CentOS 5.4 NetInstall
Download the network installation iso file and burn to CD.
Place the CD in the CD-Rom and reboot the system.
When ask to select the network install method, choose “HTTP” and enter the following:
1) for 32 Bit
Host: mirror.centos.org
Directory: centos/5.4/os/i386/
2) for 64 Bit
Host: mirror.centos.org
Directory: centos/5.4/os/x86_64/
Posted in CentOS, Linux, Linux Installation and tagged CentOS, Linux, Netinstall by Stan with comments disabled.
How To Mount NTFS disks on CentOS
Type this command to determine your kernel version:
[root@lnx ~]# uname -r
2.6.18-128.el5
Download the NTFS kernel modules from:
http://www.linux-ntfs.org/doku.php?id=redhat:rhel5
The current kernel module version of my system at the time of this writing was:
kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.rpm
Install the RPM :
rpm -ihv kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.rpm
Load the kernel module :
modprobe ntfs
Find the disk info : fdisk -l
One partition should be mentionned as HPFS/NTFS
Mount the partition :
mkdir /g_drive
mount -t ntfs /dev/hdb2 /g_drive
That’s it!
Posted in CentOS, Linux, Mounting and tagged CentOS, Linux, Mounting by Stan with comments disabled.
How To Reset The Root Password In A Linux OS
You are hired to take charge of a Linux or Unix production system and no password has been provided for whatever reason (maybe the administrator has just been fired). There are two basic methods to reset the root password:
Method 1:
—————
1. Place the first installation CD/DVD in the CD/DVD-Rom
2. Reboot the system
3. enter “linux rescue” as boot option + ENTER
4. click continue to mount the system
5. cd /mnt/sysimage/ (or chroot /mnt/sysimage/ and skip to step 9)
6. type “ls” (to show the none root environment) – optional
7. type “pwd” (to show the “present working directory” in a none root environment) – optional
8. chroot . bash -i (in order to get the root environment with “bash shell”)
9. type “pwd” (to show the “present working directory” in root environment) – optional
10. type “ls” (to show root environment) – optional
11. type “passwd” –> to reset the root password
*) other forms of system repairs (instead of just changing root password) can be perfomed here.
12. type “exit” —> until the system reboots
Method 2:
—————
1. Reboot
2. at the menu of the boot manager (e.g. grub), type ‘e’ for editing
3. navigate to the kernel you want to boot
4. at the right of the line, enter “init 1” or “single” and press enter
5. type ‘b’ to boot the system into the single user mode
6. type “passwd” to reset the root password
7. type “reboot” to restart the system
Check out this link below for how to recover VMware ESXi root password:Posted in CentOS, ESX, ESXi, Linux and tagged password, reset, Reset Root Password, root by Stan with comments disabled.
FTP & SELinux: 500 OOPS: cannot change directory
I ran into some problems trying to login my FTP-Server after installing and configuring VsFTP on CentOS 5.4. I got the following errors:
“500 OOPS: cannot change directory”
The problem occured because SELinux was preventing the FTP daemon (ftpd) from reading user’s home directories.
This setting can be overwritten by issuing the following command on the shell prompt.
# setsebool -P ftp_home_dir=1
This will allow FTP access to a user home directory through SELinux.
Posted in FTP, Linux, SELinux and tagged 500 OOPS, ftp SELinux by Stan with 1 comment.
Creating Custom SELinux Policy Modules with audit2allow
Sometimes there are occasions when none of the above methods deal with a given situation and we need to extend the SELinux policy by creating a custom policy module to allow for a certain set of conditions. For example, consider the smb service add-on for a file server. Our file server needs to communicate with samba over a Unix socket and that is something the default SELinux policy for our samba server does not allow. Consequently the service is blocked by SELinux. This is an issue that can not be fixed by changing or restoring file type security contexts and isn’t something that has a boolean value we can toggle to allow. We could disable SELinux protection of the samba server through a boolean, which would be better than disabling SELinux completely, but that is still far from ideal.
If we switch SELinux into Permissive mode and run our file server for a set period of time, we can log SELinux issues whilst still permitting access. Checking our logs, we see the following SELinux AVC messages:
type=SYSCALL msg=audit(1264381313.497:1327): arch=40000003 syscall=196
type=AVC msg=audit(1264381314.363:1328): avc: denied { search } for
type=SYSCALL msg=audit(1264381314.363:1328): arch=40000003 syscall=195
type=AVC msg=audit(1264381315.686:1329): avc: denied { getattr } for
*) The above output is trimed to fit in the box.
