Posts Tagged ‘RHEL’
March 20th, 2010 | 
Author: The following is a simple (and very row) init script for Symantec Backup Exec Agent for Linux.
I wrote it because I really hate to execute script not registered with chkconfig on a production systems.
I’ve added the “status” function by checking if an executable called “beremote” is listening on 10000/tcp on IPv4 on the localhost.
If you are planning to run ralus on a different TCP port, please fix the script.
The following is the script :
#!/bin/sh
#
# RALUS Control Script
# chkconfig: 2345 99 01
# Description: Here is a little startup/shutdown script for RedHat/CentOS systems
#
# Author : Riccardo Riva
#
# description: Symantec Backup Exec Linux Agent Init Script
#
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
# See how we were called.
if [ ! -d /opt/VRTSralus ]
then
echo "Symantec Backup Exec Remote Agent missing /opt/VRTSralus [FAILED]"
exit 1
fi
if [ ! -d /etc/VRTSralus ]
then
echo "Symantec Backup Exec Remote Agent missing /etc/VRTSralus [FAILED]"
exit 1
fi
if [ ! -d /var/VRTSralus ]
then
echo "Symantec Backup Exec Remote Agent missing /var/VRTSralus [FAILED]"
exit 1
fi
CMD="$1"
case "$CMD" in
'start')
if [ -x /opt/VRTSralus/bin/beremote ]
then
echo -n "Starting Symantec Backup Exec Remote Agent "
rm -f /var/VRTSralus/ralus.pid
rm -f /var/VRTSralus/ralus.errpid
/opt/VRTSralus/bin/beremote >/var/VRTSralus/beremote.service.log 2>/var/VRTSralus/beremote.service.log &
PIDWAIT=30
while [ "$PIDWAIT" != "0" ]
do
if [ -f /var/VRTSralus/ralus.pid ]
then
PIDWAIT=0
else
PIDWAIT=$(($PIDWAIT-1))
echo -n "."
sleep 1;
fi
if [ -f /var/VRTSralus/ralus.errpid ]
then
PIDWAIT=0
fi
done
if [ -f /var/VRTSralus/ralus.pid ]
then
RETVAL=0
else
RETVAL=1
fi
echo
else
RETVAL=1
fi
if [ "$RETVAL" = "0" ]
then
echo "Starting Symantec Backup Exec Remote Agent: [ OK ]"
else
echo "Starting Symantec Backup Exec Remote Agent: [FAILED]"
fi
;;
'stop')
if [ -f /bin/grep ]
then
PID=`/bin/ps -e | /bin/grep beremote | /bin/sed -e 's/^ *//' -e 's/ .*//'`
else
PID=`/usr/bin/ps -e | /usr/bin/grep beremote | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
fi
if [ "${PID}" != "" ]
then
echo -n "Stopping Symantec Backup Exec Remote Agent "
if [ -f /bin/pkill ]
then
/bin/pkill -15 beremote
else
/usr/bin/pkill -15 beremote
fi
RETVAL=$?
PIDWAIT=15
while [ "$PIDWAIT" != "0" ]
do
if [ -f /var/VRTSralus/ralus.pid ]
then
PIDWAIT=0
RETVAL=0
else
PIDWAIT=$(($PIDWAIT-1))
echo -n "."
sleep 1;
fi
done
echo
rm -f /var/VRTSralus/ralus.pid
rm -f /var/VRTSralus/ralus.errpid
else
RETVAL=1
fi
if [ "$RETVAL" = "0" ]
then
echo "Stopping Symantec Backup Exec Remote Agent: [ OK ]"
else
echo "Stopping Symantec Backup Exec Remote Agent: [FAILED]"
fi
;;
'restart')
$0 stop
$0 start
RETVAL=1
;;
'status')
if [ $(netstat -tulpan | grep beremote |grep 0.0.0.0:10000 | wc -l) -eq 1 ];
then
echo "Symantec Backup Exec Remote Agent running and listening on tcp port 10000"
else
echo "Symantec Backup Exec Remote Agent not running"
fi
;;
*)
echo "Symantec Backup Exec Remote Agent for Linux/Unix Servers"
echo "Usage: VRTSralus.init { start | stop | restart | status}"
RETVAL=1
;;
esac
exit $RETVAL
#
# -- End of file
You should download the file here : http://www.riccardoriva.com/shared-files/ralus_init_script.sh
Hope this help
Bye
Riccardo
Print This Post
If you use Postgrey (and you should do it) on your mail servers and you want to have some statistics on the amount of greylisted messages and other information, you should find useful the following script.
The scripts assume that you have installed Postgrey (http://postgrey.schweikert.ch/) on RHEL (http://www.redhat.com) or CentOS (http://www.centos.org).
If you are using other distros you may fix some path problems.
