Saturday, 5 November 2016

Connect Mysql/Mariadb/Postgresql with Jboss 7 Application Server in Centos 7

Connect Mysql/Mariadb/Postgresql with Jboss 7 Application Server::
-------------------------------------------------------------------------------------------

Mysql and Mariadb datasource Connectivity with Jboss:

Please check the previous threads in the blog for Mysql/Mariadb/Postgres and Jboss Installations. Assuming  you have the above installations done, go ahead with the connectivity as follows::


Download the mysql-java connector "mysql-connector-java-5.1.30.zip"  from the url dev.mysql.com/downloads/connector/j/

# unzip mysql-connector-java-5.1.30.zip for the jar file
We will find "mysql-connector-java-5.1.30-bin.jar"

Create Jboss Module for mysql datasource directory as follows::

# mkdir /usr/share/jboss-as-7.1.1.Final/mysql/main/  -p

Copy jar file to the above directory

# cp /root/Downloads/mysql-connector-java-5.1.30/mysql-connector-java-5.1.30-bin.jar  /usr/share/jboss-as-7.1.1.Final/mysql/main/

will update shortly!!!!!!!!!!!

Thursday, 3 November 2016

Install JBoss 7.* in Centos 7::

Install JBoss 7.* in Centos 7::
======================

Install java first
# yum install java

Check the version of java installed
# java -version
java version "1.7.0_111"
OpenJDK Runtime Environment (rhel-2.6.7.2.el7_2-x86_64 u111-b01)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)

Download JBOSS AS 7
# screen  
# wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip

Unzip the zip file under /usr/share/
# unzip jboss-as-7.1.1.Final.zip -d /usr/share

Create a system user
# adduser jboss

Change ownership of the installation directory
# chown -fR jboss.jboss /usr/share/jboss-as-7.1.1.Final/

Switch user to the create user
# su jboss

Change to the bin directory
# cd /usr/share/jboss-as-7.1.1.Final/bin/

Create JBOSS Management users using the script (We can create as many users needed)
# ./add-user.sh

Start JBOSS server using the command
# ./standalone.sh -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0&

 Try accessing the JBOSS console in the browser::
http://localhost:9990/console/index.html

To stop the server  use the command::
./jboss-cli.sh --connect command=:shutdown

If you have issues in logging in with the user created. Follow the steps:

Open jboss-as-x.x.x.Final\standalone\configuration\mgmt-users.properties and delete the user ( delete the line which has the username you want to use, such as admin,etc)

Run jboss-as-x.x.x.Final\bin\add-user.sh to create new user as follows

    select user type a
    Realm (ManagementRealm) : ManagementRealm
    Username : linuxgeeknotes
    Password : password
    Re-enter Password : password

Wednesday, 2 November 2016

Postgres Installation in Centos 7 and configuration

Postgres Installation and Commands for system admins::
----------------------------------------------------------------------------------------------
 Postgressql installation is very easy and it completes in a single command

# yum install postgresql-server postgresql-contrib


Once the installtion is completed we can create a new PostgreSQL database cluster

# postgresql-setup initdb


Open the Host based authentication configuration file and edit the lines as follows::

# vi /var/lib/pgsql/data/pg_hba.conf

   
host all all 127.0.0.1/32 md5

host all all ::1/128 md5

# systemctl start postgresql

# systemctl enable postgresql

The installation procedure created a user account called postgres that is associated with the default Postgres role. In order to use Postgres, we'll need to log into that account as follows:

# sudo -i -u postgres 

You can get a Postgres prompt immediately by typing:

# psql

Exit out of the PostgreSQL prompt by typing:

    \q


Currently configured user roles can be seen using the command:

# \du

Version of PostgreSQL installed:

# SELECT version();
                                                   version                                                   
--------------------------------------------------------------------------------------------------------------
 PostgreSQL 9.2.15 on x86_64-redhat-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4), 64-bit
(1 row)



Command to see the  list of databases by running:


# psql -l


Some simple POSTGRESQL Commands


createuser --interactive --- to create user interactively
createuser test               --- creates user test
createdb test                  --- creates database test
      

