Jun 10 2007

HOWTO: Install fuse + sshfs on CentOS Linux

Tag:tepezcuintle @ 15:34

HOWTO: Install fuse + sshfs on CentOS Linux June 8, 2006
Posted by devhen in CentOS, HOWTO, Linux. trackback

UPDATED Dec-19-2006:

NOTE: These instruction are for CentOS 4.

The apt-get method of installing sshfs that I had posted here previously did not work for me. I got this error when trying to mount an ssh drive:

shfsmount: shfs filesystem not supported by the kernel

So, I set out to find a different method of installing sshfs (and fuse, which it requires). One, preferably, that would actually work. Well, I found one. Its not the most elegant solution but its effective.

First, download a copy of the fuse source rpm:

wget http://www.devhen.net/centos/fuse-2.6.0-1.src.rpm

Next, install the source rpm and then build the proper fuse rpm’s from the .spec file:

rpm -ivh fuse-2.6.0-1.src.rpm
rpmbuild -bb /usr/src/redhat/SPECS/fuse.spec

Next, install the rpms that you have built:

cd /usr/src/redhat/RPMS/i386 (replace ‘i386′ with your arch, if necessary)
rpm -Uvh fuse-2.6.0-1.i386.rpm fuse-kernel-2.6.0-1.i386.rpm fuse-libs-2.6.0-1.i386.rpm fuse-devel-2.6.0-1.i386.rpm

Now you can install the sshfs-fuse rpm:

wget http://www.devhen.net/centos/sshfs-fuse-1.6-2.i386.rpm
rpm -ivh sshfs-fuse-1.6-2.i386.rpm

** You can try building the sshfs-fuse rpm from its source package if your not on i386**

Now comes the ugly part… For some reason the system can’t find the fuse module after installing these packages. So, head over to the fuse project homepage and download fuse-2.6.0.tar.gz. Unpack it and then

./configure
make
make install

and you should be in business. As I said, this is not an elegant solution because you are installing fuse from the tar.gz file on top of the fuse rpms. However, it works for me and that’s all that matters right now because I really needed to mount some ssh drives on my workstation. ;)

Mount an ssh drive like so:

sshfs user@remotesystem:/path/you/want/to/mount/ /mnt/mount-point/ -o allow_other

Don’t forget the trailing /’s on both the source folder and the mount point. -o allow_other will give all users access to the mounted drive. Type sshfs -h for a list of all of sshfs’ options.

May 15 2007

Things to do when your server refuses to work.

Tag:tepezcuintle @ 16:29
Table of contents
1 Things are missing

1.1 Missing Files
1.2 Missing Libs
1.3 File Permissions

2 networking

2.1 firewall checks
2.2 Crappy Connections

2.2.1 ping to a remote host
2.2.2 traceroute
2.2.3 /sbin/ifconfig

3 Bandwidth Useage

3.1 /sbin/ifconfig
3.2 sar
3.3 netstat
3.4 tcpdump/ethereal
3.5 using iptables

4 Programs Crashing

4.1 Crash Catchers
4.2 strace
4.3 ltrace
4.4 gdb

4.4.1 debuginfo packages
4.4.2 core files

5 Config file problems

5.1 Finding the config files

5.1.1 finding config files with rpm
5.1.2 strace
5.1.3 documentation

5.2 Verifying the Config Files

5.2.1 diff’ing against known good files
5.2.2 look for for .rpmnew or .rpmorig files.
5.2.3 stat/ls

5.3 The config file has changed but the app is ignoring it

5.3.1 is it the correct config file?
5.3.2 is it a daemon?
5.3.3 shell config?

6 Something isnt writing to disk

6.1 out of space
6.2 out of inodes
6.3 file permissions
6.4 ACL’s
6.5 selinux
6.6 quotas
6.7 read-only mounts
6.8 read only media
6.9 chattr/lsattr

7 files doing weird stuff

7.1 hidden characters
7.2 ending new line
7.3 trailing spaces

8 Enviroment settings

8.1 Things work as user/not root, or vice versa

8.1.1 X forwarding

8.1.1.1 Authorization

8.2 env
8.3 su -

9 shell scripting

9.1 echo
9.2 sh -x
9.3 trap
9.4 bash debugger

10 DNS/name resolution

10.1 useage of dig
10.2 /etc/hosts
10.3 nscd
10.4 /etc/nsswitch.conf
10.5 wildcard dns names and hostname typos

