~sagar

Linux is lousy for games, Windows is a memory hog, OSX will force you get a Liberal Arts degree and recycle… but, I digress. We’re here to dispel the myths, not spread them.

By the way, have any Qs like…

. Linux is great, too bad there aren’t any good applications.

. I can’t play Half Life 2, Prey, or World of Warcraft on Linux

Check the links down.

Desktop | CrossOver 6.0.0

I have been looking for something like this. No downloads or setting changes necessary. Quick reference sheet on how to type lesser used, but often needed symbols and characters.

read more

Obviously Linux Sys-Admins too!

I feel it’s a good deal shown up by Sandra.

Sandra Henry-Stocker has been administering Unix systems for nearly 18 years. She describes herself as “USL” (Unix as a second language) but remembers enough English to write books and buy groceries. She currently works for TeleCommunication Systems, a wireless communications company, in Annapolis, Maryland, where no one else necessarily shares any of her opinions. She lives with her second family on a small farm on Maryland’s Eastern Shore. Send comments and suggestions to sandra@toadmail.com.

New Years celebrations have been going on for as long as 4,000 years. Some historians date them back to the ancient Babylonians welcoming the return of Spring. And New Years resolutions have probably been made throughout these years. While their success rate does not seem to have improved over the millennia, the practice has still not lost its appeal and the beginning of each new year is a time when many people will be thinking about what they want to improve both in their personal lives and in their jobs. So, what are some likely resolutions for Unix sysadmins? Here are a dozen worth considering.

Learn a new skill: Maybe you’ve put off learning Perl, Python, Ruby, MySQL, PHP or Java. If so, then now while the new year is yet young, set yourself a goal of learning a new language in the next twelve months. If you don’t like working completely on your own, consider community college or online courses as a cost effective alternative. Take a look at O’Reilly’s Learning Lab. Self-training can work if you get yourself a good book and stick to it, working through all of the exercises, but you will probably have an easier time learning a new skill if you start off with a firm goal of completing some kind of project related to your work or personal interests.

Be more diligent about security patches: Establish a schedule for routine application of security patches on the systems you manage and make an effort to stay informed of newly discovered security issues. Sign up for newsletters and alerts from your system vendors and set up a regular weekly time for reviewing them and highlighting any actions that you might need to take to keep your systems secure and up-to-date.

Change your root passwords!: If you’ve been using the same passwords on your servers for all of 2005 (or longer), change them now and commit to setting new passwords every 3-6 months. And make sure the passwords that you select are neither easy to guess nor impossible to remember. At some of the places I’ve worked over the years, root passwords were stored in a safe where they could be accessed by the sysadmins or management as needed. At other places, root passwords were stored in an encrypted file so that, if a sysadmin forgot the password to one of many servers, he could retrieve it while the passwords remained unavailable to non-authorized users.

Work Smarter: Organize your work so that you spend less time moving between assignments. Find ways to combine tasks. Reduce the number of times that you have to deal with any single issue.

Document Everything: Don’t leave important processes dependent on the skill set or memory banks of one individual — even if that one individual is you! Compile all of the critical aspects of managing your network or your servers into a reliable repository of system knowledge. You never know when you or someone else will want to move on to a new assignment. Leaving good documentation means someone else can follow in your footsteps and you can move forward with a clean conscience.

Find a better job or make your current job better: Be honest with yourself about what you like and don’t like about what you’re currently doing. Make a list of those things that you’d like to improve and then ask yourself how you might go about making those improvements.

Learn Linux: If you’re working on some other Unix platform and have little or no experience with Linux, dedicate some time to working on a Linux system. One of the PCs that I have at home is running Linux. I bought it on eBay for about $50 — a very small investment — and installed Fedora Core. I can’t imagine a better use for a Pentium III.

Learn the basics of IPv6: I’ve heard we won’t need to switch until 2025, but it’s not too early to start anticipating what the future of the Internet is going to look like.

Get yourself certified: There are lots of certifications available for Unix and networking professionals. Wondering if you can prove your worth when you apply for a new position? Maybe it’s time to pass some exams and add some letters to your resume.

Lessen your dependencies on closed software: Use OpenOffice instead of Microsoft Office. Take advantage of the wide range of available open software to help manage your systems.

