of the following configuration, but with small adjustement you can use this how to to any linux distribution.
I’ve used Postfix as mail server, because for me it’s the best, and Amavisd-New, Clamd and SpamAssassin for checking Virus and Spam on relaying mail.
This post assume you have two queuing for two domains “yourdomain.com” and “yourdomain.net”.
This post assume that you have a primary mail server (MX with preference 10) for “yourdomain.com” with IP 111.111.111.111 and a primary mail server (MX with preference 10) for “yourdomain.com” with IP 111.222.222.222 and you want to use a server with IP 222.222.222.222 for queuing mail of both domains.
This post will explain a quick and dirt method to block Skype for some user, but avoid to block access to https urls not defined as FQDN.
This post assume that your client have non direct Internet access and must pass trough your Squid Proxy Server to have an external connection.
This Post assume your local network is 192.168.1.0/24
This post assume you want to give SKYPE access to IPs from 192.168.1.100 to 192.168.1.200 and you want to give internet access to all your network.
Obviously you MUST change the IPs based on your REAL network configuration.
In the following configuration, I’m going to create some ACL to define my networks, the skype connection method, skype connections destinations and create a sort of WhiteList that could fill in with some exceptions to avoid https connection problems.
This post will explain some useful command on a fortigate firewall.
This post assume you have a Fortinet Fortigate device and want to use it to
connect your local network (192.168.1.0/24) to internet and you have an
internet connection.
This post also assume that you have a router with a pubblic IP address
111.222.111.1 and you have a pubblic subnet 111.222.111.0/29.
In this case I’ve used a point-to point device to detect the connection
failure with IP address 111.222.111.123.
Obviously you must change your private (INTERNAL) IP address to adapt it to
your network, and use your public subnet and not the one used here for the
example (111.222.111.0/29).
config system global
# Set the http admin port to 80/tcp
set admin-port 80# Set the https admin port to 443/tcp
set admin-sport 443# Set the ssh admin port to 22/tcp
set admin-ssh-port 22# Set the telnet admin port to 23/tcp
set admin-telnet-port 23# Set the hostname
set hostname “FGT50B-MAGAZZINO”# Set the ntp server to “time.ien.it” and enable it
set ntpserver “time.ien.it”
set ntpsync enable# Set to 43200 seconds the tcp-halfclose timer
set tcp-halfclose-timer 43200
end# Set the telnet 23/tcp port timeout to 43200 seconds.
# This is very useful if you have an AS400 (iSeries) to avoid session
timeout.
config system session-ttl
set default 43200
config port
edit 23
set timeout 43200
next
end# Set the IP address and administrative access options (ping https http) for
INTERNAL interface.
config system interface
edit “internal”
set ip 192.168.1.254 255.255.255.0
set allowaccess ping https http
set type physical
next# Set the IP address and administrative access options (ping https) for WAN1
interface.
# Set “gateway Detect” option enable and set the “Ping Server” destination.
# Set the interface speed to 10 Mb/s Half Duplex, this is useful for some
connections like radio bridge.
edit “wan1″
set ip 111.222.111.2 255.255.255.248
set allowaccess ping https
set gwdetect enable
set detectserver “111.222.111.123″
set type physical
set speed 10half
next
end# Set DNS Servers and DNS options
config system dns
set primary 192.168.1.3
set secondary 212.97.32.2
set domain ”
set autosvr disable
set dns-cache-limit 5000
set cache-notfound-responses disable
end# Set a firewall policy to enable traffic from INTERNAL TO WAN1 using NAT
# Set a protection profile (a default one) called “scan”
config firewall policy
edit 1
set srcintf “internal”
set dstintf “wan1″
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set profile-status enable
set profile “scan”
set nat enable
next
end# Set a default gateway on the WAN1 interface
config router static
edit 1
set device “wan1″
set gateway 111.222.111.2
end
Hope this help
Bye
Riccardo
Print This Post
This post assume you have just installed SLES on your server, and that the server in correctly configured to access internet.
This post also assume that you want to create a mail server for the following domain :
- yourdomain.com
- yourdomain.net
In this post we’re going to create a local mail server, that support the two domain above (but could be more than those) based on Postfix and Cyrus-Imap, with IMAP, IMAPS and SIEVE support, optionally you could add also Antivirus and AntiSpam using Amavisd-New with Clamav and SpamAssassin, and we also going to provide a webmail using squirrelmail.
This post assume you want to put this mail server on your DMZ with an ip address 192.168.100.1 and that you want to permit mail relay from your local network (192.168.1.0/24) and from authenticated user.
All the tasks above will be explained in the rest of the post.
This post will explain hot-to configure a unique IP Address on multiple NICs (Phisical or Virtual) on SuSE Linux Enterprise Server (9 or 10).
This post assume you have a 192.168.1.0/24 network and that you want to assign 192.168.1.1/24 to your system.
This post will explain hot-to configure a unique IP Address on multiple NICs (Phisical or Virtual) on RedHat Linux (or Fedora).
This post assume you have a 192.168.1.0/24 network and that you want to assign 192.168.1.1/24 to your system.
This post will explain hot-to configure multiple IP Address on ONE nic (Phisical or Virtual) on RedHat Linux (or Fedora).
This post assume you have a 192.168.1.0/24 network and that you want to assign 192.168.1.1/24 and 192.168.1.2/24 to your system.
The following is a quick and dirt guide on how to use a mailbox with the “.” character with Cyrus Imap.
add the following line to your imapd.conf
unixhierarchysep: 1
login to your cyrus imap server and run the following command to create a new mailbox
cm user/your.name
setacl user/your.name cyrus lrsiwpcda
When the UNIX hierarchy convention is used, the “.” character MAY be used in mailbox names, including user names. In order to mantain backwards compatibility with the internal namespace, all “.” character will be translated in a benign character (at this time “^”) before any data is written to disk. For example, if user “your.name” had a personal mailbox “customer.support” , it would be stored as “user.your^name.customer^support” in the internal namespace.
If you use it, it’s very important that you remember this phenomenon if/when reverting back to the netnews hierarchy convention.
Hope this help
Bye
Riccardo Print This Post
As you have noticed during the Ubuntu installation there was no question about the root password, as you might have been used to see during other Linux distribution installation process.
This is why the root account is inactive and can’t be used (no password configured) until we will setup a proper password for it.
To do this, we simply need to run:
sudo passwd root
This will ask for a new root password and once you confirm it, you can start using the root account to login by using :
su -
when you’re logged in as normal user.
In case you will want to disable back the root account, just lock the root account by running:
sudo passwd -l root
Hope this help
Bye
Riccardo
