Linux Tech Solutions

Thursday, 15 November 2012

How to rdesktop from Linux to Windows

rdesktop: A Remote Desktop Protocol client.

$ rdesktop -u [username] -p [password] [127.0.0.1] -g 1024x640

where:

username is the login name of the remote Windows machine.

password that matches the username of the remote Windows machine.

127.0.0.1 is the IP address of remote computer.

1024x640 is the preferred resolution.

-r clipboard:PRIMARYCLIPBOARD can be added to make sure that copy-paste will work from host to client of vice-versa.

The compete usage: rdesktop [options] server[:port]

-u: user name
-d: domain
-s: shell
-c: working directory
-p: password (- to prompt)
-n: client hostname
-k: keyboard layout on server (en-us, de, sv, etc.)
-g: desktop geometry (WxH)
-f: full-screen mode
-b: force bitmap updates
-L: local codepage
-A: enable SeamlessRDP mode
-B: use BackingStore of X-server (if available)
-e: disable encryption (French TS)
-E: disable encryption from client to server
-m: do not send motion events
-C: use private colour map
-D: hide window manager decorations
-K: keep window manager key bindings
-S: caption button size (single application mode)
-T: window title
-N: enable numlock syncronization
-X: embed into another window with a given id.
-a: connection colour depth
-z: enable rdp compression
-x: RDP5 experience (m[odem 28.8], b[roadband], l[an] or hex nr.)
-P: use persistent bitmap caching
-0: attach to console
-4: use RDP version 4
-5: use RDP version 5 (default)
-y: use raw keyboard (default no)

Wednesday, 24 October 2012

How to Setup MySQL (Master-Slave) Replication on RHEL/CentOS/Fedora

The MySQL Replication is very useful in terms of Data Security, Fail-over Solution, Database Backup from Slave, Analytics etc.

We have two servers, one is Master with IP (X.X.X.X) and other is Slave as (Y.Y.Y.Y). We have divided the setup process in two phases to make things easier for you, In Phase 1 we will configure Master server and in Phase 2 with Slave server. Let’s start the replication setup process.

Phase 1: Configure Master Server (X.X.X.X) for Replication

Install a MySQL in Master Server

First, proceed with MySQL installation using YUM command. If you already have MySQL installation, you can skip this step.

=================================
# yum install mysql-server mysql
=================================

Configure a MySQL in Master Server

Open my.cnf configuration file with VI editor.

=================
# vi /etc/my.cnf
=================

Add the following entries under [mysqld] section and don’t forget to replace dbname with database name that you would like to replicate on Slave.

=========================================================

server-id = 1
binlog-do-db=dbname
relay-log = /var/lib/mysql/mysql-relay-bin
relay-log-index = /var/lib/mysql/mysql-relay-bin.index
log-error = /var/lib/mysql/mysql.err
master-info-file = /var/lib/mysql/mysql-master.info
relay-log-info-file = /var/lib/mysql/mysql-relay-log.info
log-bin = /var/lib/mysql/mysql-bin
=========================================================

Restart the MySQL service.

=============================
# /etc/init.d/mysqld restart
=============================

Login into MySQL as root user and create the slave user and grant privileges for replication. Replace slave_user with user and your_password with password.

===================
# mysql -u root -p

mysql> GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'%' IDENTIFIED BY 'your_password';
mysql> FLUSH PRIVILEGES;
mysql> FLUSH TABLES WITH READ LOCK;
mysql> SHOW MASTER STATUS;

+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 11128001 | tecmint | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)

mysql> quit;

====================

Please write down the File (mysql-bin.000003) and Position (11128001) numbers, we required these numbers later on Slave server. Next apply READ LOCK to databases to export all the database and master database information with mysqldump command.

================================================

# mysqldump -u root -p --all-databases --master-data > /root/dbdump.db
================================================

Once you’ve dump all the databases, now again connect to mysql as root user and unlcok tables.

======================

mysql> UNLOCK TABLES;

mysql> quit;

======================

Upload the database dump file on Slave Server (Y.Y.Y.Y) using SCP command.

