Category Archives: Oracle Enterprise Linux

Installing MySQL on Linux Using the MySQL Yum Repository

Install Guide

http://dev.mysql.com/doc/refman/5.6/en/linux-installation-yum-repo.html


$ service mysqld start

$ ps ax | grep mysql
 4396 ?        Ss     0:00 /bin/bash /usr/bin/mysql-systemd-start post
 5160 pts/2    S+     0:00 /bin/systemctl start mysqld.service

$ mysql
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

After you installed MySQL-community-server 5.7 from fresh on linux, you will need to find the temporary password from /var/log/mysqld.log to login as root.

grep ‘temporary password’ /var/log/mysqld.log
Run mysql_secure_installation to change new password

When running into error 13 or 12, change SELinux and re-install

SE Linux

http://wiki.centos.org/HowTos/SELinux


$ yum remove mysql spullen

$ sestatus

$ edit se linux configuration to disable SELinux

$ yum -y install mysql-community-server

$ service mysqld start

$ ps ax | grep mysql
 14059 ?        Ss     0:00 /bin/sh /usr/bin/mysqld_safe
14208 ?        Sl     0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
14294 pts/0    S+     0:00 mysql
14585 pts/1    S+     0:00 grep --color=auto mysql

Installation of the 64-bit JDK on RPM-based Linux Platforms

Leave a reply

Installation of the 64-bit JDK on RPM-based Linux Platforms

http://docs.oracle.com/javase/7/docs/webnotes/install/linux/linux-jdk.html

This procedure installs the Java Development Kit (JDK) for 64-bit RPM-based Linux platforms, such as Red Hat and SuSE, using an RPM binary file (.rpm) in the system location. You must be root to perform this installation.

These instructions use the following file:

jdk-7u-linux-x64.rpm

1. Download the file. Before the file can be downloaded, you must accept the license agreement.

2. Become root by running su and entering the super-user password.

3. Uninstall any earlier installations of the JDK packages.
# rpm -q -a | grep java

# rpm -e package_name
or
# yum -y remove package_name

4. Install the package.

# rpm -ivh jdk-7u-linux-x64.rpm

To upgrade a package:

# rpm -Uvh jdk-7u-linux-x64.rpm

5. Delete the .rpm file if you want to save disk space.

6. Exit the root shell. No need to reboot.

Oracle DB 12C op Oracle Linux 7

Leave a reply

Download de Oracle 12 C database en pak hem uit in OraDB12C


[root@cerita home]# mkdir OraDB12c
[root@cerita home]# cd OraDB12c/
[root@cerita OraDB12c]# mv ../oracle/Downloads/linuxamd64_12102_database_1of2.zip .
[root@cerita OraDB12c]# mv ../oracle/Downloads/linuxamd64_12102_database_2of2.zip .
[root@cerita OraDB12c]# ls
linuxamd64_12102_database_1of2.zip  linuxamd64_12102_database_2of2.zip
[root@cerita OraDB12c]# unzip linuxamd64_12102_database_1of2.zip
[root@cerita OraDB12c]# unzip linuxamd64_12102_database_2of2.zip

Installeer als user oracle

[oracle@cerita home]$ cd OraDB12c/
[oracle@cerita OraDB12c]$ cd database
[oracle@cerita database]$ ./runInstaller 
Starting Oracle Universal Installer...

De installer komt op een gegeven moment met een scherm over missende prerequisites.
De kernel parameters zijn automatische the fixen, Oracle maakt hier een runfixup script voor.

[root@cerita database]# /tmp/CVU_12.1.0.2.0_oracle/runfixup.sh

maar een aantal libraries moeten nog worden geyummed.


$ yum -y install libaio-devel
$ yum -y install compat-libstdc++-33
$ yum -y install compat-libcap1

Tenslotte vraagt runInstaller nog twee scripts uit te voeren als root.


[root@cerita database]# /home/oracle/app/oraInventory/orainstRoot.sh
Changing permissions of /home/oracle/app/oraInventory.
Adding read,write permissions for group.
Removing read,write,execute permissions for world.