11 auth info and name services

11.1 getent
11.2 ypwhich/ypmatch/ypcat

12 certificate/crypto issues

12.1 ssl CA certs
12.2 gpg keys/signatures
12.3 rpm gpg keys
12.4 ssltool
12.5 curl

13 Network File Systems

13.1 NFS causes weird issues

13.1.1 timestamps
13.1.2 perms/rootsquash/etc
13.1.3 weird inode caching

13.2 samba

13.2.1 it touches windows stuff, icky

14 Some app/apps is rapidly forking shortlived process

14.1 psacct
14.2 sar -X
14.3 watching pids grow/ps

Continua”Things to do when your server refuses to work.”

Apr 25 2007

How to encrypt Shell scripts

Tag:tepezcuintle @ 16:48

Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn’t have a “ps -ef” loop running in an attempt to capture that sensitive info (though some applications mask passwords in “ps” output). There is a program called “shc” that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument.
Download shc (http://www.datsi.fi.upm.es/~frosal/) and untar it:

tar -xzvf shc-X.X.tgz
cd shc-X.X/
make
make install

A binary named “shc” will be created along with some test programs. Let’s give it a try.

Create a file called: “script.sh” and add the following contents:

############################### script.sh ##############################
#!/bin/sh

echo “I love Duane’s articles and will send him a donation via PayPal.”

############################### script.sh ##############################

Now run the command:

shc -f script.sh

The switch “-f” specifies the source script to encrypt. The above command will create two files: script.sh.x.c and script.sh.x.

The program “shc” creates C source code out of your shell script then encrypts it (script.sh.x.c). The encrypted shell script is: script.sh.x. Run that binary and see the output:

./script.sh.x
I love Duane’s articles and will send him a donation via PayPal.

Now copy the original “script.sh” file to a floppy disk or some other system for backup or in case you need to edit it in the future. Then, delete it from the server and delete the “script.sh.x.c” file it creates.

Neat feature

You can also specify a time limit on the shell script so that it will no longer execute after a certain date and you can specify a custom message to echo back to the user. Run this command on the “script.sh” file we created earlier in this tut:

shc -e 09/10/2004 -m “Dude it is too late to run this script.” -f script.sh
./script.sh.x
./script.sh.x has expired!
Dude it is too late to run this script.

In the above command the date October 9, 2004 is set as the expiration date (-e 09/10/2004) and the custom message was set to display to the user (-m “Dude it is too late to run this script.”) when the binary is executed. Note the date format is dd/mm/yyyy.

Check out the man pages for more info on “shc”. Remember that the binary is only encrypted on the local system. If you encrypt a script that transmits sensitive information in clear text across a network, you will need some other encrypted communication channel to transmit that information.

Apr 25 2007

Bash passing arguments with getops

Tag:tepezcuintle @ 16:38

Today I was writing some scripts, and in every script I wanted something to handle all input arguments, in a good way, so I could pass my arguments in any order and my program would know about it.

I used ‘getopts’ before, but this time I decided to write some stuff here about it.

Let me show you how useful it can be:

Let’s suppose that I’m writing a test script, that needs, as argument, the type of the test, the server, the server root password and for debugging purpose we’re going to have a verbose flag too. So, putting it down:

  • “-t” - the type of the test, let’s suppose we have “test1″ and “test2″
  • “-s” - the server
  • “-p” - the root password of the server
  • “-v”- a flag just to let the script run in a verbose mode

Ok, now how we’re going to write this script and parse these arguments? We can use the harder way, fixing an order and parsing it by hand at the script, something like this:

salveti@evalap /tmp/scripts $ cat test_script.sh
#!/bin/bash
# Argument order = -t test -r server -p password -v
TEST=$2
SERVER=$4
PASSWD=$6
if [[ $# -gt 6 ]]
then
    VERBOSE=1
else
     VERBOSE=2
fi

Alright, this works, but if you want to run the script with the arguments in a different way? Or if you forget and put it in the right order? It’ll not work, so, this is an ugly solution.

Ok, but how can you deal with arguments not worrying about the order and if needs an argument or not? Getopts is the answer ;)

Let’s see how we can write the script using getopts and them we explain how it works.