-bash-4.2$ psql -d test  --- connects to database test
psql (9.2.15)
Type "help" for help.

test=# \conninfo           --- checks the database connection information
 

You are connected to database "test" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
test=#

To connect to a Postgresql server remotely follow the steps. If you want to connect from a particular network, add the following entry in the postgresql.conf and pg_bha.conf(Host based authentication configuration file )

# vi  /var/lib/pgsql/data/pg_hba.conf
host    all         all         192.168.101.20/24    trust

# grep listen /var/lib/pgsql/data/postgresql.conf
listen_addresses = '*'


Once the entries are added and the service restarted, you should be able to connect to postgresql server remotely as follows::

# psql -U postgres -h 192.168.102.1
Welcome to psql 8.1.11 (server 8.4.18), the PostgreSQL interactive terminal.
postgres=#


Default port of postgresql is 5432. If you want to change the port for postgresql edit the postgresql.conf file as follows::

# port = 5432  to port = 6969


Firewall entries to allow connections to the database 

# sudo firewall-cmd --permanent --zone=trusted --add-source=<Client IP address>/32

# sudo firewall-cmd --permanent --zone=trusted --add-port=5432/tcp

# sudo firewall-cmd --reload


Creating password for the postgres user

bash-4.2$ psql
psql (9.4.4)
Type "help" for help.

postgres=# \password
Enter new password:
Enter it again:
postgres=# \q


Command to login remotely to the database server as follows::

$ psql -h <Server IP Address> -p 5432 -U postgres -W
Password for user postgres:
psql (9.2.15)
Type "help" for help.




SSL Certificate installation in Apache and Nginx


SSL Certificate installation in Apache and Nginx::
=====================================

First step is to generate the CSR(Certificate Signing Request) for the domain

Apache Server SSL setup ::
------------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files
1. linuxgeeknotes_com.csr
2. linuxgeeknotes_com.key


Now contact the certificate provider with the csr file generated and they will verify the details provided and generate the cert file and CA bundle.

For apache webserver, we need to add the SSL certificate entries in the configuration files as follows::

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.linuxgeeknotes.com
SSLEngine on
SSLCertificateFile /path/to/linuxgeeknotes.crt
SSLCertificateKeyFile /path/to/linuxgeeknotes.key
SSLCertificateChainFile /path/to/linuxgeeknotes.crt
</VirtualHost>

Restart the service.



Nginx Server SSL Setup::
----------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files
1. linuxgeeknotes_com.csr
2. linuxgeeknotes_com.key


Now contact the certificate provider with the csr file generated and purchase the cert files. Concatenate the files to a single file named ssl-bundle.crt using the command as follows::

# cat www_linuxgeeknotes_com.crt DomainValidationSecureServerCA.crt AddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt


Add the SSL entries in the  configuration file as follows and restart the service::

server
{
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/linuxgeeknotes_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/linuxgeeknotes_com/linuxgeeknotes_com.key;

# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ...
}

Tuesday, 1 November 2016

Apache vs Nginx Webservers

Apache vs Nginx Webservers::
====================

>> If you need a high speed webserver to host a single website, NGINX is the best choice because it can handle much higher load of concurrent connections while using less resources. And if you are looking for a shared hosting, to host multiple websites on a shared web server, Apache webserver is more flexible.

>> Nginx is event driven and Apache is process driven

>> Nginx support newer frameworks, such as Node.js, Python/Django and also support  CGI/FastCGI  and alternative such as WSGI

>> Apache is best for traditional MySQL/PHP applications, such as WordPress or Drupal and in shared hosting to host many websites with different configurations per site through  .htaccess file

>> Apache has a variety of different modules, add-ons, and components and very well documented.

 As a server admin you can google and decide which one is best  for the client requirement. At the end of the day, the choice of the web server platform is entirely dependent on what you’re doing with the server.