Changing groupname of /home/oracle/app/oraInventory to oinstall.
The execution of the script is complete.
[root@cerita database]# /home/oracle/app/oracle/product/12.1.0/dbhome_1/root.sh
Performing root user operation.

The following environment variables are set as:
    ORACLE_OWNER= oracle
    ORACLE_HOME=  /home/oracle/app/oracle/product/12.1.0/dbhome_1

Enter the full pathname of the local bin directory: [/usr/local/bin]: /usr/local/bin
   Copying dbhome to /usr/local/bin ...
   Copying oraenv to /usr/local/bin ...
   Copying coraenv to /usr/local/bin ...


Creating /etc/oratab file...
Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root script.
Now product-specific root actions will be performed.

rsync SSH

Leave a reply

Create backup user on Server called “gudang”. Make user passwordless.

Prepare RSA keys on Server called “gudang”


root@gudang:/root$ su -m yogya
yogya@gudang:/home/yogya/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yogya/.ssh/id_rsa): /home/yogya/.ssh/id_rsa_rsync
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/yogya/.ssh/id_rsa_rsync.
Your public key has been saved in /home/yogya/.ssh/id_rsa_rsync.pub.
The key fingerprint is:
b4:65:6c:d9:5f:5f:27:1e:24:21:c7:b0:a4:c7:ac:ff yogya@gudang
The key's randomart image is:
+--[ RSA 2048]----+
|          +o+..  |
|         * *.o   |
|        o @ . o +|
|       . B   o ++|
|        S     o .|
|         .       |
|          .      |
|           .     |
|            E    |
+-----------------+

Add key to authorized keys on Remote called “yogya”


yogya@gudang:/home/yogya/.ssh$ scp id_rsa_rsync.pub  root@yogya:

[root@yogya .ssh]# cat ../id_rsa_rsync.pub >> authorized_keys

Check command that Remote wants to perform


yogya@gudang:/home/yogya$ rsync -avz -e 'ssh -v' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1
..
..
debug1: Sending command:  rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /mnt/data/backup/svn
..

Put commands in authorized_keys on Remote


command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /mnt/data/backup/svn",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiI3mw38zbEknwqsy1uPtLfD0H8nMqKoFVyf+hAohyBdsXZysm/xSgYB9T2F4X7KCO4x8vaXrtLBf/ZdTV852jmW2uDlbUlsWj+XsT9AbS9RCncq943l8pzhk8yxB12o+KqRoPnWga0wNYaaF4av0+nsm1fv2Tzxkd8/q0hIrOuWjnJFWuNDgK1sZBOQwHN07jtcGsTvcsRWst9NZCRErIqIoM5LIou7LJzLlVqtBzLO90dWNp6Y6c6ENXtFRezu2myiAtdiWxNUAhoEZA5HJNpotYurDJw3oJgWoIv0Rz6qoSl2gGbAvKfs8UR4Un3DYCVmmbv0Z+qJkeVKuAZuap yogya@gudang

Note:
* only one command per rsa key

Run commands on Server


rsync -az -e 'ssh -i /home/yogya/.ssh/id_rsa_rsync' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1

Add to command to crontab on server


yogya@gudang:/home/yogya/home$ crontab -e
45 * * * * rsync -az -e 'ssh -i /home/yogya/.ssh/id_rsa_rsync' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1

rdiff-backup ReadyNAS

Leave a reply

Backup Server

ssh root@gudang
The authenticity of host 'gudang (192.168.178.28)' can't be established.
RSA key fingerprint is 92:f1:cf:b7:26:af:ab:2a:fe:c1:5d:c6:77:ae:93:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gudang' (RSA) to the list of known hosts.
root@gudang's password: 

Welcome to ReadyNASOS 6.1.8

Install rdiff-backup

apt-get install rdiff-backup

The general model I use is to initiate all rdiff-backups from a central backup server, and pull the data from the hosts to be backed up. The central backup server uses a non-root user to perform the backups — this relies on metadata features of recent rdiff-backup in order to support proper restores, and has the benefit that rdiff-backup exploits/bugs have reduced potential to damage the backup server. The backup still requires root on the host being backed up, but it is protected by ssh mechanisms which restrict the invoked command, and rdiff-backup mechanisms which restrict it to read-only access.