The new script (it’s bigger, I’ll explain why):
#!/bin/bash
# Argument = -t test -r server -p password -v

usage()
{
cat << EOF
usage: $0 options

This script run the test1 or test2 over a machine.

OPTIONS:
   -h      Show this message
   -t      Test type, can be ‘test1′ or ‘test2′
   -r      Server address
   -p      Server root password
   -v      Verbose
EOF
}

TEST=
SERVER=
PASSWD=
VERBOSE=
while getopts “ht:r:p:v” OPTION
do
     case $OPTION in
         h)
             usage
             exit 1
             ;;
         t)
             TEST=$OPTARG
             ;;
         r)
             SERVER=$OPTARG
             ;;
         p)
             PASSWD=$OPTARG
             ;;
         v)
             VERBOSE=1
             ;;
         ?)
             usage
             exit
             ;;
     esac
done

if [[ -z $TEST ]] || [[ -z $SERVER ]] || [[ -z $PASSWD ]]
then
     usage
     exit 1
fi

In this script I created a usage function, just to help you explaining all arguments.

Then, we can see the getopts’ call while getopts "ht:r:p:v" OPTION, this is the main point of the script, it’s how we deal with arguments using getopts. Getopts require an optstring and a var name, just to help you checking the arguments.

When you call getopts, it will walk in your optstring argument, identifying which argument needs a value and which don’t. After getting an argument, getopts set the OPTION var, so you can check it using a case code block, or something like that. If your argument needs a value, getopts will set the var $OPTARG with the value, so you can check and see if it’s what you were expecting (in this example, check if the test argument is passed with “test1″ or “test2″). Easy hã?

Ok, but what is this “:” doing in the arguments? And why the arguments “h” and “t” are together?

This is an import point of getopts. You can use “:” in two cases, one when you want getopts to deal with argument’s errors, and another to tell getopts which argument needs a value.

First, the error checking. When you pass the arguments to getopts in the optstring, getopts will only check what’s there, so if you pass an argument that’s not listed at optstring getopts will give an error (because it’s not a valid argument). When you put “:” at the beginning of the optstring, “:ht:r:p:v” for example, getopts sets the OPTION var with “?” and the $OPTARG with the wrong character, but no output will be written to standard error; otherwise, the shell variable $OPTARG will be unset and a diagnostic message will be written to standard error (./test_script.sh: illegal option — l, if you pass the argument -l, for example).

Second, how to tell getopts which argument needs a value. When you need an argument that needs a value, “-t test1″ for example, you put the “:” right after the argument in the optstring. If your var is just a flag, withou any additional argument, just leave the var, without the “:” following it.

So, in the example, you can see that I’m leaving the error checking to getopts, the vars “t”, “r”, “p” needs a value and “v” is just a flag.

To finish the script, we have a var checking, just to see if all vars that needs a value are not empty.

And, that’s it. For now, you can try making a new script and playing with it a little, it’s not so hard and can help you very much when writing new scripts :)

Apr 12 2007

Installing and configuring OpenLDAP for RedHat Enterprise Linux3

Tag:tepezcuintle @ 3:00

Original Link

(SimpleBind + SSL/TLS/start_tls + without-sasl + automount + netgroup + sudo + apache)

(See also related documents at http://web.singnet.com.sg/~garyttt/)

Credits: OpenLDAP is an OpenSource product brought to us by the OpenLDAP coreteam.

http://www.openldap.org/project/

Last Updated: 15-Sep-2006

Purpose:

This document describes the steps involved in installing and configuring an OpenLDAP Directory Server on RedHat EL3. This is to be accessed by RedHat or Solaris8/9 LDAP Client. Many useful productivity UNIX Shell scripts are also provided in this document.

Continua”Installing and configuring OpenLDAP for RedHat Enterprise Linux3″

Mar 09 2007

How to manually update Daylight Savings Time US update. Redhat 7.3 and up

Tag:tepezcuintle @ 18:35

Original Link

Also from IBM.

Let’s see if I can make this a little simple. I have just finished updating my Red Hat 9 servers, Fedora 6 notebook and all my Windoze machines.

Let’s start off by clearing up some misconceptions. NTP only sets the UTC time on the computer, the timezone files will display this time in the correct time zone for your region.