Wednesday, 21 September 2016

Mail Server Setup to avoid SPAM/JUNK

Mail Server Setup to avoid SPAM/JUNK::
===============================
Make sure to setup rDNS,SPF,DKIM authentications on your mail server to avoid being marked as spam

1. rDNS setup

2. SPF 
SPF and SenderID allow a domain owner to add a file or record on the server that the recipient server cross-checks.
v=spf1 include:spf.linuxgeeknotes.com ?all

3. DKIM Authentication
DKIM and DomainKeys embed information within the email, making it harder to forge (but they can also be harder to implement for senders and receivers).

We can make the setups in the mail server dns zone file

Exim mail server configuration on Centos 7



What is Exim?

Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.

What is Dovecot?

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations.



UPDATE THE SYSTEM

First off, ssh to your server and initiate a screen session using the command below:

## screen -U -S exim-dovecot
once you’re in a screen session, update your CentOS 7 VPS using yum as in:

## yum update


ENABLE EPEL REPOSITORY

Enable EPEL repository on the CentOS system using:

## yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
if you get a 404 not found, go at http://dl.fedoraproject.org/pub/epel/7/x86_64/e/ and install the latest epel-release rpm package available.

check if EPEL has been enabled on your system using:

## yum repolist
once EPEL is enabled, install some useful tools using:

## yum install file perl-Mail-SPF.noarch openssl vim


GENERATE SSL CERTIFICATE

Since we are going to use SSL in Dovecot and Exim, we need to have an SSL certificate. You can purchase and use one of our GeoTrust SSL Certificates or you can create your own self-signed SSL certificate for mail.mydomain.com using the commands below:

## mkdir /root/SSL/mail.mydomain.com -p
## cd /root/SSL/mail.mydomain.com
## openssl req -nodes -x509 -newkey rsa:2048 -keyout mail.mydomain.com.key -out mail.mydomain.com.crt -days 365
Move the SSL certificate and key to /etc/ssl using:

## cp mail.mydomain.com.key mail.mydomain.com.crt /etc/ssl/


INSTALL AND CONFIGURE EXIM

Install exim on the CentOS 7 virtual server using yum:

## yum install exim
next, open /etc/exim/exim.conf with your favorite editor and configure exim as follows:

## cp /etc/exim/exim.conf{,.orig}
## vim /etc/exim/exim.conf

primary_hostname = mail.mydomain.com
domainlist local_domains = @ : mydomain.com

tls_advertise_hosts = *
tls_certificate = /etc/ssl/mail.mydomain.com.crt
tls_privatekey = /etc/ssl/mail.mydomain.com.key

auth_advertise_hosts = *
find the transport section and edit the following:

local_delivery:
  driver = appendfile
  directory = $home/Maildir
  maildir_format
  maildir_use_size_file
  delivery_date_add
  envelope_to_add
  return_path_add
scroll down the the authenticators section and add the following lines:

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
Start the EXIM MTA and add it to system’s startup using systemctl

## systemctl start exim
## systemctl status exim
## systemctl enable exim


Exim Commands::
==============
Email Count
exim -bpc

Email queue details
exim -bp

Email header details
exim -Mvh ID

Email body details
exim -Mvb ID

Email log details
exim -Mvl ID

Email count with sender details
exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n

Count of emails sent from a sender
exiqgrep -f sendername|grep "<"|wc -l

Count of emails sent to a particular email
exiqgrep -f recipient|grep "<"|wc -l

Delete mails from a particular sender
exim -bpr| grep sendername| awk '{print $3}'|xargs exim -Mrm

List of frozen mails
exim -bp|grep frozen|wc -l

Delete frozen mails
exim -bp|grep frozen|awk {'print $3'}|xargs exim -Mrm

Summary of emails in the queue
exim -bp|exiqsumm

Display what exim is doing now
exiwhat


INSTALL AND CONFIGURE DOVECOT
===============================
Install Dovecot on the system using yum

## yum install dovecot
Once installed, configure SSL in Dovecot by editing the following:

## vim /etc/dovecot/conf.d/10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/mail.mydomain.com.crt
ssl_key = </etc/ssl/mail.mydomain.com.key
next, allow plaintext authentication in /etc/dovecot/conf.d/10-auth.conf:

## vim /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login
configure mailbox location and type in /etc/dovecot/conf.d/10-mail.conf:

