~sagar

Obviously Linux Sys-Admins too!

I feel it’s a good deal shown up by Sandra.

Sandra Henry-Stocker has been administering Unix systems for nearly 18 years. She describes herself as “USL” (Unix as a second language) but remembers enough English to write books and buy groceries. She currently works for TeleCommunication Systems, a wireless communications company, in Annapolis, Maryland, where no one else necessarily shares any of her opinions. She lives with her second family on a small farm on Maryland’s Eastern Shore. Send comments and suggestions to sandra@toadmail.com.

New Years celebrations have been going on for as long as 4,000 years. Some historians date them back to the ancient Babylonians welcoming the return of Spring. And New Years resolutions have probably been made throughout these years. While their success rate does not seem to have improved over the millennia, the practice has still not lost its appeal and the beginning of each new year is a time when many people will be thinking about what they want to improve both in their personal lives and in their jobs. So, what are some likely resolutions for Unix sysadmins? Here are a dozen worth considering.
–>

In March 21, 2006 , Microsoft announced a $500 million business marketing campaign, calling it their “largest ever” :) ….[I guess I have heard a Long Horn long back] It is scheduled to be available for imposition on individual users at the end of January 2007.

The Free Software Foundation (FSF) today launched BadVista.org, a campaign with a twofold mission of exposing the harms inflicted on computer users by the new Microsoft Windows Vista and promoting free software alternatives that respect users’ security and privacy rights.

Where the world goes, the choice is always yours!!

For those of you who don’t know, LOPSA is the League of Professional System Administrators.

The League of Professional System Administrators (LOPSA) is an independent New Jersey nonprofit corporation. Our mission is to advance the practice of system administration; to support, recognize, educate, and encourage its practitioners; and to serve the public through education and outreach on system administration issues.

If you are in passion about your System Admin job, possibly I love to recommend you to join us, right away ! Its free to register and need to pay a little bucks more for some advanced privileges.

And LOPSA say “Advance yourself in the profession of system administration, and to advance the profession as a whole!”

Do you laugh when the waiter drops a tray full of dishes? Unix weenies do. They’re the first ones to laugh at hapless users, trying to figure out an error message that doesn’t have anything to do with what they just typed.

People have published some of Unix’s more ludicrous errors messages as jokes.

The following Unix puns were distributed on the Usenet, without an
attributed author. They work with the C shell.

% rm meese-ethics
rm: meese-ethics nonexistent
% ar m God
ar: God does not exist
% “How would you rate Dan Quayle’s incompetence?
Unmatched “.
% ^How did the sex changeSHIFT6 operation go?
Modifier failed.

//replace SHIFT6 with ^

% If I had a ( for every $ the Congress spent,
what would I have?
Too many (’s.
% make love
Make: Don’t know how to make love. Stop.
% sleep with me
bad character
% got a light?
No match.
% man: why did you get a divorce?
man:: Too many arguments.
% ^What is saccharine?
Bad substitute.
% %blow
%blow: No such job.


These attempts at humor work with the Bourne shell:


$ PATH=pretending! /usr/ucb/which sense
no sense in pretending!
$ drink < bottle ; opener
bottle: cannot open
opener: not found
$ mkdir matter; cat >matter
matter: cannot create

This is “NOT” a HowTo for setting up a ROCKS Cluster, but I tried to show ya off some of my try outs and some aftermath.

If ya are new to ROCKS; Please refer the well equipped ROCKS User’s Guide or ya might be lost.

I used VERSION:-4.1 [Rocks v4.2 Beta is released for i386 and x86_64 CPU architectures are avail now]
and my cluster details are registered here

Frontend a.k.a Head Node installation is just a breeze, only if ya refer the manual.

To saY a word about frontend installation, what is your requirement so what rolls ya need to select.

BASE DISK
0.Area51 Roll :- For added security features like Tripwire and chkrootkit. Opt-out, if you really not othered about high-funda security.
1.Viz Roll :- Visualization, you don’t required unless you have a big and tiled monitor.
2.hpc :- Yes, I am into HPC lane
3.Ganglia :- To show off my cluster set-up and obviously for cluster’s health monitoring.
4.Web-server :- Yes.
5.Kernel Roll :- Yes.

OS DISK

Disk-1 and Disk-2 is sufficient, disks-3 and 4 are optinal

..and next, I did bind to our local ntp server.

DISK PARTITIONING -> Disk-druid for my 147 GB SCSI

/boot : 128 MB
/ : 15 GB
/usr/local : 20 GB ( For mannual installation og Globus and Torque scheduler)
/var : 25 GB (I expect a little more log)
swap : 2 GB
/myspace : 10 GB (For the non-cluster/local users home directory)
/export : Fill Available space

Now the installation has got over; system booted-up and no color (GUI) :-)

# system-config-display

To say, I had an issue and I dont want to see the smoke behind my flat BenQ. What I did was just copied
the /etc/Xll/xorg.conf file from another system with “same” hardware loadead with RedHat-AS-4.
I repeat… Linux, its a large file ! ;-)

Oh..yeah monitor, it’s single BenQ flat, shared over the systems with ATEN KVM switch.