=========================================
# scp /root/dbdump.db root@Y.Y.Y.Y:/root/
=========================================

That’s it we have successfully configured Master server, let’s proceed to Phase 2 section.

Phase 2: Configure Slave Server (Y.Y.Y.Y) for Replication

In Phase 2, we do the installation of MySQL, setting up Replication and then verifying replication.

Install a MySQL in Slave Server

If you don’t have MySQL installed, then install it using YUM command.

=================================
# yum install mysql-server mysql
=================================

Configure a MySQL in Slave Server

Open my.cnf configuration file with VI editor.

=================
# vi /etc/my.cnf
=================

Add the following entries under [mysqld] section and don’t forget to replace IP address of Master server, dbname with database name etc, that you would like to replicate with Master.

========================

server-id = 2
master-host=192.168.1.1
master-connect-retry=60
master-user=slave_user
master-password=yourpassword
replicate-do-db=tecmint
relay-log = /var/lib/mysql/mysql-relay-bin
relay-log-index = /var/lib/mysql/mysql-relay-bin.index
log-error = /var/lib/mysql/mysql.err
master-info-file = /var/lib/mysql/mysql-master.info
relay-log-info-file = /var/lib/mysql/mysql-relay-log.info
log-bin = /var/lib/mysql/mysql-bin

========================

Restart the MySQL service.

=============================
# /etc/init.d/mysqld restart
=============================

Login into MySQL as root user and stop the slave. Then tell the slave to where to look for Master log file, that we have write down on master with SHOW MASTER STATUS; command as File (mysql-bin.000003) and Position (11128001) numbers. You must change X.X.X.X to the IP address of the Master Server, and change the user and password accordingly.

===================
# mysql -u root -p

mysql> slave stop;
mysql> CHANGE MASTER TO MASTER_HOST='X.X.X.X', MASTER_USER='slave_user', MASTER_PASSWORD='yourpassword', MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=11128001;
mysql> slave start;
mysql> show slave status\G

===================

*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: X.X.X.X
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 12345100
Relay_Log_File: mysql-relay-bin.000002
Relay_Log_Pos: 11381900
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB: dbname
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 12345100
Relay_Log_Space: 11382055
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
1 row in set (0.00 sec)

=========================================

Verifying MySQL Replication on Master and Slave Server

It’s really very important to know that the replication is working perfectly. On Master server create table and insert some values in it.

On Master Server

===============================

mysql> create database dbname;

mysql> use dbname;

mysql> CREATE TABLE employee (c int);

mysql> INSERT INTO employee (c) VALUES (1);

mysql> SELECT * FROM employee;

+------+

| c |

+------+

| 1 |

+------+

1 row in set (0.00 sec)

===============================

On Slave Server

Verifying the SLAVE, by running the same command, it will return the same values in the slave too.

===============================

mysql> use dbname;

mysql> SELECT * FROM employee;

+------+

| c |

+------+

| 1 |

+------+

1 row in set (0.00 sec)

===============================

:-)enjoy..............

Tuesday, 23 October 2012

How To Generate SSL Key, CSR and Self Signed Certificate For Apache

If you want to convert your website from HTTP to HTTPS, you need to get a SSL certificate from a valid organization like Verisign or Thawte. You can also generate self signed SSL certificate for testing purpose.

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.
=======================
Key, CSR and CRT File Naming Convention
I typically like to name the files with the domain name of the HTTPS URL that will be using this certificate. This makes it easier to identify and maintain.
Instead of server.key, I use www.thegeekstuff.com.key
Instead of server.csr, I use www.thegeekstuff.com.csr
Instead of server.crt, I use www.thegeekstuff.com.crt
1. Generate Private Key on the Server Running Apache + mod_ssl
First, generate a private key on the Linux server that runs Apache webserver using openssl command as shown below.
# openssl genrsa -des3 -out www.thegeekstuff.com.key 1024
Generating RSA private key, 1024 bit long modulus
.......................................++++++
...................................................++++++
e is 73547 (0x01001)
Enter pass phrase for www.thegeekstuff.com.key:
Verifying - Enter pass phrase for www.thegeekstuff.com.key:

# ls -ltr www.thegeekstuff.*
-rw-r--r-- 1 root root 963 Jun 13 20:26 www.thegeekstuff.com.key
The generated private key looks like the following.
# cat www.thegeekstuff.com.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,485B3C6371C9916E

ymehJu/RowzrclMcixAyxdbfzQphfUAk9oK9kK2
jadfoiyqthakLKNqw9z1MoaqkPyqeHevUm26no
AJKIETHKJADFS2BGb0n61/Ksk8isp7evLM4+QY
KAQETKjdiahteksMJOjXLq+vf5Ra299fZPON7yr
-----END RSA PRIVATE KEY-----
2. Generate a Certificate Signing Request (CSR)
Using the key generate above, you should generate a certificate request file (csr) using openssl as shown below.
# openssl req -new -key www.thegeekstuff.com.key -out www.thegeekstuff.com.csr
Enter pass phrase for www.thegeekstuff.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:Los Angeles
Organization Name (eg, company) [My Company Ltd]:The Geek Stuff
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []: thegeekstuff
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# ls -ltr www.thegeekstuff.*
-rw-r--r-- 1 root root 963 Jun 13 20:26 www.thegeekstuff.com.key
-rw-r--r-- 1 root root 664 Jun 13 20:35 www.thegeekstuff.com.csr
3. Generate a Self-Signed SSL Certificate
For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command as shown below.
# openssl x509 -req -days 365 -in www.thegeekstuff.com.csr -signkey www.thegeekstuff.com.key -out www.thegeekstuff.com.crt
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=thegeekstuff/OU=IT/CN=www.thegeekstuff.com
Getting Private key
Enter pass phrase for www.thegeekstuff.com.key:

# ls -l www.thegeekstuff*
-rw-r--r-- 1 root root 963 Jun 13 20:26 www.thegeekstuff.com.key
-rw-r--r-- 1 root root 664 Jun 13 20:35 www.thegeekstuff.com.csr
-rw-r--r-- 1 root root 879 Jun 13 20:43 www.thegeekstuff.com.crt

# cat www.thegeekstuff.com.crt
-----BEGIN CERTIFICATE-----
haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB
kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ
kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29
-----END CERTIFICATE-----

You can use this method to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.
4. Get a Valid Trial SSL Certificate (Optional)
Instead of signing it youself, you can also generate a valid trial SSL certificate from thawte. i.e Before spending the money on purchasing a certificate, you can also get a valid fully functional 21 day trial SSL certificates from Thawte. Once this valid certificate works, you can either decide to purchase it from Thawte or any other SSL signing organization.

This step is optional and not really required. For testing purpose, you can always use the self-signed certificate that was generated from the above step.

Go to Thwate trial certificate request page and do the following:
Select “SSL Web Server Certificate (All servers)” under the “select your trial certificate”.
Do not check the PKCS #7 check-box under the “configure certificate”
Copy/Paste the *.csr file that you generate above in the textbox under “certificate signing request (CSR)”
Click on next at the bottom, which will give you a 21-day free trial certificate.

Copy/Paste the trial certificate to the www.thegeekstuff.com.crt file as shown below.
# cat www.thegeekstuff.com.crt
-----BEGIN CERTIFICATE-----
haidfshoaihsdfAKDJFAISHTEIHkjasdjadf9w0BAQUFADCB
kjadfijadfhWQIOUQERUNcMNasdkjfakljasdBgEFBQcDAQ
kjdghkjhfortoieriqqeurNZXCVMNCMN.MCNaGF3dGUuY29
-----END CERTIFICATE-----

Here are some useful Linux commands for Exim mail server...