## vim /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir
Set-up Dovecot so that is allows Exim to use its authentication system in /etc/dovecot/conf.d/10-master.conf

## vim /etc/dovecot/conf.d/10-master.conf

service auth {
...
    unix_listener auth-client {
        mode = 0660
        user = exim
    }
}
Start Dovecot and add it to system’s start-up using:

## systemctl start dovecot
## systemctl status dovecot
## systemctl enable dovecot


CREATE SYSTEM USER

## useradd -m test
## passwd test

Tuesday, 20 September 2016

ffmpeg installation

ffmpeg installation::
==============

If you just want to install ffmpeg without php extension

Goto ffmpeginstaller.com

Download the autoinstaller
run ./install.sh.

It should work fine.


Friday, 2 September 2016

Mysql/Mariadb installation in fedora 24

Mysql/Mariadb installation in fedora 24::
============================
Mysql project is owned by Oracle now. Mysql and Mariadb are the widely used in web applications like joomla, wordpress, magento etc

In fedora we use dnf instead of yum. dnf is the future version of yum. Please follow the steps below

# dnf -y update
# dnf -y install mysql-server mysql
# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadb
# mysql

 Latest server version is 10.1.16 mariadb

Mysql tweaks::
===========

>> Mysql performs better in ext4 and xfs filesystem. Please check if you are using older file system versions.

>> Mysql performs better if the database is stored on a separate drive/partition. Make sure mysql database have a separate drive/partition if your server is a shared server.
# mount /dev/sdb1   /mysql/
# ln -s  /mysql/mysql  /var/lib/mysql

>> Check for sleep process
# mysqladmin processlist grep “Sleep”
set time out for sleep process in my.cnf so that it won't  take memory anymore
wait_timeout=60

>> Optimization of databases
# mysqlcheck -u root -p --auto-repair --check --optimize --all-databases
# mysqlcheck -u root -p --auto-repair --check --optimize databasename


>> Turn of reverse DNS lookup of clients and set max connections appropriately in my.cnf
skip-name-resolve
global max_connections := 300;

>> Use different tools like mysqltuner for performance tuning. You can try this by downloading from the below url::
https://github.com/search?utf8=%E2%9C%93&q=mysqltuner

LDAP configuration in centos 7

ldap set in centos 7::
===============

My virtual servers  with IP's as follows::
Server IP : 192.168.1.1
Client IP : 192.168.1.2

Please follow the steps below as follows in server and client for ldap configuration.

Server Configuration on 192.168.1.1
==========================
yum -y install *openldap* migrationtools
slappasswd
New password:
Re-enter new password:{SSHA}Gks7qu7ndsmwopjsfgbwr4b452b2b1n2K91T5rwt9ns0dfg
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in




Ldap configutaion files are located at  /etc/openldap/slapd.d/
Edit the file as follows::
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
olcSuffix: dc=linuxgeeknotes,dc=in
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/certs/linuxgeeknotescert.pem
olcTLSCertificateKeyFile: /etc/certs/linuxgeeknoteskey.pem

Now edit the file 

# vi /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
Edit the line starting with "olcAccess"
dn.base="cn=Manager,dc=linuxgeeknotes,dc=in" read by * none

Check the configuration using the command

slaptest -u
systemctl start slapd

systemctl enable slapd


Configuring ldap database


# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# chown -R ldap:ldap /var/lib/ldap/

Generate ldap certificate

# openssl req -new -x509 -nodes -out /etc/certs/linuxgeeknotescert.pem -keyout /etc/certs/linuxgeeknoteskey.pem -days 365

Create  object in ldap

Edit the file as follows::
# vi  /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "linuxgeeknotes.in";
$DEFAULT_BASE = "dc=linuxgeeknotes,dc=in";
$EXTENDED_SCHEMA = 1;

Create base.ldif file as follows.

# vi  /root/base.ldif

dn: dc=linuxgeeknotes,dc=in

objectClass: top
objectClass: dcObject
objectclass: organization
o: linuxgeeknotes in
dc: linuxgeeknotes

dn: cn=Manager,dc=linuxgeeknotes,dc=in
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: Group

Create users on the server.