Then we can use ‘audit2allow’ to generate a set of policy rules that would allow the required actions. We can generate a local samba Type Enforcement policy file (sambalocal.te):
# mkdir selinux_samba
# cd selinux_samba
# grep smbd_t /var/log/audit/audit.log | audit2allow -m sambalocal > smblocal.te
# cat sambalocal.te
module sambalocal 1.0;
require {
type home_root_t;
type default_t;
type smbd_t;
class file getattr;
class dir { read getattr search };
}
#============= smbd_t ==============
allow smbd_t default_t:dir { read search };
smbd_t default_t:file getattr;
allow smbd_t home_root_t:dir { getattr search };
Above we see that we can grep the audit.log file for issues relating to our samba server and pipe those issues to audit2allow which generates a set of rules that it thinks would permit the actions currently denied by the SELinux policy. Reviewing these rules we see our samba server wants to connect and write to a Unix socket which we see from out logs is the Unix socket that the smb service is listening on. As this seems perfectly reasonable, we can go ahead and use audit2allow to make a custom policy module to allow these actions:
# grep smbd_t /var/log/audit/audit.log | audit2allow -M sambalocal
We then load our samba policy module using the ‘semodule’ command into the current SELinux policy:
semodule -i sambalocal
which will add our samba policy module to /etc/selinux/targeted/modules/active/modules/sambalocal.pp. We can check the policy module loaded correctly by listing loaded modules with ‘semodule -l’.
We can then continue to monitor our SELinux log files to check that our custom policy module works and once we are satisfied we can re-enable SELinux Enforcing mode and again benefit from SELinux protection of our now fully functional samba server.
Posted in Linux, SELinux and tagged audit2allow, SELinux by Stan with 1 comment.
How to make hard or symbolic links to files or directories
ln – make hard or symbolic links to files or directories
Synopsis
ln [-fs] filename [linkname]
ln [-fs] pathname… directory
Description
The ln utility creates an additional entry, called a link, to a file or directory. Any number of links can be assigned to a file. The number of links does not affect other file attributes such as size, protections, data, etc.
filename is the name of the original file. linkname is the new name to associate with the file or filename. If linkname is omitted, the last component of filename is used as the name of the link.
If the last argument is the name of a directory, symbolic links are made in that directory for each pathname argument; ln uses the last component of each pathname as the name of each link in the named directory.
A hard link (the default) is a standard directory entry just like the one made when the file was created. Hard links can only be made to existing files. Hard links cannot be made across file systems (disk partitions, mounted file systems). To remove a file, all hard links to it must be removed, including the name by which it was first created; removing the last hard link releases the inode associated with the file.
A symbolic link, made with the -s option, is a special directory entry that points to another named file. Symbolic links can span file systems and point to directories. In fact, you can create a symbolic link that points to a file that is currently absent from the file system; removing the file that it points to does not affect or alter the symbolic link itself.
A symbolic link to a directory behaves differently than you might expect in certain cases. While an ls on such a link displays the files in the pointed-to directory, an ‘ls -1’ displays information about the link itself:
Example1:
make a symbolic link to a file named.conf
ln [-fs] filename [linkname]
[root@lnmdr ~]#cd /etc
[root@lnxmdr etc]#ln -fs /var/lib/named/etc/named.conf named.conf
[root@lnxmdr etc]#ls -l named.conf
lrwxrwxrwx 1 root root 31 2009-12-26 16:22 named.conf -> ../var/lib/named/etc/named.conf
Example2:
make a hard link to the directory /var/lib/named/var/named/master in the /var/lib/named
ln [-fs] pathname… directory
[root@lnmdr ~]#cd /var/lib/named
[root@lnxmdr named]#ln -fs /var/lib/named/var/named/master master
[root@lnxmdr named]#ls master/
localdomain.zone localhost.zone master@ samba.forward
Posted in Linux and tagged directories, files, symbolic links by Stan with comments disabled.
Low-Level formating vs Zero-Filling an IDE Hard Drive
Very often, Zero-Filling an IDE hard drive is easy confused with Low-Level format. Let me start by saying that you don’t “low-level-format” IDE or ATA hard drives. This term is misnomer from old MFM hard drives days when drives could have the tracks and sectors defined using low-level-format.
