Category: Linux

How to make permanent changes in resolv.conf

a) Set “PEERDNS=no”  and “PEERROUTES=no” in :

/etc/sysconfig/network-scripts/ifcfg-<whatever>

b) Set “NM_CONTROLLED=no” in:

/etc/sysconfig/network-scripts/ifcfg-<whatever>

c)  chattr +i /etc/resolv.conf

Note:

This options lock the entries in resolv.conf.

Click to rate this post!
[Total: 3 Average: 4]

How to migrate Jenkins credentials from old server to the new one.

1. Create same git users with whatever password you want (later will be overwrite)on the new JENKINS server.

2. Stop new and old Jenkins servers.

3. Copy secret files and folder from $OLD_JENKINS_HOME/secret* to the new $NEW_JENKINS_HOME root

cp -R $OLD_JENKINS_HOME/secret* $NEW_JENKINS_HOME

4. Copy credentials.xml file from $OLD_JENKINS_HOME/credentials.xml to the $NEW_JENKINS_HOME root

cp $OLD_JENKINS_HOME/credentials.xml $NEW_JENKINS_HOME

5. Start the new JENKINS server.

NOTE:  This approach was susccessfully tested on both linux and windows.

Click to rate this post!
[Total: 4 Average: 3.3]

Linux Directory Structure

Linux Directory Structure

Each of the above directory (which is a file, at the first place) contains important information, required for booting to device drivers, configuration files, etc. Describing briefly the purpose of each directory, we are starting hierarchically.

  1. /bin : All the executable binary programs (file) required during booting, repairing, files required to run into single-user-mode, and other important, basic commands viz., cat, du, df, tar, rpm, wc, history, etc.
  2. /boot : Holds important files during boot-up process, including Linux Kernel.
  3. /dev : Contains device files for all the hardware devices on the machine e.g., cdrom, cpu, etc
  4. /etc : Contains Application’s configuration files, startup, shutdown, start, stop script for every individual program.
  5. /home : Home directory of the users. Every time a new user is created, a directory in the name of user is created within home directory which contains other directories like Desktop, Downloads, Documents, etc.
  6. /lib : The Lib directory contains kernel modules and shared library images required to boot the system and run commands in root file system.
  7. /lost+found : This Directory is installed during installation of Linux, useful for recovering files which may be broken due to unexpected shut-down.
  8. /media : Temporary mount directory is created for removable devices viz., media/cdrom.
  9. /mnt : Temporary mount directory for mounting file system.
  10. /opt : Optional is abbreviated as opt. Contains third party application software. Viz., Java, etc.
  11. /proc : A virtual and pseudo file-system which contains information about running process with a particularProcess-id aka pid.
  12. /root : This is the home directory of root user and should never be confused with ‘/
  13. /run : This directory is the only clean solution for early-runtime-dir problem.
  14. /sbin : Contains binary executable programs, required by System Administrator, for Maintenance. Viz.,iptables, fdisk, ifconfig, swapon, reboot, etc.
  15. /srv : Service is abbreviated as ‘srv‘. This directory contains server specific and service related files.
  16. /sys : Modern Linux distributions include a /sys directory as a virtual filesystem, which stores and allows modification of the devices connected to the system.
  17. /tmp :System’s Temporary Directory, Accessible by users and root. Stores temporary files for user andsystem, till next boot.
  18. /usr : Contains executable binaries, documentation, source code, libraries for second level program.
  19. /var : Stands for variable. The contents of this file is expected to grow. This directory contains log, lock,spool, mail and temp files.

Exploring Important file, their location and their Usability

Linux is a complex system which requires a more complex and efficient way to start, stop, maintain and reboota system unlike Windows. There is a well defined configuration files, binaries, man pages, info files, etc. for every process in Linux.