Exim is the SMTP server used in Cpanel servers. You can find more information about exim mail server at www.exim.org

Exim

Count the number of messages in the queue
  exim -bpc

=======

Listing the messages in the queue
exim -bp

=======

List frozen messages
exim -bp |grep frozen|wc -l

=======

Remove all frozen messages
exiqgrep -z -i | xargs exim -Mrm

=======

Freeze all queued mail from a given sender
exiqgrep -i -f usr| xargs exim -Mf

=======

Remove mails for a specific receiver
exiqgrep -ir usr | xargs exim -Mrm

=======

View a message’s headers
exim -Mvh

=======

  Count the no of messages
exim -bp | grep user@example.com |wc -l

=======

Remove all messages
exim -bpru|awk {‘print $3′}|xargs exim -Mrm

=======

Total mail send
grep user /var/log/exim_mainlog | grep “<=” -c
======

Thursday, 18 October 2012

Install and Configure PXE Server

PXE (Pre-boot eXecution Environment)

Install Required Packages :

# yum -y install dhcp tftp-server syslinux httpd vsftpd system-config-kickstart

Configure DHCP Server :

# vim /etc/dhcp/dhcpd.conf

===============================================================

option domain-name "example.org";

option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;

max-lease-time 7200;

ddns-update-style none;

log-facility local7;

subnet 10.0.0.0 netmask 255.255.255.0 {

range dynamic-bootp 10.0.0.220 10.0.0.250;

allow booting;

allow bootp;

default-lease-time 600;

max-lease-time 7200;

next-server 10.0.0.202;

filename "/pxelinux.0";

}

===============================================================

Configure TFTP Server :

# vim /etc/xinetd.d/tftp

=====================================================

service tftp

{

socket_type = dgram

protocol = udp

wait = yes

user = root

server = /usr/sbin/in.tftpd

server_args = -s /tftpboot

disable = no

per_source = 11

cps = 100 2

flags = Ipv4

}

===============================================================

# mount -t iso9660 -o loop CentOS-6.0-x86_64-bin-DVD1.iso /mnt/iso

# cp -a /mnt/iso/* /tftpboot

# mkdir /tftpboot/pxelinux.cfg

Create Kickstart file :

# system-config-kickstart

Save ks.cfg in /var/ftp/pub

# vim /var/ftp/pub/ks.cfg

#platform=x86, AMD64, or Intel EM64T

#version=DEVEL

# Firewall configuration

firewall --enabled --ssh

# Install OS instead of upgrade

install

# Use network installation

url --url="ftp://10.0.0.202/pub/iso"

# Root password

rootpw --iscrypted $1$A1SYVVrG$4vMq7X4bUrzQW4OKydPAf/

# System authorization information

auth --useshadow --passalgo=sha512

# Use graphical install

graphical

firstboot --disable

# System keyboard

keyboard us

# System language

lang en_US

# SELinux configuration

selinux --enforcing

# Installation logging level

logging --level=info

# Reboot after installation

reboot

# System timezone

timezone Asia/Kolkata

# Network information

network --bootproto=dhcp --device=eth0 --onboot=on

# System bootloader configuration

bootloader --location=mbr

# Clear the Master Boot Record

zerombr

# Partition clearing information

clearpart --all

%packages

@basic-desktop

@desktop-platform

@fonts

@general-desktop

@graphical-admin-tools

====================================================

Create pxemenu :

# vim /tftpboot/pxelinux.cfg/default

===============================================================

timeout 100

default menu.c32

menu title ########## PXE Boot Menu ##########

label 1

menu label ^1) Install CentOS 6

kernel vmlinuz

append initrd=initrd.img linux ks=ftp://10.0.0.202/pub/ks1.cfg method=ftp://10.0.0.202/pub/iso devfs=nomount

#label 2

# menu label ^2) Install CentOS 6.2

# kernel vmlinuz

# append initrd=initrd.img linux ks=ftp://10.0.0.202/pub/ks1.cfg method=ftp://10.0.0.202/pub/6.2 devfs=nomount

label 2

menu label ^2) Boot from local drive

localboot

===============================================================

# cp /usr/share/syslinux/pxelinux.0 /tftpboot

# cp -vr /mnt/* /var/ftp/pub/

# vim /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

# Uncomment this to allow local users to log in.

local_enable=YES

# Uncomment this to enable any form of FTP write command.

write_enable=YES

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

Restart & On all the services to persist on reboot..