#startx
…hoo·ray ! I got the color ( when ya logged in, the only difference I felt, there wasn’t any red HAT logo but centOS and the grub was different…. so Luke… its our shadow-man ! )
…then I stopped smartd service.

Compue Node Installation
–>

System Installation Checklist for Server mongoose Dateded: 19-June-2006
=============++++++++++++++++++=============

This System Installation Check-list particularly designed for the the server mongoose.

0.System Information

Hostname : mongoose
Domain Name : mongoose.animals.org
IP Address : 192.168.63.82 (may change)
Serial No : B2-xxx-A05060-558
Platform : Intel Dual Xeon (2×3.6 Ghz), 1MB cache
OS Version : RedHat Advanced Server-4 (Kernel-2.6.9-5.ELsmp)
Disk Devices : 2×146GB
Raid Level : 0 [mirrorred]
Disk Storage : 146 GB
RAID Driver Disk : Adaptec Ultra SCSI [a320]

1.Drive Configurations

Filesystem Size Used Avail Use% Mounted on

/dev/sda7 4.9G 632M 4.0G 14% /
/dev/sda1 122M 12M 104M 10% /boot
none 1013M 0 1013M 0% /dev/shm
/dev/sda2 58G 107M 55G 1% /home
/dev/sda9 11G 485M 9.2G 5% /home/admin
/dev/sda6 15G 69M 14G 1% /opt
/dev/sda3 25G 1.8G 22G 8% /usr
/dev/sda5 20G 139M 19G 1% /var

2.Security Settings

a. Enabled SELinux Policy.
b. IP-Tables Firewall enabled except the services ssh, http, ftp, sendmail.

NOTE:
a. The home directory for local Administrator has assaigned as /home/admin
b. RedHat Network registration information.

Done by: Scooby Doo
Verified by: Shrek

Linux Security Checklist

Hey people stop reading…if the box ya want to make secure is not getting powered ON… ya got it…!!

Introduction

I gotta an assaignment to prepare a securitY check-list and here I make it general for anybodY who wanna have a look…I spent quite some time over the jungle…..
This crap maY provide ya some of the keY concepts that can go a long way in keeping a Linux system in secure[/insecure :-P].

General
0.Hardware
1.OS Distribution
2. File System Allocation( Disk Partitions)
3.OS Installation / Package Selection
4.Physical Security
5.Back-Ups
6.Expired Systems
7.Make a Boot and Rescue Media
8.Remove Unnecessary Software Package
9.Keep the System Patched and Up-to-Date
10.Set Off the Unnecessary Services
11.Disable the Unused Ports
12.Cross Check for Xinetd Services
13.Check Security on Key Files
14.User Account Management
15.Remove Unwanted/Zombie Files
16.Customized Banners
17.Harden the Services/Applications which are Required
0.nfs
1.ssh
2.ftp
3.xinetd
4.sendmail
5.apache (httpd)

18.Kernel Tunable Security Parameters
19.iptables
20.TCP Wrappers
21.Pluggable Authentication Module (PAM)
22.Proper System Logging
23.SELinux
24.Tripwire

General
To say ideally, the check list start right from the Hardware, OS Distribution, File System Allocation( Disk Partitions), OS Installation, Physical Security, Back-Ups and finally dump the system by ensuring that data can not be recovered from the Hard disk(s).

Hardware
Is that an OS distro certified hardware vendor?
Choose the hardware vendor who are good at customer support.
Choose the hardware, which meet our requirements (do we need a dual CPU, what is going to be its future role)
Have a plan for Annual Maintenance Contract (AMC) and how long we need it.

–>

:) I am not a MySQL expert so far…but here was my one day with the MySQL =>

I gotta requirement for MySQL Server version 5.x.x but my distro RH-AS-4 Update-1 (kernel-2.6.9-5) has MySQL-4.1.7. So I erased/un-installed all the MySQL RPMS [ rpm -e mysql* - -nodeps ]
and I choose the source bundle mysql-5.0.21, configured for a separate database on a different partition named /database and made install. Things were fine but some integration issue with Perl and PHP. Both are not able to connect MySQL (were I got screwed up).. I am sure, its not because of the php-mysql and perl-mysql packages Yeah… the default database comes under /var/lib/mysql now its /database/mysql/

I couldn’t see mysql module in php -m. Whats the solution “google” I gotta hell lot of out put that everybody saying I do have the same issue, some stamped this a as bug.

Well… now I am ready to go back to the packages ;
the RPM’s coming wih the distro [ rpm -ivh mysql*4.17* - -force :) ]

Here my DIVIDE & RULE Policy got worked. I umount the /database partition and mount to /var/lib

Issues: fstab is not ready to take the new partition
Solution: edit /etc/rc.local [ mount /dev/cciss/c0d0p11 /var/lib ]

Any luck…? the screw is still getting tight for me…

I gotta the following errors when I started using my middle finger to set this up….at different stages…

1. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’
2. mysql error Errcode: 13
Error code 13: Permission denied [ you can try bash-3.00$ perror 13 ]
3. ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock
4. mysqld dead but subsys locked
5. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’ (Errcode: 13)
6. Timeout error occurred trying to start MySQL Daemon.
7. ‘Problems running mysql_install_db’
8. Installation of system tables failed!

