Archive for the ‘Linux’ Category.
April 14, 2011, 2:05 pm
On a RHEL5 server ulimit setting was not applied when I logged in using SSH. No matter what I did the setting remained the same. Doing a “su – ” to a user, however, worked like a treat. Strange! I did a bit of googling and found the following answer to my problem:
1. In /etc/pam.d/sshd add the line
session required pam_limits.so
2. In /etc/pam.d/login add the line
session required pam_limits.so
3. In /etc/ssh/sshd_config add
UsePAM yes
(this might already be in place in your config file – I’m not using a stock sshd_config)
4. reload SSH
/etc/init.d/sshd restart
Now change something in /etc/security/limits.conf
user1 soft nofile 2048
user1 hard nofile 4096
Log in as user1 – and voila!
ulimit -n should now show 2048 and ulimit -nH 4096
April 21, 2010, 1:10 pm
In our ESX environment, I extended a virtual disk from VirtualCenter and created a new partition on it using fdisk. The new partition was to be added to a Volume Group under LVM. But the OS (RHEL5 in this case) didn’t recognize the partition. “pvcreate” said it could not find the the device it was “Ignored by filtering” – As it turned out it was not so much a question of filtering as the fact that the device file was missing; /dev/sdb2 simply did not exist. I did a lot of searching and jumping through hoops for a solution that did not include a reboot (the server in question is a production server) – While there might very well be other solutions to this – the one I found turned out to be quite simple: Don’t use fdisk – use “parted” instead:
parted DEVICE
(parted) mkpart PART-TYPE START END
(parted) toggle PART-NUMBER FLAG
in my case it looked like this:
parted /dev/sdb
(parted) mkpart primary 53.7GB 107GB
(parted) toggle 2 lvm
(parted) print
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 53.7GB 53.7GB primary lvm
2 53.7GB 107GB 53.7GB primary lvm
And Voila! – you’ll have a new partition AND the corresponding device file!
March 11, 2010, 3:24 pm
First of all. If you don’t know what a SMT-server is you probably don’t need to read any further.
Problem: I was deploying a number of SLES10-SP3 servers in an ESX environment by cloning from a running server – and that all went according to plan. However, when I tried to register the servers to our SMT server the first registration went fine, but the following registrations simply overwrote the previous.
Solution: Google to the rescue!! Rename “deviceid” and “secret” (you could choose to delete them instead if you’re that kind of sys admin – I’m not!) in /etc/zmd and re-run the registration process:
clientSetup4SMT.sh --host <your SMT server>
On some of the servers I also had to run
suse_register -r
in order to restore the repository list, but on others I had no issues – well, go figure!
March 11, 2010, 2:48 pm
I noticed some strange behaviour on some SLES10-SP3 servers I was setting up in a .local domain. I could do a nslookup on the FQDN (<somehostname.local>), no problems there – but when trying to do a
ping <somehost>.local
it failed. I did a bit of searching on the internet and it turns out that SuSE (and as far as I could gather – other Linuxes as well) are haveing difficulties dealing with .local domains. The solution is to add the following to the end of /etc/host.conf
mdns off
And then do a reboot. Voila!
March 4, 2010, 2:28 pm
The following one-liner will generate a random eight character string consisting of numbers as well as upper- and lowercase letters.
echo `< /dev/urandom tr -dc A-Za-z0-9 | head -c8`
or
tr -dc '0-9a-zA-Z' </dev/urandom |head -c8; echo
If you need a shorter or longer password you can ajust the “-c8”-value.
And yes, I know…… a password should contain special characters as well. Please feel free to add a few periods and asterisks 
I found this on the net somewhere. I don’t remember where – sorry.
January 12, 2010, 9:09 am
To add a vmdk to a virtaul RHEL5 server, you first of all need to create the vmdk (d’oh!) – I won’t go into that here. Next, on the RHEL5 server do as root:
echo "- - -" > /sys/class/scsi_host/host0/scan (the spaces between the dashed are important)
This will cause the scsi bus to be rescanned and the new disk should be found. For the devicename check “dmesg”. Now you can partition the disk, add it to LVM or whatever.
December 7, 2009, 11:06 am
I needed to check the expiry date on a ssl certificate on a RHEL5 server (running a apache webserver).
In this case the location of the certificate was found in the ssl.conf file in the /etc/httpd/conf.d directory. It could very well be different in your setup, so you could grep for the string “SSLCertificateFile” in /etc/httpd/conf*
# grep -r "^SSLCertificateFile" /etc/httpd/conf*
and you should find the path to your certificate file (in my case /etc/pki/tls/certs/server.crt)
# cd /etc/pki/tls/certs (or the path you found above)
# openssl x509 -in server.crt -noout -enddate
Will tell you the expiry date.
January 28, 2009, 1:00 pm
In RHEL5 ext2online is no longer available. However, do not despair – you can still grow your ext3 filesystems while online: The functionality has been included in resize2fs so to resize a logical volume, start by extending the volume:
# lvextend -L +2G /dev/systemvg/homelv
And the resize the filesystem:
# resize2fs /dev/systemvg/homelv (by omitting the size argument resize2fs defaults to using the available space in the partition/lv)
December 3, 2008, 8:51 am
If you need to force a user to change password at next login, simply use:
# chage -d 0 <userid>
October 14, 2008, 1:43 pm
To enable faillog to actually start logging failed login attempts you need to set up PAM to use the module “pam_tally.so”. To configure PAM open the file /etc/pam.d/system-auth in your favourite editor and add the following lines to the file:
auth required pam_tally.so onerr=fail deny=5
account required pam_tally.so
This should make sure that accounts are locked if the number of failed attempts exceeds 5. The counter is reset on successful login.
The behaviour of pam_tally has changed over time – this approach should work on at least Fedora Core 6+, RHEL 5, SLES10 and later.
In SLES 10 the PAM config-file is /etc/pam.d/login