Archive for the ‘Linux’ Category.

Ulimit settings not being applied with SSH logins

On a RHEL5 server ulimit setting was not applied when I logged in using SSH. No matter what I did the setting remained the same. Doing a “su – ” to a user, however, worked like a treat. Strange! I did a bit of googling and found the following answer to my problem:

1. In /etc/pam.d/sshd add the line

session    required

2. In /etc/pam.d/login add the line

session    required

3. In /etc/ssh/sshd_config add

UsePAM yes

(this might already be in place in your config file – I’m not using a stock sshd_config)

4. reload SSH

/etc/init.d/sshd restart

Now change something in /etc/security/limits.conf

user1           soft    nofile  2048
user1           hard    nofile  4096

Log in as user1 – and voila!
ulimit -n should now show 2048 and ulimit -nH 4096

Missing device file

In our ESX environment, I extended a virtual disk from VirtualCenter and created a new partition on it using fdisk. The new partition was to be added to a Volume Group under LVM. But the OS (RHEL5 in this case) didn’t recognize the partition. “pvcreate” said it could not find the the device it was “Ignored by filtering” – As it turned out it was not so much a question of filtering as the fact that the device file was missing; /dev/sdb2 simply did not exist. I did a lot of searching and jumping through hoops for a solution that did not include a reboot (the server in question is a production server) – While there might very well be other solutions to this – the one I found turned out to be quite simple: Don’t use fdisk – use “parted” instead:

parted DEVICE
(parted) mkpart PART-TYPE START END
(parted) toggle PART-NUMBER FLAG

in my case it looked like this:

parted /dev/sdb
(parted) mkpart primary 53.7GB 107GB
(parted) toggle 2 lvm
(parted) print
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type     File system  Flags
 1      32.3kB  53.7GB  53.7GB  primary               lvm
 2      53.7GB  107GB   53.7GB  primary               lvm

And Voila! – you’ll have a new partition AND the corresponding device file!

Problems registrering SLES10 clones to a SMT server

First of all. If you don’t know what a SMT-server is you probably don’t need to read any further.

Problem: I was deploying a number of SLES10-SP3 servers in an ESX environment by cloning from a running server – and that all went according to plan. However, when I tried to register the servers to our SMT server the first registration went fine, but the following registrations simply overwrote the previous.

Solution: Google to the rescue!! Rename “deviceid” and “secret” (you could choose to delete them instead if you’re that kind of sys admin – I’m not!) in /etc/zmd and re-run the registration process: --host <your  SMT server>

On some of the servers I also had to run

suse_register -r

in order to restore the repository list, but on others I had no issues – well, go figure!

Problems with name resolution on SLES10 in a .local domain

I noticed some strange behaviour on some SLES10-SP3 servers I was setting up in a .local domain. I could do a nslookup on the FQDN (<somehostname.local>), no problems there – but when trying to do a

ping <somehost>.local

it failed. I did a bit of searching on the internet and it turns out that SuSE (and as far as I could gather – other Linuxes as well) are haveing difficulties dealing with .local domains. The solution is to add the following to the end of /etc/host.conf

mdns off

And then do a reboot. Voila!

Howto generate a random password i an jiffy!

The following one-liner will generate a random eight character string consisting of numbers as well as upper- and  lowercase letters.

echo `< /dev/urandom tr -dc A-Za-z0-9 | head -c8`


tr -dc '0-9a-zA-Z' </dev/urandom |head -c8; echo

If you need a shorter or longer password you can ajust the “-c8”-value.

And yes, I know…… a password should contain special characters as well. Please feel free to add a few periods and asterisks :-)

I found this on the net somewhere. I don’t remember where – sorry.

Add a vmdk to virtual RHEL5 server

To add a vmdk to a virtaul RHEL5 server, you first of all need to create the vmdk (d’oh!) – I won’t go into that here. Next, on the RHEL5 server do as root:

echo "- - -" > /sys/class/scsi_host/host0/scan (the spaces between the dashed are important)

This will cause the scsi bus to be rescanned and the new disk should be found. For the devicename check “dmesg”. Now you can partition the disk, add it to LVM or whatever.

Check expiry date on a ssl certificate

I needed to check the expiry date on a ssl certificate on a RHEL5 server (running a apache webserver).

In this case the location of the certificate was found in the ssl.conf file in the /etc/httpd/conf.d directory. It could very well be different in your setup, so you could grep for the string “SSLCertificateFile” in /etc/httpd/conf*

# grep -r "^SSLCertificateFile" /etc/httpd/conf*

and you should find the path to your certificate file (in my case /etc/pki/tls/certs/server.crt)

# cd /etc/pki/tls/certs (or the path you found above)
# openssl x509 -in server.crt -noout -enddate

Will tell you the expiry date.

Howto extend a ext3 filesystem in RHEL5

In RHEL5 ext2online is no longer available. However, do not despair – you can still grow your ext3 filesystems while online: The functionality has been included in resize2fs so to resize a logical volume, start by extending the volume:

# lvextend -L +2G /dev/systemvg/homelv

And the resize the filesystem:

# resize2fs /dev/systemvg/homelv (by omitting the size argument resize2fs defaults to using the available space in the partition/lv)

Expire password in Linux

If you need to force a user to change password at next login, simply use:

# chage -d 0 <userid>

Keep track of failed login attempts

To enable faillog to actually start logging failed login attempts you need to set up PAM to use the module “”. To configure PAM open the file /etc/pam.d/system-auth in your favourite editor and add the following lines to the file:

auth required onerr=fail deny=5
account required

This should make sure that accounts are locked if the number of failed attempts exceeds 5. The counter is reset on successful login.

The behaviour of pam_tally has changed over time – this approach should work on at least Fedora Core 6+, RHEL 5, SLES10 and later.

In SLES 10 the PAM config-file is /etc/pam.d/login