Get a Safari account and keep up-to-date on the latest Unix topics. With more than 3,000 books online, Safari can help you learn new skills without investing a fortune in books. Better yet, get your boss to buy you an account.

Have a Life: Don’t be so much of a geek that you don’t take time out for the other things that you enjoy. Go camping or dancing or sing with a Barbershop Quartet. Join audible.com and listen to books on CD during your commute.

In March 21, 2006 , Microsoft announced a $500 million business marketing campaign, calling it their “largest ever” :) ….[I guess I have heard a Long Horn long back] It is scheduled to be available for imposition on individual users at the end of January 2007.

The Free Software Foundation (FSF) today launched BadVista.org, a campaign with a twofold mission of exposing the harms inflicted on computer users by the new Microsoft Windows Vista and promoting free software alternatives that respect users’ security and privacy rights.

Where the world goes, the choice is always yours!!

For those of you who don’t know, LOPSA is the League of Professional System Administrators.

The League of Professional System Administrators (LOPSA) is an independent New Jersey nonprofit corporation. Our mission is to advance the practice of system administration; to support, recognize, educate, and encourage its practitioners; and to serve the public through education and outreach on system administration issues.

If you are in passion about your System Admin job, possibly I love to recommend you to join us, right away ! Its free to register and need to pay a little bucks more for some advanced privileges.

And LOPSA say “Advance yourself in the profession of system administration, and to advance the profession as a whole!”

Do you laugh when the waiter drops a tray full of dishes? Unix weenies do. They’re the first ones to laugh at hapless users, trying to figure out an error message that doesn’t have anything to do with what they just typed.

People have published some of Unix’s more ludicrous errors messages as jokes.

The following Unix puns were distributed on the Usenet, without an
attributed author. They work with the C shell.

% rm meese-ethics
rm: meese-ethics nonexistent
% ar m God
ar: God does not exist
% "How would you rate Dan Quayle's incompetence?
Unmatched ".
% ^How did the sex changeSHIFT6 operation go?
Modifier failed.

//replace SHIFT6 with ^

% If I had a ( for every $ the Congress spent,
what would I have?
Too many ('s.
% make love
Make: Don't know how to make love. Stop.
% sleep with me
bad character
% got a light?
No match.
% man: why did you get a divorce?
man:: Too many arguments.
% ^What is saccharine?
Bad substitute.
% %blow
%blow: No such job.


These attempts at humor work with the Bourne shell:


$ PATH=pretending! /usr/ucb/which sense
no sense in pretending!
$ drink < bottle ; opener
bottle: cannot open
opener: not found
$ mkdir matter; cat >matter
matter: cannot create

This is “NOT” a HowTo for setting up a ROCKS Cluster, but I tried to show ya off some of my try outs and some aftermath.

If ya are new to ROCKS; Please refer the well equipped ROCKS User’s Guide or ya might be lost.

I used VERSION:-4.1 [Rocks v4.2 Beta is released for i386 and x86_64 CPU architectures are avail now]
and my cluster details are registered here

Frontend a.k.a Head Node installation is just a breeze, only if ya refer the manual.

To saY a word about frontend installation, what is your requirement so what rolls ya need to select.

BASE DISK
0.Area51 Roll :- For added security features like Tripwire and chkrootkit. Opt-out, if you really not othered about high-funda security.
1.Viz Roll :- Visualization, you don’t required unless you have a big and tiled monitor.
2.hpc :- Yes, I am into HPC lane
3.Ganglia :- To show off my cluster set-up and obviously for cluster’s health monitoring.
4.Web-server :- Yes.
5.Kernel Roll :- Yes.

OS DISK

Disk-1 and Disk-2 is sufficient, disks-3 and 4 are optinal

..and next, I did bind to our local ntp server.

DISK PARTITIONING -> Disk-druid for my 147 GB SCSI

/boot : 128 MB
/ : 15 GB
/usr/local : 20 GB ( For mannual installation og Globus and Torque scheduler)
/var : 25 GB (I expect a little more log)
swap : 2 GB
/myspace : 10 GB (For the non-cluster/local users home directory)
/export : Fill Available space

Now the installation has got over; system booted-up and no color (GUI) :-)

# system-config-display

To say, I had an issue and I dont want to see the smoke behind my flat BenQ. What I did was just copied
the /etc/Xll/xorg.conf file from another system with “same” hardware loadead with RedHat-AS-4.
I repeat… Linux, its a large file ! ;-)

Oh..yeah monitor, it’s single BenQ flat, shared over the systems with ATEN KVM switch.