For convenience I’ll call the backup server gudang and the host to be backed up yogya.
On the backup server gudang, create a new account which will be used to perform the backup. I’ll use the account name backup. The shell can typically be set to /bin/false. In my case the home directory is set to /backup which is where I’ve mounted the filesystem containing all my backups. The account password should be disabled. For example you might have the following entries in your passwd/shadow files:

/etc/passwd
backup:x:34:34:backup:/backup:/bin/false
/etc/shadow
backup:*:12644:0:99999:7:::

Your uid/gid may differ, as may many of the fields in shadow.

Note that if you’re backing up multiple hosts, for an extra layer of paranoia you could create an account per host.

Command to delete user password under Linux

Type the following command to delete a user password

root@gudang:/etc# passwd --delete yogya
passwd: password expiry information changed.
root@gudang:/etc# su -m yogya
Creating directory '/home/yogya'.
bash: /root/.bashrc: Permission denied

Generate public/private rsa key pair


yogya@gudang:/etc$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yogya/.ssh/id_rsa): /home/yogya/.ssh/id_rsa_rdiff
Created directory '/home/yogya/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/yogya/.ssh/id_rsa_rdiff.
Your public key has been saved in /home/yogya/.ssh/id_rsa_rdiff.pub.

Create an ssh config alias which defines how to contact yogya with the backup key.

vi /home/yogya/.ssh/config:

host yogya-backup
  hostname yogya
  user root
  identityfile /home/yogya/.ssh/id_rsa_rdiff
#  compression yes
  protocol 2

Note that “compression yes” is optional, and you may wish to omit it if gudang and yogya are connected over high-speed nets. The cipher line is also optional, but may reduce cpu overhead. (On a trusted switched network, or over localhost, you may also wish to patch OpenSSH to enable cipher none.)

This config entry enables backup@gudang to use the “hostname” yogya-backup wherever ssh expects a real hostname. ssh will use the information specified in the config file, which will result in a connection to yogya, using the specified key, compression, cipher, and protocol.

You may need to make some file permission adjustments, it depends on your system:

yogya@gudang:/home/yogya$ chmod -R go-rwx /home/yogya/.ssh

Give permission for backup to access yogya and run rdiff-backup.
Assuming that root@yogya’s home directory is /root, we will construct a terribly long line in the file /root/.ssh/authorized_keys (on yogya). The line is so long that I’m going to break it in two here for demonstration purposes only, you must join this first line and the public key from above on one line, with only a space between them:


yogya@gudang:/home/yogya$ scp /home/yogya/.ssh/id_rsa_rdiff.pub root@yogya:


[root@yogya .ssh]# cat ../id_rsa_rdiff.pub >> authorized_keys
[root@yogya .ssh]# vi authorized_keys
command="rdiff-backup --server --restrict-read-only /",from="gudang",no-port-forwarding,no-X11-forwarding,no-pty
ssh-rsa AAAAB3NzaC1yc2E[......] yogya@gudang

Ensure file permissions are set properly:

[root@yogya ~]#  chmod -R go-rwx /root/.ssh

This entry in /root/.ssh/authorized_keys permits anyone with the specified key (i.e. backup@gudang) to connect with ssh from the host named gudang and issue the forced rdiff-backup command. It further restricts the ssh connection to eliminate port forwarding, X11 forwarding and a pty. The rdiff-backup invocation is also restricted to read-only operations starting from the root of the file system.

Install rdiff-backup on yogya


[root@yogya .ssh]# yum -y install rdiff-backup
..

NOTE: rdiff-backup 0.13.4 fails to support “–restrict-read-only /” without a patch. It works fine with sub-paths (i.e. /home), but you’ll need my patch to backup from the root of the filesystem. If you’d prefer not to patch rdiff-backup then you can skip the “–restrict-read-only /” parameters — it is up to you how paranoid you wish to be.