Newer, supported distros will have glibc updates ready for the timezone change. Un-supported distros as in Red Hat 9 need a little work.

On my servers, I used

#zdump -v /etc/localtime | grep 2007

to verify the 2007 timezone settings. Mine showed April 1st as the date of change… and not March 11.

I went to http://www.twinsun.com/tz/tz-link.htm and downloaded tzdata2006p.tar.gz. I un-tared this file into a temp directory and executed

# zic -d /tmp/zoneinfo northamerica

to compile the timezone data files. I then copied the EST5EDT file to /usr/share/zoneinfo/ directory and America/Montreal file into /usr/share/zoneinfo/America directory. Doing a quick test will make sure these new files are good.

# zdump -v /usr/share/zoneinfo/EST5EDT | grep 2007
# zdump -v /usr/share/zoneinfo/America/Montreal | grep 2007

lastly I linked the localtime file

# ln -fs /etc/localtime /usr/share/zoninfo/EST5EDT
# zdump -v /etc/localtime | grep 2007

the expected output should look a little like thi

/etc/localtime Sun Mar 11 06:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 EST isdst=0 gmtoff=-18000
/etc/localtime Sun Mar 11 07:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 EDT isdst=1 gmtoff=-14400
/etc/localtime Sun Nov 4 05:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 EDT isdst=1 gmtoff=-14400
/etc/localtime Sun Nov 4 06:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 EST isdst=0 gmtoff=-18000

Hope this helped.

BTW, If you want to update Windoze,I used tzedit.exe to get this to work.

Scott

Continua”How to manually update Daylight Savings Time US update. Redhat 7.3 and up”

Feb 14 2007

Retriving files with wget cheat guide

Tag:tepezcuintle @ 19:52


Wget is a network utility to retrieve files from the Web using http and
ftp, the two most widely used Internet protocols . It works non-interactively, so it will
work in the background, after having logged off. The program supports recursive retrieval
of web-authoring pages as well as ftp sites. You can use wget
to make mirrors of archives and home pages or to travel the Web like a WWW robot.



Continua”Retriving files with wget cheat guide”

Feb 14 2007

Mirror a site using wget .

Tag:tepezcuintle @ 19:40

Recently i needed to download a bunch of RPM files for the kolab.org site that were on a directory. The install guide for the kolab server demanded to have all the rpm’s listed on that directory to be able to run the install. I didn’t want to download each rpm by pasting the URL and then using wget to download the file. I remembered that there was a way to mirror a web directory including all files inside the directory with wget but i forgot the correct syntax and I came across this guide.

Here is the command

[root@nycentos sources]# wget –mirror -w 2 -P /root/kolab/ http://max.kde.org:8080/mirrors/www.erfrakon.de/projects/kolab/download/ftp.kolab.org/server/release/kolab-server-2.0.4/sources/

and here is the guide.

Continua”Mirror a site using wget .”

Feb 12 2007

Setting up a Lab to learn Hacking and Security using VMWare

Tag:tepezcuintle @ 22:37

Virtualization is a method of using "logical" computers as opposed to using physical ones. To simplify my last statement, this means that you can install a virtual computer to run on your physical box as if it were an application. While there are a few virtualization software vendors in the market, the 2 main players are VMware

Continua”Setting up a Lab to learn Hacking and Security using VMWare”

Feb 12 2007

A Virtual Lab with VMWare Player

Tag:tepezcuintle @ 22:31

For some time i have been playing with the VMWare player , a tool available for free from vmware.
The tool allows you to run virtual machines without you having to buy VMWare workstation.

http://www.vmware.com/products/player/

The only problem is that you can only use existing machines. You can’t create machines.
Still there are some Virtual Machines for free that you can try and test. They are a great way to test linux servers and configure stuff on them. For example I build an email server at work running qmail and it is actually working sending and receiving email, but the only problem I have so far is keeping the time on my virtual machine.

The time runs either too fast or too slow. one of the issues is that you need the VMWare tools that come with the VMWare workstation to keep the time synchronized with the guest virtual machine.

I tried other hackes but the clock always runs very slow.

I did some googling and even after using the VMWare tools some people are still having issues keeping time with Linux virtual machines running the 2.6 kernel.

here is some info from VMWare regarding time sync.

Continua”A Virtual Lab with VMWare Player”

« Previous PageNext Page »