#startx
…hoo·ray ! I got the color ( when ya logged in, the only difference I felt, there wasn’t any red HAT logo but centOS and the grub was different…. so Luke… its our shadow-man ! )
…then I stopped smartd service.

Compue Node Installation

I want the control over the compute node installation, atleast partitioning.

# cd /home/install/site-profiles/4.1/nodes/
Copy the skeleton.xml to extend-auto-partition.xml and edit extend-auto-partition.xml
++ refer the manual ^

I tried editing the manual option on the XML, showed strange and weired so I went with exyend-a-p.

# cd /home/install; rocks-dist dist [to apply this configuration to the distribution]
# insert-ethers
If your your frontend and compute nodes are connected via a managed ethernet switch, you’ll want to select ‘Ethernet Switches’ from the list above. This is because the default behavior of many managed ethernet switches is to issue DHCP requests in order to receive an IP address that clients can use to configure and monitor the switch.

Now, restart insert-ethers and continue reading the user guide for a procedure on how to configure your compute nodes.

# insert-ethers
and choose compute then wait [ Really, I felt I need patience, through out the set-up ] after putting the base cd to your compute node, restart and boot from the CD.
That’s it ( do remember ya have gotta PXE boot option, if you got CD-Drive outage :) )

Its fast..pretty fast and I finished my 2 compute nodes instllation in 3 minutes simultaniously.

You can monitor the installation of compute nodes by using ssh with p0rt 2200.

# ssh compute-0-0 -p 2200

Once the installation got over,
login: root
password: {frontend ’s root password }

# df -h; free
Good all the partitions and swap space are correct.

NO..ITS NOT CORRECT
…reallY… go to front end
0. check the XML file ( my problem was I put forward slash instead of / before part), what’s yours…?
1. # cd /home/install; rocks-dist dist [to apply this configuration to the distribution]
2. # rocks-partition –list –delete –nodename {compue node’s hostname}
3. Use the nukeit.sh script for removing .rocks-release from the first partition of each disk on the computenodes.
[ for nukeit.sh ]
4. # ssh {compue node’s hostname} ’sh /home/install/sbin/nukeit.sh’
5. # ssh {compue node’s hostname} ‘/boot/kickstart/cluster-kickstart’

Compute node restarted; check the default grub option; re-install, go ahead by ENTER.

Hic-cup Session
0. How do I run my Linpack HPL.dat?
Luke…refer the manual
1.How do I change frontend’s Public IP Address?

Don’t use {}

# echo ‘ update app_globals set value=”{newip}” where value=”{oldip}”‘ | mysql -u apache custer
# echo ‘ update networks set IP=”{newIP}” where IP=”{oldIP}”‘ | mysql -u apache cluster
# insert-ethers –update
2. My Ganglia status shows all/some of my compute nodes are dead but actuallY its running.
If ya tried the following…

[root@rocks mongoose]# cluster-fork /bin/date ; date
compute-0-0:
Sat Jul 8 04:30:39 IST 2006
compute-0-1:
Sat Jul 8 04:30:39 IST 2006

Sat Jul 8 04:30:39 IST 2006

[root@rocks mongoose]# cluster-fork service gmond restart
compute-0-0:
Shutting down GANGLIA gmond: [ OK ]
Starting GANGLIA gmond: [ OK ]
compute-0-1:
Shutting down GANGLIA gmond: [ OK ]
Starting GANGLIA gmond: [ OK ]

[root@rocks mongoose]# service gmond restart
Shutting down GANGLIA gmond: [ OK ]
Starting GANGLIA gmond: [ OK ]

root@rocks mongoose]# service gmetad restart
Shutting down GANGLIA gmetad: [ OK ]
Starting GANGLIA gmetad: [ OK ]

I refreshed the ganglia webpage
…then it showed Hosts Up = 1 (frontend) in while 1 changed to 2….. after sometime
it showed me
Hosts Up: 2 and hosts down=1
and now the case is back to Hosts Up=1 and Hosts Down=2.
Check multicas is enabled on your switch, blocking this on the networking device may cause the problem.

