Monday, April 29, 2013

RAID 1+0 Configuration in HP Servers

Let’s see what is RAID1+0 and how can we configure RAID1+0 in a HP Server. RAID 1+0 is mixture of RAID 0 (Stripping) and RAID 1 (Mirroring). It also delivers the benefits of both in a single system. As you can see in the picture, it stripes the mirrored drives.  Thus, it will have the security of mirroring all data on another set of drives while striping of each set of drives to increases the data transfer speed. RAID 1+0 is the perfect solution for the servers running databases and high availability applications which demands data read/write efficiency and high fault tolerance. RAID 1+0 requires minimum four drives.
Power on the server and wait for the Array Controller ROM utility to prompt you to press F8 to run RAID configuration.
Press F8 to enter the utility then you will get the Array controller utility to create logical drives. Select Create logical drive and press Enter
Press Enter to create the logical drive.

Press F8 to Save the configuration. This will create the RAID 0 Logical Drive.
Press Enter to continue. That will take you to the main menu again. It is good to verify the Logical drive we created. For that select View Logical Drive and press Enter

That will show you the logical drive you have just created. Since I have selected all eight Physical disks (146GB each disk) available, for this logical drive we have got 546 TB capacity. Since it will mirror you will get only the half size of the total capacity of the drives. You can select the Logical Drive and press  Enter to see the physical disk array(total number of disk used in this RAID 1+0 local drive.When you quit from the utility server will continue the boot process.
Posted by at No comments:

Setup a logon banner for ssh clients to see when they login

SSH (Secure Shell) is a protocol for creating a secure connection between two computers. The secure SSH connection provides authentication and encryption. In the SSH server, it is possible to configure logon or welcome banner with the use of the Banner directive in /etc/ssh/sshd_config file.The Banner directive is only available for ssh protocol version 2 and by default there are no banner configured.
Configutration
1.       Create a banner file. (e.g. /etc/banner) using vi editor.
# vi /etc/banner
**********************************
                                ******** WELCOME TO REDHAT *******
**********************************
  1. Configure the ssh configuration file  /etc/ssh/sshd_config file and add the line Banner /etc/banner  to it.
# vi /etc/ssh/sshd_config
Banner /etc/banner
  1. Restart sshd daemon for the changes to take effect
# service sshd restart
Example
If we are accessing server using ssh , message will appear as follows:
[root@mail ~]# ssh 10.30.32.206
**********************************
*********WELCOME TO REDHAT********
**********************************
root@10.30.32.206's password:
Posted by at No comments:

Sunday, April 28, 2013

Monitor user activity using sudo and sudosh2

Note: I used UBUNTU 12.04TLS 64Bit machine to test this.

1. Change the password of ALEXANDER and do not share with anyone.
2. Now download sudosh2-1.0.4.tgz and install as instructed below

# tar zxvf sudosh2-1.0.4.tgz
# cd sudosh2-1.0.4
# CFLAGS="-D_GNU_SOURCE" ./configure
# make
# sudo make install

3. Create four users SURESH,NARESH,YOGESH and NAGESH
 
# sudo adduser SURESH
# sudo adduser NARESH
# sudo adduser YOGESH
# sudo adduser NAGESH

4. Create one GROUP say DEVELOPERS

# sudo groupadd DEVELOPERS

5. Add users SURESH,NARESH,YOGESH and NAGESH to Secondary Group DEVELOPERS

#sudo usermod -a -G DEVELOPERS SURESH
#sudo usermod -a -G DEVELOPERS NARESH
#sudo usermod -a -G DEVELOPERS YOGESH
#sudo usermod -a -G DEVELOPERS NAGESH

6. Open /etc/sudoers file and make below changes

Defaults        env_reset
Defaults        syslog=auth
Defaults>root   !set_logname
Defaults        log_year, logfile=/var/log/sudo.log
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Cmnd_Alias SUDOSH = /usr/local/bin/sudosh

root    ALL=(ALL:ALL) ALL

%DEVELOPERS  ALL=(ALEXANDER) SUDOSH

%sudo   ALL=(ALL:ALL) ALL

This will enable the sudo log which can be found at /var/log/sudo.log
Allowing users /usr/local/bin/sudosh command only to use with ALEXANDER user.