# service dhcpd restart

# service xinetd restart

# service vsftpd restart

# chkconfig vsftpd on

# chkconfig dhcpd on

# chkconfig xinetd on

# setenforce 0

Apache::LimitIPConn Module Installation

Apache::LimitIPConn - Limit simultaneous connections by an IP address

This package allows a web server administrator to impose limits on the number of simultaneous connections that a single IP address can make to the Apache server.

The Apache::LimitByIPConn module lets you enforce limits on the number of simultaneous downloads allowed from a single IP address. You can also control which MIME types are affected by the limits.

The MaxConnPerIP variable dictates the maximum number of simultaneous connections that each IP address is allowed. Connections in excess ofthis limit will result in a 403 Forbidden response.

The NoIPLimit variable specifies a list of MIME types for which limit checking is turned off. The OnlyIPLimit variable followed by a list of MIME types restricts limit checking only to the types specified under this variable. These MIME types match by prefix, so for example PerlSetVar NoIPLimit "image" Turns off limit checking for all MIME types starting with "image", including "image/jpeg", "image/png", etc. Wildcard matching with ? and * is also supported.

NOTES

The limits defined by Apache::LimitIPConn apply to all IP addresses connecting to your Apache server. Currently there is no way to set different limits for different IP addresses. Proxy clients are treated no differently from regular clients. Overly restrictive limits will adversely affect the accessibility of your site from large Internet Service Providers such as AOL that route millions of users through a small pool of proxy clients. This module requires Apache::Scoreboard and the configuration setting "ExtendedStatus On" in the httpd.conf configuration file.

In order to install this module, you'll first need to download and install Apache::Scoreboard from CPAN.

Installation

cd /usr/local/src/

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2

tar -xvf mod_limitipconn-0.24.tar.bz2

cd mod_limitipconn-0.24

make

make install

httpd -t

/etc/init.d/httpd restart

Add the below lines in httpd.conf

vi /usr/local/apache/conf/httpd.conf
============================================
# This command is always needed
ExtendedStatus On
# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so

# Set a server-wide limit of 10 simultaneous downloads per IP,
# no matter what.
MaxConnPerIP 10

# This section affects all files under http://your.server/somewhere
MaxConnPerIP 3
# exempting images from the connection limit is often a good
# idea if your web page has lots of inline images, since these
# pages often generate a flurry of concurrent image requests
NoIPLimit image/*

# This section affects all files under /home/*/public_html
MaxConnPerIP 1
# In this case, all MIME types other than audio/mpeg and video*
# are exempt from the limit check
OnlyIPLimit audio/mpeg video
============================================
Check the syntax if everything is ok then restart the apache.
httpd -t
/etc/init.d/httpd restart
/etc/init.d/httpd status

Tuesday, 16 October 2012

Installation Of BIND DNS from Source

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

Installation

1)Download dns package from the source

2)From the source folder run command

# ./configure

# make

# make install

3)Create a file called named.conf in /usr/local/bind/etc/named.conf

zone "trainee7.com" IN {

type master;

file "remote.com.zone";

allow-update { none; };

};

4)Create the zone file in /usr/local/bind/var/named

$TTL 86400

trainee7.com. IN SOA root.trainee7.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ; Minimum

)

IN NS trainee7.com.

trainee7.com. IN A 192.168.1.109

www.trainee7.com. IN CNAME 192.168.1.109

trainee7.com. IN MX 0 trainee7.com.

5)Service Named Restart

6)Edit these configuration files

vi /etc/hosts

192.168.1.109 trainee07.server.com

vi /etc/resolv.conf

search trainee7.com

nameserver 192.168.1.109

7)chgrp named /usr/local/bind/var/named/remote.com.zone

8)host trainee7.com

9)dig trainee7.com