  1. /boot/vmlinuz : The Linux Kernel file.
  2. /dev/hda : Device file for the first IDE HDD (Hard Disk Drive)
  3. /dev/hdc : Device file for the IDE Cdrom, commonly
  4. /dev/null : A pseudo device, that don’t exist. Sometime garbage output is redirected to /dev/null, so that it gets lost, forever.
  5. /etc/bashrc : Contains system defaults and aliases used by bash shell.
  6. /etc/crontab : A shell script to run specified commands on a predefined time Interval.
  7. /etc/exports : Information of the file system available on network.
  8. /etc/fstab : Information of Disk Drive and their mount point.
  9. /etc/group : Information of Security Group.
  10. /etc/grub.conf : grub bootloader configuration file.
  11. /etc/init.d : Service startup Script.
  12. /etc/lilo.conf : lilo bootloader configuration file.
  13. /etc/hosts : Information of Ip addresses and corresponding host names.
  14. /etc/hosts.allow : List of hosts allowed to access services on the local machine.
  15. /etc/host.deny : List of hosts denied to access services on the local machine.
  16. /etc/inittab : INIT process and their interaction at various run level.
  17. /etc/issue : Allows to edit the pre-login message.
  18. /etc/modules.conf : Configuration files for system modules.
  19. /etc/motd : motd stands for Message Of The Day, The Message users gets upon login.
  20. /etc/mtab : Currently mounted blocks information.
  21. /etc/passwd : Contains password of system users in a shadow file, a security implementation.
  22. /etc/printcap : Printer Information
  23. /etc/profile : Bash shell defaults
  24. /etc/profile.d : Application script, executed after login.
  25. /etc/rc.d : Information about run level specific script.
  26. /etc/rc.d/init.d : Run Level Initialisation Script.
  27. /etc/resolv.conf : Domain Name Servers (DNS) being used by System.
  28. /etc/securetty : Terminal List, where root login is possible.
  29. /etc/skel : Script that populates new user home directory.
  30. /etc/termcap : An ASCII file that defines the behaviour of Terminal, console and printers.
  31. /etc/X11 : Configuration files of X-window System.
  32. /usr/bin : Normal user executable commands.
  33. /usr/bin/X11 : Binaries of X windows System.
  34. /usr/include : Contains include files used by ‘c‘ program.
  35. /usr/share : Shared directories of man files, info files, etc.
  36. /usr/lib : Library files which are required during program compilation.
  37. /usr/sbin : Commands for Super User, for System Administration.
  38. /proc/cpuinfo : CPU Information
  39. /proc/filesystems : File-system Information being used currently.
  40. /proc/interrupts : Information about the current interrupts being utilised currently.
  41. /proc/ioports : Contains all the Input/Output addresses used by devices on the server.
  42. /proc/meminfo : Memory Usages Information.
  43. /proc/modules : Currently using kernel module.
  44. /proc/mount : Mounted File-system Information.
  45. /proc/stat : Detailed Statistics of the current System.
  46. /proc/swaps : Swap File Information.
  47. /version : Linux Version Information.
  48. /var/log/lastlog : log of last boot process.
  49. /var/log/messages : log of messages produced by syslog daemon at boot.
  50. /var/log/wtmp : list login time and duration of each user on the system currently.
Click to rate this post!
[Total: 0 Average: 0]

Linux timezone setup

For Debian:

dpkg-reconfigure tzdata

For Centos:

Example:

mv /etc/localtime /etc/localtime.old; ln -s /usr/share/zoneinfo/Europe/Bucharest /etc/localtime

Click to rate this post!
[Total: 0 Average: 0]

Iptables useful deny rules

Block Incoming Request From IP 1.2.3.4

The following command will drop any packet coming from the IP address 1.2.3.4:
/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

You can also specify an interface such as eth1 via which a packet was received:
/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i eth1 -s 1.2.3.4 -j DROP

Please note that when the “!” argument is used before the interface name, the sense is inverted:
/sbin/iptables -I INPUT ! -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT ! -i eth1 -s 1.2.3.4 -j DROP

If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match:
/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE}+ -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i br+ -s 1.2.3.4 -j DROP

You can replace -I INPUT (insert) with -A INPUT (append) rule as follows:
/sbin/iptables -A INPUT -s 1.2.3.4 -j DROP
/sbin/iptables -i eth1 -A INPUT -s 1.2.3.4 -j DROP