Note: Be very careful with this file especially when you are in UBUNTU system. If you mess up with this file, there is no other option than rebooting the system and booting it in recovery mode to fix the file if you dont have policykit-1 installed.For safer side please install...
# sudo apt-get install policykit-1

7. That's it done! We are good to test this...
Login as SURESH or any one from DEVELOPERS group.
Once you get the prompt Enter..

# sudo -u ALEXANDER sudosh

will be asked for the SURESH passwd. provide it and you are in.

check with id command you should see ALEXANDER details.

# id  
uid=1000(ALEXANDER) gid=1000(ALEXANDER) groups=1000(ALEXANDER),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin),112(sambashare)

You will find the logs at below location
Open a new session and login as ALEXANDER or a user who belongs to sudo group.
# cd /var/log/sudosh
# sudo ls -ltrh
-rw------- 1 ALEXANDER ALEXANDER   81 Oct 12 10:33 SURESH-ALEXANDER-time-1350063234-YTvv0lB4sLtImfI3
-rw------- 1 ALEXANDER ALEXANDER  196 Oct 12 10:33 SURESH-ALEXANDER-script-1350063234-YTvv0lB4sLtImfI3

Now you got two options to see this file either you use

# tail -f SURESH-ALEXANDER-script-1350063234-YTvv0lB4sLtImfI3

you will get all details that to live if SURESH is still logged into ALEXANDER.
or use

# sudo sudosh-replay SURESH-ALEXANDER-script-1350063234-YTvv0lB4sLtImfI3 1 2

You will see Action Replay!
Posted by at No comments:

Httpd Status Codes

Informational   1xx
Successful      2xx
Redirection     3xx
Client Error    4xx
Server Error    5xx

100 Continue
101 Switching Protocols
102 Processing (WebDAV) (RFC 2518)
103 Checkpoint
122 Request-URI too long (Microsoft/IE7)
--------------------------------------------
200 OK
201 Created (+ etag)
202 Accepted
203 Non-Authoritative Information
204 No Content (no body)
205 Reset Content (reset view)
206 Partial Content (+ range header)
207 Multi-Status (WebDAV) (RFC 4918)
226 IM Used (RFC 3229)
--------------------------------------------
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other (since HTTP/1.1)
304 Not Modified
305 Use Proxy (since HTTP/1.1)
306 Switch Proxy (no longer used)
307 Temporary Redirect (since HTTP/1.1)
308 Resume Incomplete
--------------------------------------------
400 Bad Request
401 Unauthorized
402 Payment Required (future)
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict (with the resource)
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
418 I'm a teapot (RFC 2324)
420 Enhance Your Calm (Twitter API)
422 Unprocessable Entity (WebDAV) (RFC 4918)
423 Locked (WebDAV) (RFC 4918)
424 Failed Dependency (WebDAV) (RFC 4918)
425 Unordered Collection (RFC 3648)
426 Upgrade Required (RFC 2817)
428 Precondition Required (RFC 2616 pending)
429 Too Many Requests (RFC 2616 pending)
431 Request Header Fields Too Large
444 No Response (Nginx)
449 Retry With (Microsoft)
450 Blocked by Windows Parental Controls (Microsoft)
499 Client Closed Request (Nginx)
--------------------------------------------
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
506 Variant Also Negotiates (RFC 2295)
507 Insufficient Storage (WebDAV)(RFC 4918)
509 Bandwidth Limit Exceeded (Apache)
510 Not Extended (RFC 2774)
511 Network Authentication Required  (RFC 2616 pending)
598 Network read timeout error (Informal convention) 
599 Network connect timeout error (Informal convention)
Posted by at No comments:

Friday, April 26, 2013

Send mail when cron fails in Linux server

$ crontab -e
At the top of the file, enter:
MAILTO=”support@urmail.com”
Posted by at No comments:

Setting Root login email alert on a Linux server

How to set up a root login alert

 vi /root/.bashrc
 echo ‘ALERT – Root Shell Access MY  SERVER on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” email@gmail.com
Posted by at No comments:

Find Apache last restart time

[root@devel]# /etc/init.d/httpd status | grep Restart
Restart Time: Fri Apr 26 01:43:23 MDT 2013
 [root@devel]#
Posted by at No comments:
Subscribe to: Posts (Atom)