# useradd lduser1
useradd lduser2
set password for both the users
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group

# ./usr/share/migrationtools/migrate_passwd.pl  /root/passwd  /root/users.ldif

# ./usr/share/migrationtools/migrate_group.pl /root/group /root/groups.ldif

# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/base.ldif

# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/users.ldif
# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/groups.ldif

 # ldapsearch -x cn=lduser1 -b dc=linuxgeeknotes,dc=in


Mounting ldap users home directories

# vi /etc/exports
/home *(rw,sync)
# yum -y install rpcbind nfs-utils
# systemctl start rpcbind
# systemctl start nfs
# systemctl enable rpcbind
# systemctl enable nfs


LDAP Client Configuration in 192.168.1.2

================================
# yum install -y openldap-clients nss-pam-ldapd
# authconfig-tui


1. Put '*' Mark on "Use LDAP"
2. Put '*' Mark on "Use LDAP Authentication"
3. Select "Next" and Enter.
4. Enter the server field as "ldap://192.168.1.1/"
5. Enter the Base DN Field as "dc=linuxgeeknotes,dc=in"
6. Select "OK" and Enter

You will be able to see the ldap user details using the command.
# getent passwd lduser1

Mount server home directory 
192.168.1.1:/home   /home   auto  defaults 0 0

Thursday, 18 August 2016

NAS backup setup in Linux

NAS backup setup in Linux::
====================

For setting up NAS backup, it should be supported by the OS.  CIFS should be enabled in the kernel. If not enabled, it can be enabled via kernel compilation, which comes under Network File Systems.

Make sure that cifs-util is installed on the box.

We need to mount the backup machine to run the backup or we will have to use the commands/protocols like ssh  to run the backup which won't be appropriate.

Use the nmap (network mapper) command to find the different host and the services running on the hosts.

nmap -sP

VMware 12 and Oracle VM Virtual Box

VMware 12 and Oracle VM Virtual Box Installation in Centos 7 and Windows 7
==========================================================

Creating virtual machines and managing them is simple via VMware Workstation Player.

Download the latest VMware Workstation player from VMware downloads ::

VMware download url::

https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0

Virtual Box download url::

https://www.virtualbox.org/wiki/Downloads

You will be able to download the latest version  for Windows and Linux distributions.  Download and  just execute the file which will guide you to complete the installation.

Run yum update in linux box before executing the file.

Once the VMware /Virtual Box  is installed we can now create virtual machines.. The gui will guide you the installation if you are a system admin.

Select the iso image of the OS to be installed and also the path  where the OS that has to be installed. Select a partition or a folder for the installation and assign memory for each installations. Try installing multiple OS as virtual machines.

If you need any help in the installation process, comment below and I will be more than happy to assist..

Thanks

Server Cloning via rsync

Server Cloning and Manual Backup::
===========================
rsync is a file sync application which is faster than copy commands and retains the permissions which is best suited to clone a live server or while restoring a server from the backup.

When running an rsync command, the first thing that should come after rsync is the desired switch or switches. Common switches include:

-r :Recursive; includes sub-folders
-a :Archive mode; includes sub-folders, while preserving permissions, groups, users, and times
-v :Verbose; the entire process is printed to the terminal rather than remain hidden
-e :Execute; calls upon an application required to make a connection, such as SSH
-c :Sync based on checksum – takes a while for a lot of files, or large files.
-z : compress file data
-h : human-readable, output numbers in a human-readable format
 --delete : If the destination have new files than source, it will be deleted
 --include : include particular files during rsync
 --exclude : remove particular files from rsync
 --progress : shows the progress during rsync
 --max-size='100' : only the files have the maxfile size or lesser will rsynced
 --remove-source-files : delete the source file after the rsync
 --bwlimit=100 : Set the bandwidth limit of the rsync.

Eg: rsync  switches  source destination
       rsync -aveczh /source/  /destination/

Please try to understand the following commands with the switches added.  These are just examples as you could understand if you understood the logic.