If you have any troubles, this step is the one which has most likely caused you problems. Here are some troubleshooting guidelines:

– Make sure there are no line breaks in the authorized_keys entry.
– Use the reverse DNS response for gudang’s IP address in from=”gudang”.
– Make sure you copied the public key properly.
– Make sure rdiff-backup is in root’s PATH, or add a full path to command=”/path/to/rdiff-backup…”.

Perform a test backup and populate known_hosts.

You should now be able to perform a test backup. During this test ssh will probably ask you to accept the yogya host key — you will need to complete this step before you can begin an unattended backup.


yogya@gudang:/home/yogya$ rdiff-backup yogya-backup::/home/pdeneef/cma test-backup

If you are asked for a password or passphrase then something is wrong. Other than asking you to verify the host key it should succeed in performing a backup of yogya::/tmp in test-backup.

Assuming the first attempt asked you to verify the host key, run the test a second time to verify that it asks you nothing.


$ rdiff-backup -v8 yogya-rdiff::/mnt/data/backup/mysqldumps/ /data/backup-yogya/mysqldumps

Create a cron job on gudang to initiate your backup (i.e. crontab -e -u backup):


# su -m yogya
$ crontab -e

10 4 * * * rdiff-backup --force --remove-older-than 4W /data/backup-welgg/mysqldumps >/dev/null  2>&1
50 * * * * rdiff-backup welgg-rdiff::/home/data/backup/mysqldumps /data/backup-welgg/mysqldumps >/dev/null 2>&1

IMPDP

Leave a reply

Prerequisites
Installed Oracle database
Created database

Create Linux user


su root
useradd brv11p2
usermod -g oinstall brv11p2
usermod -a -G dba brv11p2
passwd brv11p2
cd /home
chmod -R g+rwx oinstall

Prepare .bash_profile for Linux user


# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

export ORACLE_INSTALL=/home/oracle
export ORACLE_SID=brv11p2
PATH=$PATH:$ORACLE_INSTALL/bin:$ORACLE_INSTALL/app/oracle/product/11.2.0/dbhome_1/bin/

export PATH

export ORACLE_BASE=$ORACLE_INSTALL/app/oracle
export ORACLE_HOME=$ORACLE_INSTALL/app/oracle/product/11.2.0/dbhome_1

Create table space


SQL> CREATE BIGFILE TABLESPACE "tablespace" DATAFILE '/path/to/dbfile.dbf' SIZE 120G AUTOEXTEND ON NEXT 4G MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;

Create user

SQL> create user whoever identified by password;
SQL> grant create session to whoever;
SQL> grant all privileges to sparcsn4;

Create database directories

Execute the following commands to create a database directory. This directory must point to a valid directory on the same server as the database:

SQL> CREATE DIRECTORY dmpdir AS 'path/to/directory/with/dumpfile/';

SQL> GRANT read, write ON DIRECTORY dmpdir TO whoever;

impdp parameter files
First import step excludes tables that just take space


vi step1.par
EXCLUDE=TABLE:"IN ('EDI_TRANSACTION','ROAD_DOCUMENTS','FRM_JOB_LOG','EDI_TRANSACTION_KEYWORD','EDI_BATCH_PROCESS','EDI_INTERCHANGE','EDI_EVENT','EDI_SEGMENT','EDI_BATCH','EDI_ERROR')"

Second import step creates the skipped tables


vi step2.par
DIRECTORY=dmpdir
CONTENT=METADATA_ONLY
TABLES=EDI_TRANSACTION,ROAD_DOCUMENTS,FRM_JOB_LOG,EDI_TRANSACTION_KEYWORD,EDI_BATCH_PROCESS,EDI_INTERCHANGE,EDI_EVENT,EDI_SEGMENT,EDI_BATCH,EDI_ERROR

Import database

Single dumpfile


impdp DIRECTORY=dmpdir dumpfile=thedumpfile parfile=/path/to/parfile.par

Numbered dumpfile %U


impdp DIRECTORY=dmpdir dumpfile=thedumpfile_%U parfile=/path/to/parfile.par

PS: Oracle introduced a default directory from 10g R2, called DATA_PUMP_DIR, that can be used:

SQL> SELECT directory_path FROM dba_directories WHERE directory_name = 'DATA_PUMP_DIR';

DIRECTORY_PATH
--------------------------------------------------------------------------------
/app/oracle/product/10.2.0/rdbms/log/

VMWare Tools installation in VMWare Fusion Oracle Linux on Mac OS X

Leave a reply

VMWare Tools installation on VMWare Fusion OEL 6.5 VM.