Woops..!! Dido is Stoned after The Sand In My Shoes …
Yokay..
I un-mount the /var/lib for my old /var/lib. Confused..well

/dev/cciss/c0d0p7 4.9G 155M 4.5G 4% /var [ Created at installation ]
/dev/cciss/c0d0p11 51G 144M 48G 1% /var/lib [ Newly mounted ]

:) because I have to back up all the files under “4% /var/lib “ to “1% /var/lib” with out loosing the permission settings.

cd /var/lib
find . -print -depth | cpio -pvdum ~admin/bkup_lib

Mounted back /var/lib to /dev/cciss/c0d0p11
Remove all files under /var/lib/ and once again use the find-cpio combination to place all the files back to ” 1% /var/lib/ “

Now the time to rpm -ivh mysql* [if you are “ivh” ing WITH OUT placing the files under /var/lib …heY..it’s gonna be a PITA with depedency and if those files are not with proper permission settings…..well… whats your numer from 1 to 8 ]

If all went fine so far; one request, dont use the mysql_install_db script now, but you can have a try and collect your number :)

Good…try this

[root@python ~] /usr/bin/mysqld_safe –user=mysql –skip-grant-tables &
[root@python ~] /usr/bin/mysql mysql

Yes..! it’s running; atleast for me but with one issue that I have to manually stop/kill the mysqld daemon.
There is NO service mysqld stop/restart …
I tried all the day to get it up and once it got up…hmmm… very funny…
Do ya have any hack around… :)

Dear All,

I am writing this mail as an information when we do installation of Linux Operating System by considering the manual partitioning (Diskdruid or fdisk).

People get annoyed after using Linux machine for a while by saying ” hey.. I got a Kernel Panic. I am worried about my data” or ” I don’t know where my GUI has gone“

One of the reason for this panic is, your ” / ” file system got squeezed ! ( say used space for / partition is 98% )

Please do comment, if you have got any suggestion.

I suggest; its a good practice to take care of this issue from the scratch; at the time of OS installation.

Here I am considering a 40GB HDD [** workstation specific NOT Server**]

By considering the fact; most of our machines are in dual boot so I don’t wanna deal with 15GB for Windows (15GB is fair enough for viruses to play and flood around :) )

well…the rest 25 GB.

This is just a DIVIDE & RULE Policy for better management and for recovery when we had troubles.

/boot

= 100MB [Make this as the first choice when you do partition, because older BIOS were not able to detect the second part of boot loader beyond 1024 cylinders of the HDD]

/usr

= 8 GB [ Happily we can deal this for a workstations, mine is 6 GB and 73% so far ]

swap

= Rule of Thumb; 2xRAM Size, but not always true [Try to have it on the middle part of the HDD, because its fast to access the middle portion of HDD]

/home

= 12 GB [ If you don’t have a dual boot, add much more or go for a separate user(you) defined partition to keep your data like documents, pdfs, mp3s and other stuffs ]

/

= 2 GB is more than enough. Yes I said 2048 MB *

/var

= 500 MB [ This separate partition avoid the electronic jamming of / by logfiles, mails and other junks..]
If you are using any RedHat distro and trying to configure MySQL, please consider much more space for the growing database which comes under /var/lib/mysql

/opt

= Are ya trying to install any applications like Oracle db &| its client ? Do you have any “optional” application which you don’t have to mess around ?. If the answer is “yes” go ahead and allocate desired space. I feel 3-4GB is okay. The best part is, you can remove the installed package under /opt as such, because all the files will come under that particular directory (directory=pkg-name) even the “bin” files. If you are not sure about this, add up this amount of space to your /usr or /home filesystem.

/tmp

= Normally, this never go beyond 100MB

NOTE:

1. Never log into your system as root. Log into as a normal user and configure your mail, desktop, browser and all other part which makes you comfortable. This way all your mails and other heavy stuff only fall under /home/[normalusr].

2. Do sudo or su - option when needed.

3. If you are in dual boot and have more space; its a good option to create FAT-32 partition by naming /winshare or something. So that we could access the data [pdfs, mp3s and other stuffs] from both OS.

Please do revert for any suggestion which you feel much practical or logical.

Thank You

~vipin

Contrary to popular belief, Unix is user friendly.
It just happens to be selective about who it makes friends with. — Dave Parnas

One of the hot stuff over the surf ajaxWrite (Asynchronous JavaScript and XML). I say this gonna be a killer application….
It silently says ” Killing is my bussiness and the bussiness is good!“

…and the foxY offered a good company for the Ace-Jack.

* Global access, all you need is an internet connection.
* Platform independent, you can use it with any operating system.
* Automatic updates and upgrades, no more computer restarts or missed patches/updates.
* Server side management, all the busywork is done for you.

http://www.ajaxlaunch.com/ajaxwrite/internals/ajaxwrite-noffox.html

Tail: It doesn’t work with internet explorer.
Did we mention it’s free? That’s right…

Microsoft Office Professional 2007TM - $499

ajaxWrite - $0