# rsync –r /home/source/ /home/destination/
# rsync –a /home/source/ /home/destination/
# rsync –av /home/source /home/destination/ # rsync –av ––delete /home/source/ /home/destination/
# rsync –av ––delete -e ssh root@192.168.1.2:/home/source/ /path/destination/
# rsync –av ––delete -e ssh root@targetipaddress:/remotesource/ /localdestination/
# rsync -zvh /source/backup.tar /destination/backups/
# rsync -avzh /home/source /home/destination/
# rsync -avzhe ssh --progress /home/sourcefile  root@192.168.1.2:/root/destinationfile
# rsync -avze ssh --include 'R*' --exclude '*' root@192.168.1.2:/var/lib/rpm/ /root/rpm
# rsync -avz --delete root@192.168.1.2:/var/lib/rpm/ .
# rsync -avzhe ssh --max-size='200k' /var/lib/rpm/ root@192.168.1.2:/root/tmprpm
# rsync --remove-source-files -zvh backup.tar /tmp/backups/
# rsync --bwlimit=100 -avzhe ssh  /var/lib/rpm/  root@192.168.1.2:/root/tmprpm/

Some of the backup applications that does cloning are as follows::
1. Clonezilla - debian linux
2. Partimage

Tuesday, 16 August 2016

Passwordless SSH keygen login and Bash History Logging

 Password-less SSH keygen login::
========================

Server : 192.168.1.1

# ssh-keygen -t rsa

This will generate 2 keys under the home directory.
1. /home/linuxgeeknotes/.ssh/id_rsa (private key)
2. /home/linuxgeeknotes/.ssh/id_rsa.pub (public key)

Client : 192.168.1.2

Copy the public key in  /home/linuxgeeknotes/.ssh/id_rsa.pub to the client's home directory who want to login with password.

# ssh-copy-id root@192.168.1.2
=======================
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.2's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.1.2'"
and check to make sure that only the key(s) you wanted were added.
=======================

You should be able to login without password now.

Disable ssh root login and allow login for a particular user only::
================================================
 Edit /etc/ssh/sshd_config and add the entries

PermitRootLogin no
AllowUsers user1
DenyUsers user2


Edit vi /etc/sudoers or visudo and add entry for user1 before logging out.

user1  ALL=(ALL)       ALL

Save and restart ssh.service

Now only user1 will be allowed to login to the server via ssh.


Bash History Logging::
=================
Usually when multiple terminals are opened simultaneously, the bash history will be over written by the last closed session.


Install psacct utility for process accounting. By default it get installed with GUI installation.
If you have done minimal installation then
# yum install psacct
# systemctl start psacct

The psacct  utilities for monitoring process,  activities are ac, lastcomm, accton and sa.

ac --> command displays statistics about how long users have been logged on.
lastcomm --> command displays information about previous executed commands.
accton --> command turns process accounting on or off.
sa --> command summarizes information about previously executed commands.

# ac -p    --> Prints connected time in hours by each user
# lastcomm --user linuxgeeknotes
# lastcomm --command  rm

Amanda Backup Server & Client Configuration on Centos 7 Server::

Amanda Backup Server & Client Configuration on Centos 7 Server::
=================================================

Setting up Amanda Backup Server on Centos 7

Install EPEL repository
#yum install epel-release


Set up the hostname on Amanda Server
#nmtui
or
#hostnamectl set-hostname amanda-server
#vi /etc/hosts
ip address amanda-server amanda-server.centos.com

Update the Centos OS
#yum update

Install Amanda Server
#yum install amanda*

Install Add on Packages
# yum install xinetd gnuplot perl-ExtUtils-Embed

Start Xinetd Service
# service xinetd restart
# service xinetd status

Done Amanda Installation
# amadmin --version

 Amanda Configurations Setup

Make some directories
# mkdir -p /amanda /etc/amanda
# chown amandabackup /amanda /etc/amand

Now switch to your 'amandabackup' user
and run the following commands.
# su amandabackup
# mkdir -p /amanda/vtapes/slot{1,2,3,4}
# mkdir -p /amanda/holding
# mkdir -p /amanda/state/{curinfo,log,index}
# mkdir -p /etc/amanda/MyConfig