VMWare Tools helps you copy and paste between Host and Guest.
It also makes Host shares available to Guest.

As root.

Make sure kernel stuff is available.
This is required for host shares to work.

yum -y install kernel-uek-headers-`uname -r`
yum -y install kernel-uek-devel-`uname -r`

VMWare Tools CD probably automounted in /media

 
cd /media
ls
VMware Tools

Copy VMWare Tools

mount -t iso9660 /dev/cdrom /mnt/cdrom 
cp /mnt/cdrom/VMwareTools-9.6.2-1688356.tar.gz .
gunzip VMwareTools-9.6.2-1688356.tar.gz
tar xvf VMwareTools-9.6.2-1688356.tar

Run install script (Perl)

cd vmware-tools-distrib/
perl vmware-install.pl

Make Host share available in VMWare Fusion -> Settings -> Shares.

Restart Guest

shutdown -r now

Loaded plugins: refresh-packagekit, security
Setting up Install Process
Package kernel-uek-headers-3.8.13-26.2.3.el6uek.x86_64 already installed and latest version
Nothing to do



[root@surabaya vmware-tools-distrib]# yum -y install kernel-uek-devel-`uname -r`

Loaded plugins: refresh-packagekit, security

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package kernel-uek-devel.x86_64 0:3.8.13-26.2.3.el6uek will be installed

--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================

Package                           Arch                    Version                                Repository                                Size

=================================================================================================================================================

Installing:

kernel-uek-devel                  x86_64                  3.8.13-26.2.3.el6uek                   public_ol6_UEKR3_latest                  8.9 M
Transaction Summary

=================================================================================================================================================

Install       1 Package(s)
Total download size: 8.9 M

Installed size: 32 M

Downloading Packages:

kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64.rpm                                                                          | 8.9 MB     00:01

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64                                                                                  1/1

Verifying  : kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64                                                                                  1/1
Installed:

kernel-uek-devel.x86_64 0:3.8.13-26.2.3.el6uek
Complete!

[root@surabaya vmware-tools-distrib]# perl vmware-install.pl

A previous installation of VMware Tools has been detected.
The previous installation was made by the tar installer (version 4).
Keeping the tar4 installer database format.
You have a version of VMware Tools installed.  Continuing this install will

first uninstall the currently installed version.  Do you wish to continue?

(yes/no) [yes] yes
Uninstalling the tar installation of VMware Tools.
Stopping services for VMware Tools
Stopping VMware Tools services in the virtual machine:

Guest operating system daemon:                          [  OK  ]

VMware User Agent (vmware-user):                        [  OK  ]

Blocking file system:                                   [  OK  ]

Unmounting HGFS shares:                                 [  OK  ]

Guest filesystem driver:                                [  OK  ]
Stopping Thinprint services in the virtual machine:

Stopping Virtual Printing daemon:                                   done
File /etc/pulse/default.pa is backed up to /etc/pulse/default.pa.old.0.
The removal of VMware Tools 9.6.2 build-1688356 for Linux completed

successfully.
Installing VMware Tools.
In which directory do you want to install the binary files?

[/usr/bin]
What is the directory that contains the init directories (rc0.d/ to rc6.d/)?

[/etc/rc.d]
What is the directory that contains the init scripts?

[/etc/rc.d/init.d]
In which directory do you want to install the daemon files?

[/usr/sbin]
In which directory do you want to install the library files?

[/usr/lib/vmware-tools]
The path "/usr/lib/vmware-tools" does not exist currently. This program is

going to create it, including needed parent directories. Is this what you want?

[yes]
In which directory do you want to install the documentation files?