3.How do I manually broadcast 411 update instaead of hourly update.

# make -C /var/411 force
[You may have to use this just after creating a cluster-user on Frontend and to get updated across the nodes]

Disclaimer

All the above said materials are tested in a real time environment though Your Miles May Vary (YMMV)

System Installation Checklist for Server mongoose Dateded: 19-June-2006
=============++++++++++++++++++=============

This System Installation Check-list particularly designed for the the server mongoose.

0.System Information

Hostname : mongoose
Domain Name : mongoose.animals.org
IP Address : 192.168.63.82 (may change)
Serial No : B2-xxx-A05060-558
Platform : Intel Dual Xeon (2×3.6 Ghz), 1MB cache
OS Version : RedHat Advanced Server-4 (Kernel-2.6.9-5.ELsmp)
Disk Devices : 2×146GB
Raid Level : 0 [mirrorred]
Disk Storage : 146 GB
RAID Driver Disk : Adaptec Ultra SCSI [a320]

1.Drive Configurations

Filesystem Size Used Avail Use% Mounted on

/dev/sda7 4.9G 632M 4.0G 14% /
/dev/sda1 122M 12M 104M 10% /boot
none 1013M 0 1013M 0% /dev/shm
/dev/sda2 58G 107M 55G 1% /home
/dev/sda9 11G 485M 9.2G 5% /home/admin
/dev/sda6 15G 69M 14G 1% /opt
/dev/sda3 25G 1.8G 22G 8% /usr
/dev/sda5 20G 139M 19G 1% /var

2.Security Settings

a. Enabled SELinux Policy.
b. IP-Tables Firewall enabled except the services ssh, http, ftp, sendmail.

NOTE:
a. The home directory for local Administrator has assaigned as /home/admin
b. RedHat Network registration information.

Done by: Scooby Doo
Verified by: Shrek

Linux Security Checklist

Hey people stop reading…if the box ya want to make secure is not getting powered ON… ya got it…!!

Introduction

I gotta an assaignment to prepare a securitY check-list and here I make it general for anybodY who wanna have a look…I spent quite some time over the jungle…..
This crap maY provide ya some of the keY concepts that can go a long way in keeping a Linux system in secure[/insecure :-P].

General
0.Hardware
1.OS Distribution
2. File System Allocation( Disk Partitions)
3.OS Installation / Package Selection
4.Physical Security
5.Back-Ups
6.Expired Systems
7.Make a Boot and Rescue Media
8.Remove Unnecessary Software Package
9.Keep the System Patched and Up-to-Date
10.Set Off the Unnecessary Services
11.Disable the Unused Ports
12.Cross Check for Xinetd Services
13.Check Security on Key Files
14.User Account Management
15.Remove Unwanted/Zombie Files
16.Customized Banners
17.Harden the Services/Applications which are Required
0.nfs
1.ssh
2.ftp
3.xinetd
4.sendmail
5.apache (httpd)

18.Kernel Tunable Security Parameters
19.iptables
20.TCP Wrappers
21.Pluggable Authentication Module (PAM)
22.Proper System Logging
23.SELinux
24.Tripwire

General
To say ideally, the check list start right from the Hardware, OS Distribution, File System Allocation( Disk Partitions), OS Installation, Physical Security, Back-Ups and finally dump the system by ensuring that data can not be recovered from the Hard disk(s).

Hardware
Is that an OS distro certified hardware vendor?
Choose the hardware vendor who are good at customer support.
Choose the hardware, which meet our requirements (do we need a dual CPU, what is going to be its future role)
Have a plan for Annual Maintenance Contract (AMC) and how long we need it.

OS Distribution
This is all about our choice but must consider the facts, getting security updates, bug-fixes, enhancements and patch management within a short time-frame and in priority wise is an important step to be pro-actively secure the Linux System.

File System Allocation (Disk Partitions)
The system should have separate partitions to avoid “panics�?. This is just a DIVIDE & RULE Policy for better management and for recovery when we had troubles. Make separate partitions and allocate required space for /boot, /, /usr, /home, /var, /tmp and /opt for your optional and third party applications. This step is very important for both Production Servers, Workstations and Desktops (I mean to say, when you do a Linux installation)

OS Installation (Package Selection)
Do you need an Office Suite or xpdf to run your Database Server ? NO. So smart package selection avoid unwanted services and reduce the Risk Factor. May be the vulnerability is more for a package that you really never use.