All IDE or ATA drives we use today have their tracks and sectors preset at the factory and a real low level format would destroy the drive or at least slow it down drastically… in order words, you cannot redefine the tracks and sectors on these drives with low level format. At least it is fair to say that it is absolutely impossible to change the physical geometry of current IDE/ATA drives without destroying it. In conclusion, low-level-format is an old term that really doesn’t apply to today’s IDE/ATA hard drives.
Now, in today’s situation, there is a different approach in redefining the logical geometry of an IDE/ATA hard drive by building partition(s) on the drive. Keep in mind that there are also the differences between physical and logical geometry of a drive.
When people today use the term low-level-format, there is every indication that this is a real problem. Usually, one of the following issues may have occured:
- The drive has a boot sector virus and can no long be accessed to clean it off the drive
- The drive has begun to develope numerous bad sectors and they are increasing (usually seen when running Scan Disk)
- The drive has Linux, WindowsNT or other operating system installed which makes creating a Fat System on the drive incompatible with the new operating sytem to be installed.
What next… when people have these problems? They are usually wrongly told to low-level-format their hard drives. What really need to be done is reinitializing or mid-level format the drive.
ReInitializing an IDE/ATA Drive:
Now that we have the terminology straightened out, the next question would be… why does this matter? It is extremly important for you to know what exactly you’re doing to your drive.
When you reinitialize a hard drive, you basically use the appropriate tools to zero-fill the drive and as a result, cleaning every area of the hard drive. Most hard drive manufacturers provide on their web sites such utilities for downloading. One of such tools can be found on linux or UNIX operating systems and is simply called “dd”.
dd is the abbreviation for “dataset definition”. It is also jokingly said to stand for “disk destroyer” or “data destroyer”. since being used for low-level operations on hard disks, a small reversing the if and of parameters, can possibly result in the loss of all or some data on a hard disk.
Example:
Using dd to wipe an entire disk with random data.
We are going to use a flash drive for thepurpose of this example.
first, we need to switch to root account
[stan@lnx]$su –
Enter the root password and type:
[root@lnx]#dd if=/dev/zero of=/dev/hdd
or
[root@lnx]#dd if=/dev/urandom of=/dev/hdd
or
for n in {1..7}; do dd if=/dev/urandom of=/dev/sdd bs=8b conv=notrunc; done
Once this process is complete, the drive will be void of any partitions. You will need to use FDISK for microsoft products to partition the drive and then format the new drive.
On a linux system, do the following:
[root@lnx]#fdisk /dev/sdd
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won’t be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): p
Disk /dev/sdd: 1010 MB, 1010827264 bytes
32 heads, 61 sectors/track, 1011 cylinders
Units = cylinders of 1952 * 512 = 999424 bytes
Device Boot Start End Blocks Id System
Command (m for help): n
Command action
e extended
p primary partition (1-4): p
Partition number (1-4): 1
First cylinder (1-1011, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-1011, default 1011): 1011
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Syncing disks.
Now, format the new partition:
[root@lnx]#mkfs.vfat -F 32 /dev/sdd1
Posted in CentOS, ESX, Linux and tagged hard drive, low-level formating, zero-filling by Stan with comments disabled.
How to Clone USB Device on a Linux/Unix System
A friend once wrote me requesting this tutorial on how to clone an USB storage drive on a second USB device. The aim is to produce identical copy of the original. To achieve this, we need a Linux or UNIX system. We are going to be using Fedora Linux for the purpose of this tutorial.
Follow these simple steps:
1.) Login into the system as a regular user
2.) Switch to root by typing:
$su –
3.) Enter the root password
4.) Plug in the source USB and type at the prompt:
fdisk -l to see what device name the source USB has
(this may appear as /dev/sdb)
5.) Plug in the destination USB and type at the prompt:
fdisk -l to see what device name the destination USB has
(this may appear as /dev/sdc)
6.) Once you have both names determined, simply type the following:
dd if=/dev/sdb of=/dev/sdc conv=notrunc
(as we do not want to truncate the output file, we simple use the option notrunc)
The result of this command is an identical copy of the original USB device.
To make an image of the entire drive including MBR (boot files), type in terminal:
dd if=/dev/sdb of=/path/to/destination/image.dd conv=notrunc.
To restore the image to a new drive seen as /dev/sdc:
dd if=/path/to/image.dd of=/dev/sdc conv=notrunc
Posted in Linux and tagged clone, Linux, usb by Stan with comments disabled.