Edit Amanda.conf file
#vi /etc/amanda/MyConfig/amanda.conf

Add the following lines as such

org "MyConfig"
infofile "/amanda/state/curinfo"
logdir "/amanda/state/log"
indexdir "/amanda/state/index"
dumpuser "amandabackup"

tpchanger "chg-disk:/amanda/vtapes"
labelstr "MyData[0-9][0-9]"
autolabel "MyData%%" EMPTY VOLUME_ERROR
tapecycle 4
dumpcycle 3 days
amrecover_changer "changer"

tapetype "TEST-TAPE"
define tapetype TEST-TAPE {
length 100 mbytes
filemark 4 kbytes
}

define dumptype simple-gnutar-local {
auth "local"
compress none
program "GNUTAR"
}

holdingdisk hd1 {
directory "/amanda/holding"
use 50 mbytes
chunksize 1 mbyte
}

Now, we need to add a 'disklist' file with a single disk list entry (DLE). The 'disklist' file determines which disks will be backed up by Amanda. The file contains includefile directive or disklist entry. General usage was to describe a DLE as a partition, or file system.

#vi /etc/amanda/MyConfig/disklist
Type the following

localhost /etc simple-gnutar-local

Save and close the file

Check Amanda Configuration
# amcheck MyConfig

Run Test Backup
#amdump MyConfig
It will take some seconds but no output would be there

#echo $?

You will get "0" as output"

#amreport MyConfig

Amanda Backup Scheduling
#crontab -e

Type the following
0 17 * * * amandabackup /usr/sbin/amcheck -m MyConfig
15 2 * * * amandabackup /usr/sbin/amdump MyConfig

Exit from User
#exit

Amanda Backup Client Installation
# yum install amanda-client xinetd
# vi /var/lib/amanda/.amandahosts

 amanada_server amandabackup


Some of the Amanda Commands are as follows::
===============================
# amadmin --version
# amcheck -s all
# amcheck -c all
# amdump all
# amadmin all tape
# amflush -f all 
# amadmin all find ivie /usr/people | head -6 

Grub Installation to dual boot windows 7 and centos 7 with GUI ::

Grub Installation to dual boot windows 7 and centos 7 :
=========================================

1. First Install Windows 7
2. Then Install Centos 7 in the free space available.


After Centos 7 Installation, system will automatically boot to Centos 7. We need to manually install grub2  to see the windows installation. Follow the exact steps below to install grub2.

#cd /boot/grub2
#ls -l
#cat device.map
#head grub.cfg
Edit the file /etc/default/grub as below::
#vi /etc/default/grub

GRUB_TIMEOUT=10
GRUB_DISABLE_LINUX_UUID="true"

Then generate /boot/grub2/grub.cfg using the tool grub2-mkconfig

grub2-mkconfig -o /boot/grub2/grub.cfg

Now remove the line GRUB_DISABLE_LINUX_UUID="true" from /etc/default/grub

Again run grub2-mkconfig -o /boot/grub2/grub.cfg

Dual boot windows7 and centos 7
---------------------------------------------------------
# fdisk -l | grep "Disk /dev"
# blkid  --  to see the block device attributes
we can see windows 7 in /dev/sda1 which is hd0,1 in grub2

# cat /boot/grub2/grub.cfg | grep msdos
Create the file /etc/grub.d/15_windows7 as follows::

# vi /etc/grub.d/15_windows7
! /bin/sh -e
echo "Adding Windows 7" >&2
cat <<EOF
menuentry "Windows 7" {
set root=(hd0,1)
chainloader +1
}
EOF

chmod +x /etc/grub.d/15_windows7
rerun grub2-mkconfig -o /boot/grub2/grub.cfg

If we want to make windows7 as default then run
grub2-set-default 2

GUI Installation in Centos 7::
=====================
# yum groupinstall "GNOME DESKTOP" "Graphical Administration Tools"
# yum update --exclude=kernel*

Command to boot directly to GUI in Centos 7
#  systemctl set-default graphical.target
#  systemctl start graphical.target
#  systemctl list-units (to see the installed services)