Create a file called “greylisting_statistics.sh” in your “/usr/local/bin” folder with the following content :
#!/bin/sh
LOGFILE=/tmp/greylist-statistics
YOURMAIL=you@yourdomain.com
echo -n "Total amount of GreyListed messages" > $LOGFILE
cat /var/log/maillog | /usr/sbin/postgreyreport --delay=300 >> $LOGFILE
echo -ne "\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
echo -n "Get only the top 20 sources getting greylisted out" >> $LOGFILE
cat /var/log/maillog | postgreyreport | awk '{print $1}' | sort | uniq -c | sort -nr | head -n20 >> $LOGFILE
echo -ne "\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
echo -n "Get a list of the top 20 email address that the greylisted sources are sending email to" >> $LOGFILE
cat /var/log/maillog | postgreyreport | awk '{print $4}' | sort | uniq -c | sort -nr | head -n20
echo -ne "\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
echo -ne "-------------------------------------\n" >> $LOGFILE
cat $LOGFILE | mail -s "Greylisting Statistics of `hostname` for `date +%Y-%m-%d`" $YOURMAIL
#--- End of file ---
Assign to it the correct ownership and permission by running :
chmod 700 /usr/local/bin/greylisting_statistics.sh chown root:root /usr/local/bin/greylisting_statistics.sh
Schedule the execution using “crontab -e” and adding the following line to have a daily based statistics :
59 23 * * * /usr/local/bin/greylisting_statistics.sh
Hope this help
Bye
Riccardo
Print This Post
This simple How-To will explain a raw and dirt method to daemonize to http manager for ARECA Raid Controller.
If you have this controller on your system you should find in the bundled CD-ROM the following folder :
root PACKAGES -> Linux -> CLI -> version -> i386 -> cli32 PACKAGES -> Linux -> CLI -> version -> x86-64 -> cli32 PACKAGES -> Linux -> HTTP -> version.x.y.x -> i386 -> archttp32 PACKAGES -> Linux -> HTTP -> version.x.y.x -> x86-64 -> archttp32
Create a folder in your /usr/local folder called “areca” e and create into it two folders called “http” and “cli”
Copy the “cli32″ and “archttp32″ executable file that match your architecture (i386 or x86-64) in the specified folder, so you should have something similar :
[root@relay ~]# ls -lahR /usr/local/areca/ /usr/local/areca/: total 20K drwxr-xr-x 4 root root 4.0K Feb 12 10:28 . drwxr-xr-x 13 root root 4.0K Feb 12 10:26 .. dr-xr-xr-x 2 root root 4.0K Feb 12 10:27 cli dr-xr-xr-x 2 root root 4.0K Feb 12 10:42 http /usr/local/areca/cli: total 1.6M dr-xr-xr-x 2 root root 4.0K Feb 12 10:27 . drwxr-xr-x 4 root root 4.0K Feb 12 10:28 .. -r-xr-xr-x 1 root root 1.6M Dec 26 2008 cli32 /usr/local/areca/http: total 1.6M dr-xr-xr-x 2 root root 4.0K Feb 12 10:42 . drwxr-xr-x 4 root root 4.0K Feb 12 10:28 .. -r-xr-xr-x 1 root root 1.6M Dec 26 2008 archttp32 -rw-r--r-- 1 root root 91 Feb 12 10:42 archttpsrv.conf
Create a new file called “areca” in your /etc/init.d folder with the following content :
#!/bin/sh
#
# Startup script for the ARECA RAID CONTROLLER HTTP Monitor
#
# chkconfig: 2345 62 38
# description: HTTP Tools to monitor and manage ARECA RAID Controller
#
# processname: archttp32
# config: none
# lockfile: /var/lock/subsys/archttp32
#
# Author: Riccardo Riva
# WebSite: http://www.riccardoriva.com
#
# This script is realeased under the terms of the GPL.
#====================================================================
# Source function library
. /etc/init.d/functions
RETVAL=0
start() {
echo -n $"Starting ARECA HTTP Manager: "
daemon /usr/local/areca/http/archttp32 2>&1>/dev/null &
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/archttp32
return $RETVAL
}
stop() {
echo -n $"Stopping ARECA HTTP Manager: "
killproc archttp32
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/archttp32
return $RETVAL
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading ARECA HTTP Manager: "
killproc archttp32 -ALRM
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status archttp32
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/archttp32 ] && restart || :
;;
reload)
reload
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
exit 1
esac
exit $?