Physical Security
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards (Gene Spafford)
The systems should be in locked Server-Rack and locked room/datacenter. Physical access to the systems are restricted to authorized users. Set BIOS and Grub password (These days KVM switches can handle from BIOS level to avoid remote reboot chaos).
I am not saying anything hereabout Disaster Recovery Management and room Air Conditioning.

Back-Ups
Data are important for any level of organizations, so the back-up.
Simple back-up utilities are tar, gzip, bzip2, dump – for multiple level of back-up for the entire file-system, rsync – for transfer data between servers and keep in sync, amanda – for a client-server environment.

Expired Systems
Make sure the data can not be recovered from the hard-disks of the systems which is expired and not in use anymore. Disksanitizer is a tool to remove from all traces of data from the storage media according to the U.S. DoD standards.

Make a Boot and Rescue Media
…I just gotta finger pain…but to be continued…. (…where is the vicks bottle…hmm..)

:) I am not a MySQL expert so far…but here was my one day with the MySQL =>

I gotta requirement for MySQL Server version 5.x.x but my distro RH-AS-4 Update-1 (kernel-2.6.9-5) has MySQL-4.1.7. So I erased/un-installed all the MySQL RPMS [ rpm -e mysql* - -nodeps ]
and I choose the source bundle mysql-5.0.21, configured for a separate database on a different partition named /database and made install. Things were fine but some integration issue with Perl and PHP. Both are not able to connect MySQL (were I got screwed up).. I am sure, its not because of the php-mysql and perl-mysql packages Yeah… the default database comes under /var/lib/mysql now its /database/mysql/

I couldn’t see mysql module in php -m. Whats the solution “google” I gotta hell lot of out put that everybody saying I do have the same issue, some stamped this a as bug.

Well… now I am ready to go back to the packages ;
the RPM’s coming wih the distro [ rpm -ivh mysql*4.17* - -force :) ]

Here my DIVIDE & RULE Policy got worked. I umount the /database partition and mount to /var/lib

Issues: fstab is not ready to take the new partition
Solution: edit /etc/rc.local [ mount /dev/cciss/c0d0p11 /var/lib ]

Any luck…? the screw is still getting tight for me…

I gotta the following errors when I started using my middle finger to set this up….at different stages…

1. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’
2. mysql error Errcode: 13
Error code 13: Permission denied [ you can try bash-3.00$ perror 13 ]
3. ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock
4. mysqld dead but subsys locked
5. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’ (Errcode: 13)
6. Timeout error occurred trying to start MySQL Daemon.
7. ‘Problems running mysql_install_db’
8. Installation of system tables failed!

Woops..!! Dido is Stoned after The Sand In My Shoes …
Yokay..
I un-mount the /var/lib for my old /var/lib. Confused..well

/dev/cciss/c0d0p7 4.9G 155M 4.5G 4% /var [ Created at installation ]
/dev/cciss/c0d0p11 51G 144M 48G 1% /var/lib [ Newly mounted ]

:) because I have to back up all the files under “4% /var/lib “ to “1% /var/lib” with out loosing the permission settings.

cd /var/lib
find . -print -depth | cpio -pvdum ~admin/bkup_lib

Mounted back /var/lib to /dev/cciss/c0d0p11
Remove all files under /var/lib/ and once again use the find-cpio combination to place all the files back to ” 1% /var/lib/ “

Now the time to rpm -ivh mysql* [if you are “ivh” ing WITH OUT placing the files under /var/lib …heY..it’s gonna be a PITA with depedency and if those files are not with proper permission settings…..well… whats your numer from 1 to 8 ]

If all went fine so far; one request, dont use the mysql_install_db script now, but you can have a try and collect your number :)

Good…try this

[root@python ~] /usr/bin/mysqld_safe –user=mysql –skip-grant-tables &
[root@python ~] /usr/bin/mysql mysql

Yes..! it’s running; atleast for me but with one issue that I have to manually stop/kill the mysqld daemon.
There is NO service mysqld stop/restart …
I tried all the day to get it up and once it got up…hmmm… very funny…
Do ya have any hack around… :)