How Do I Block Subnet (xx.yy.zz.ww/ss)?
Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

How Do I Block and Log Dropped IP Address Information?
You can turn on kernel logging of matching packets with LOG target as follows:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j LOG –log-prefix “IP DROP SPOOF A:”

The next rule will actually drop the ip / subnet:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

How Do I View Blocked IP Address?
Simply use the following command:
# /sbin/iptables -L -v

OR
# /sbin/iptables -L INPUT -v

OR
# /sbin/iptables -L INPUT -v -n

Sample outputs:

Chain INPUT (policy ACCEPT 3107K packets, 1847M bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all — br+ any 1.2.3.4 anywhere
0 0 DROP all — !eth1 any 1.2.3.4 anywhere
0 0 DROP all — !eth1 any 1.2.3.4 anywhere
How Do I Search For Blocked IP Address?
Use the grep command as follows:
# /sbin/iptables -L INPUT -v -n | grep 1.2.3.4

How Do I Delete Blocked IP Address?
First, you need to display blocked IP address along with line number and other information, enter:
# iptables -L INPUT -n –line-numbers
# iptables -L INPUT -n –line-numbers | grep 1.2.3.4

Sample outputs:

num pkts bytes target prot opt in out source destination
1 0 0 DROP 0 — * * 116.199.128.1 0.0.0.0/0
2 0 0 DROP 0 — * * 116.199.128.10 0.0.0.0/0
3 0 0 DROP 0 — * * 123.199.2.255 0.0.0.0/0
To delete line number 3 (123.199.2.255), enter:
# iptables -D INPUT 3

Verify the same, enter:
# iptables -L INPUT -v -n

You can also use the following syntax:
# iptables -D INPUT -s 1.2.3.4 -j DROP

How Do I Save Blocked IP Address?

If you are using Redhat / RHEL / CentOS / Fedora Linux, type the following command:
# iptables -D INPUT -s 1.2.3.4 -j DROP
##########################
#////// command to save iptables ///////#
##########################
# /sbin/service iptables save
# less /etc/sysconfig/iptables
# grep ‘1.2.3.4’ /etc/sysconfig/iptables

For all other Linux distributions use the iptables-save command to dump the contents of an IP Table to a file:
# iptables-save > /root/myfirewall.conf

Please not that you need to run the ‘iptables-save’ or ‘service iptables save’ as soon as you add or delete the ip address.

A Note About Restoring Firewall
To restore your firewall use the iptables-restore command to restore IP Tables from a file called /root/myfirewall.conf, enter:
# iptables-restore < /root/myfirewall.conf

How Do I Block Large Number Of IP Address or Subnets?

You need to write a shell script as follows:

#!/bin/bash
_input=”/root/blocked.ip.db”
IPT=/sbin/iptables
$IPT -N droplist
egrep -v “^#|^$” x | while IFS= read -r ip
do
$IPT -A droplist -i eth1 -s $ip -j LOG –log-prefix “IP BlockList ”
$IPT -A droplist -i eth1 -s $ip -j DROP
done < “$_input”
# Drop it
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist

Click to rate this post!
[Total: 0 Average: 0]

IPMI useful commands

IPMI

yum install OpenIPMI

mkdir /root/temp/

cd /root/temp/

wget ftp://ftp.supermicro.com/utility/IPMICFG/ipmicfg_1.22.0_general_20150814.zip

unzip ipmicfg_1.22.0_general_20150814.zip

cd ipmicfg_1.22.0_general_20150814/linux/64biti/

chmod +x ipmicfg-linux.x86_64

to show IP Address:

# ./ipmicfg-linux.x86_64 -m

to show NETMASK:

# ./ipmicfg-linux.x86_64 -k

to show GATEWAY:

# ./ipmicfg-linux.x86_64 -g

 

ipmi error config:

[kcs] kcs_error:

[kcs] kcs_error_exit:

activate ipmi_devintf:

modprobe ipmi_devintf

Click to rate this post!
[Total: 0 Average: 0]