#---End of file---
Assing to it the right permission and ownership
chmod 755 /etc/init.d/areca chown root:root /etc/init.d/areca
You should also place in the executable file folder the configuration file, called “archttp32srv.conf” with the following content :
[GENERAL] BindingIp=0.0.0.0 HTTPPort=81 SMTPPort=25 ScanPci=YES ScanRs232=NO ScanInband=NO ConnInfo=NO [MAIL] Server=MAIL.SERVER.IP.ADDRESS # Please Change ME Sender=SENDERNAME # Please Change ME SenderMail=SENDERMAIL # Please Change ME Account= Password= MailToName1=RECEIVERNAME # Please Change ME MailToName2= MailToName3= MailToName4= MailAddr1=RECEIVERMAIL # Please Change ME MailAddr2= MailAddr3= MailAddr4= EvtLevel=3 NotifyForNoEvent=NO [SNMP] TrapIp1=SNMP.SERVER.IP.ADDRESS # Please Change ME TrapIp2=0.0.0.0 TrapIp3=0.0.0.0 TrapPort1=162 TrapPort2=162 TrapPort3=162 Community=public EvtLevel=3
And configure it for startup at boot time.
chkconfig areca on
I know it very dirt, but I had no time left to search a better way, maybe in the future.
Hope this help
Bye
Riccardo
Print This Post
The following is a simple (and very row) init script for Bacula 5.0.
I wrote it because I really hate to execute script not registered with chkconfig on a production systems.
The following is the script :
#!/bin/sh
#
# BACULA Control Script
# chkconfig: 2345 99 01
# Description: Here is a little startup/shutdown script for RedHat/CentOS systems
#
# processname: bacula
# bacula-dir pidfile: /var/run/bacula-dir.9101.pid
# bacula-fd pidfile: /var/run/bacula-fd.9102.pid
# bacula-sd pidfile: /var/run/bacula-sd.9103.pid
#
# bacula-dir config: /etc/bacula/bacula-dir.conf
# bacula-fd config: /etc/bacula/bacula-fd.conf
# bacula-sd config: /etc/bacula/bacula-sd.conf
#
# Author : Riccardo Riva
#
# description: It comes by night and sucks the vital essence from your computers.
#
SCRIPTDIR=/etc/bacula
#
# Disable Glibc malloc checks, it doesn't help and it keeps from getting
# good dumps
MALLOC_CHECK_=0
export MALLOC_CHECK_
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
# See how we were called.
case "$1" in
start)
[ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
[ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
[ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
;;
stop)
# Stop the FD first so that SD will fail jobs and update catalog
[ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
[ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
[ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
;;
restart)
$0 stop
sleep 2
$0 start
;;
status)
[ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd status
[ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd status
[ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir status
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
exit $RETVAL
#--- End of file ---
You should download the script from here :
http://www.riccardoriva.com/shared-files/bacula_init_script.sh
Hope this help
Bye
Riccardo
Print This Post
In this tutorial I will describe how setup a complete mail server for relaying mail to another server, for example an IMAP server or an Exchange, tipically this machine will be placed in a DMZ network and will be reachable from internet.
I will explain how to install and configure :
- Postgrey : to do GreyListing on incoming mails and avoid SPAM.
- Postfix : to receive mails for local or remote mailboxes and do some checks for trash mail using RBL and internal options.
- Amavisd-New : to scan incoming mails form Viruses and SPAM.
- Clamd : to avoid Amavisd-new virus scan.
- Spamassassin : to avoid amavisd-new SPAM scan with Razor, Pyzor and DCC.
- Altermime : to add a disclaimer (both text and html) for the outgoing mail.
- Cyrus-Sasl : to enable sasl authentication for road warriors.
- Fetchmail : to eventually fetch the mail from another mail server.
- Apache : to create a reverse proxy to reach a webmail service on the internal web server.
I’ll describe all steps needed to install it on RHEL or CentOS because the steps are identical for both distributions and because are my favourites ones.
I’m assuming you’re going to install a 64bit operating system, but if you choose to install the 32bit version pay only attention for some packages to fit your architecture.
First of all you have to install you operating systems. I’ll not explain this process because it’s very simple, but I’ll suggest you to NOT customize the system during the installation procedure, it will be done later.
At the first reboot, disable both Selinux and Firewall, then reboot again and login to your system as user root.
This simple post will show how to configure Ethernet Bonding on two (or more) network interfaces on RHEL 5 or CentOS 5.
I’ve tested this configuration on a CentOS 5.2 with kernel 2.6.18-92.1.22.el5 as you could see below :
uname -a Linux serverlab.riccardoriva.local 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 x86_64 x86_64 GNU/Linux cat /etc/redhat-release CentOS release 5.2 (Final)
If you want to create a bonding on two interface (i.e. eth0 and eth1) you should do the following :
Edit /etc/sysconfig/network-scripts/ifcfg-eth0
# Bonding eth0 to bond0 DEVICE=eth0 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=NO
Edit /etc/sysconfig/network-scripts/ifcfg-eth1
# Bonding eth1 to bond0 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=NO
Copy /etc/sysconfig/network-scripts/ifcfg-eth1 to /etc/sysconfig/network-scripts/ifcfg-bond0 to keep the same file permission by executing the following commands :
cd /etc/sysconfig/network-scripts copy ifcfg-eth1 ifcfg-bond0
Edit /etc/sysconfig/network-scripts/ifcfg-bond0
ifcfg-bond0 DEVICE=bond0 BOOTPROTO=none ONBOOT=yes NETWORK=10.100.100.0 NETMASK=255.255.255.0 IPADDR=10.100.100.1 USERCTL=NO
Edit /etc/modprobe.conf adding the following line :
alias bond0 bonding
Reboot your system to let modules be loaded or load it manually with the following command :
insmod bond0 bonding
If you haven’t rebooted your system, restart your network with the following command :
/etc/init.d/network restart
You should check if bonding is working you should look at /proc/net/bonding/bond0 with the following command :
cat /proc/net/bonding/bond0
and you should see something similar to the following :
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth0 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:15:17:88:5a:3c Slave Interface: eth1 MII Status: up Link Failure Count: 0 Permanent HW addr: 00:15:17:88:5a:3d
You’ve done
Hope this help
Bye
Riccardo
Print This Post
This simple init script is for daemonize freshclam (Clamd Antivirus Updater) on RHEL or CentOS.
Create a brand new file called freshclam in /etc/init.d/ with the following content :
#!/bin/sh
#
# Startup script for the Clam AntiVirus Update Tool
#
# chkconfig: 2345 62 38
# description: freshclam is an update daemon for Clam AV database.
#
# processname: freshclam
# config: /etc/freshclam.conf
# pidfile: /var/run/clamav/freshclam.pid
#
# Author: Riccardo Riva
# WebSite: http://www.riccardoriva.com
#
# This script is realeased under the terms of the GPL.
#====================================================================
# Source function library
. /etc/init.d/functions
# Get network config
. /etc/sysconfig/network
test -f /etc/freshclam.conf || exit 0
RETVAL=0
start() {
echo -n $"Starting freshclam: "
daemon /usr/bin/freshclam -d -p /var/run/clamav/freshclam.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/freshclam
return $RETVAL
}
stop() {
echo -n $"Stopping freshclam: "
killproc freshclam
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamav/freshclam.pid /var/lock/subsys/freshclam
return $RETVAL
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading DB: "
killproc freshclam -ALRM
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status freshclam
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/freshclam ] && restart || :
;;
reload)
reload
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
exit 1
esac
exit $?
Assign to it corect ownership and permission :
chown root:root /etc/init.d/freshclam chmod 755 /etc/init.d/freshclam
Test if the scripts works correctly on your system with the following commands :
service freshclam start service freshclam stop service freshclam restart service freshclam reload service freshclam condstart
If all works fine you should add freshclam to the automatic startup services with the following command :
chkconfig freshclam on
Hope this help
Bye
Riccardo
Print This Post
This post will explain how to configure a relay server to put on a DMZ network for relay mail for two domains, and use two mail server on the internal network.
This configuration will be useful to not publish your SMTP server (Linux, Exchange, Lotus Domino or whatever you have) directly on internet, and keep it in your internal network, and publish a relay server for security purpose.
I’ve tested this configuration for relaying mail to Microsoft Exchange, Postfix, QMail, Sendmail, Lotus Domino, Merak and other less common mail server without any kind of problems.
You could use Red Hat Enterprise Linux (RHEL) or CentOS without change an line of the following configuration, but with small adjustement you can use this how to to any linux distribution.
I’ve used Postfix as mail server, because for me it’s the best, and Amavisd-New, Clamd and SpamAssassin for checking Virus and Spam on relaying mail.
This post assume you have two internal network 192.168.1.0/24 and 192.168.2.0/24 and you have a mail server for yourdomain.com on the 192.168.1 network and another mail server for yourdomain.net on 192.168.2 network.
In particular the yourdomain.com mail server have 192.168.1.4/24 and yourdomain.net mail server have 192.168.2.1/24.
This post will also explain how to configure a simple SMTP authentication based on sasl to authenticate external user directly on the relay server and permit them to send mail to any ther domain using it.
This article assume you have two system with RHEL 5.2 X86_64 installed and you want to create a cluster to have High Availability for some services (in this article Apache Web Server).
This article also assume that you have a shared storage accessible from the two system, as for example a Storage Area Network (SAN) Fibre Channel oer iSCSI and you have free space on it.
Read the rest of this entry »
At today, RedHat does not have a native iSCSI target for RHEL5.2, so if you’re tired to use some other products like OpenFiler or similar, you could install it from source. Today (January, 25th 2009) there’s iSCSI target version 0.4.17 so you could use it.
All the following how-to is based on a RHEL 5.2 X86_64 installed from DVD and not updated.