[/usr/share/doc/vmware-tools]
The path "/usr/share/doc/vmware-tools" does not exist currently. This program

is going to create it, including needed parent directories. Is this what you

want? [yes]
The installation of VMware Tools 9.6.2 build-1688356 for Linux completed

successfully. You can decide to remove this software from your system at any

time by invoking the following command: "/usr/bin/vmware-uninstall-tools.pl".
Before running VMware Tools for the first time, you need to configure it by

invoking the following command: "/usr/bin/vmware-config-tools.pl". Do you want

this program to invoke the command for you now? [yes]
Initializing...
Making sure services for VMware Tools are stopped.
Stopping Thinprint services in the virtual machine:

Stopping Virtual Printing daemon:                                   done

Stopping VMware Tools services in the virtual machine:

Guest operating system daemon:                          [  OK  ]

VMware User Agent (vmware-user):                        [  OK  ]

Blocking file system:                                   [  OK  ]

Unmounting HGFS shares:                                 [  OK  ]

Guest filesystem driver:                                [  OK  ]
The module vmci has already been installed on this system by another installer

or package and will not be modified by this installer.
The module vsock has already been installed on this system by another installer

or package and will not be modified by this installer.
The module vmxnet3 has already been installed on this system by another

installer or package and will not be modified by this installer.
Use the flag --clobber-kernel-modules=vmxnet3 to override.
The module pvscsi has already been installed on this system by another

installer or package and will not be modified by this installer.
Use the flag --clobber-kernel-modules=pvscsi to override.
The module vmmemctl has already been installed on this system by another

installer or package and will not be modified by this installer.
Use the flag --clobber-kernel-modules=vmmemctl to override.
The VMware Host-Guest Filesystem allows for shared folders between the host OS

and the guest OS in a Fusion or Workstation virtual environment.  Do you wish

to enable this feature? [yes]
Before you can compile modules, you need to have the following installed...
make

gcc

kernel headers of the running kernel
Searching for GCC...

Detected GCC binary at "/usr/bin/gcc".

The path "/usr/bin/gcc" appears to be a valid path to the gcc binary.

Would you like to change it? [no]
Searching for a valid kernel header path...

Detected the kernel headers at

"/lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include".

The path "/lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include" appears to be

a valid path to the 3.8.13-26.2.3.el6uek.x86_64 kernel headers.

Would you like to change it? [no]
Using 2.6.x kernel build system.

make: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt binnengegaan

/usr/bin/make -C /lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \

MODULEBUILDDIR= modules

make[1]: Map '/usr/src/kernels/3.8.13-26.2.3.el6uek.x86_64' wordt binnengegaan

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/backdoorGcc64.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/backdoor.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpName.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/bdhandler.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpNameLinux.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpNameLite.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/dentry.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/dir.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/file.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/filesystem.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/fsutil.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsBd.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsEscape.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsUtil.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/inode.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/link.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/message.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/page.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/module.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/request.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/rpcout.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/stubs.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/super.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/transport.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmci.o

CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/kernelStubsLinux.o

SDTSTB  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtstub.S

AS [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtstub.o

LD [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.o

Building modules, stage 2.

MODPOST 1 modules

SDTINF  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtinfo.c

CTF

CC      /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.mod.o

LD [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.ko

make[1]: Map '/usr/src/kernels/3.8.13-26.2.3.el6uek.x86_64' wordt verlaten

/usr/bin/make -C $PWD SRCROOT=$PWD/. \

MODULEBUILDDIR= postbuild

make[1]: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt binnengegaan

make[1]: 'postbuild' is bijgewerkt.

make[1]: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt verlaten

cp -f vmhgfs.ko ./../vmhgfs.o

make: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt verlaten
The vmxnet driver is no longer supported on kernels 3.3 and greater. Please

upgrade to a newer virtual NIC. (e.g., vmxnet3 or e1000e)
The vmblock enables dragging or copying files between host and guest in a

Fusion or Workstation virtual environment.  Do you wish to enable this feature?

[yes]
VMware automatic kernel modules enables automatic building and installation of

VMware kernel modules at boot that are not already present. This feature can be
enabled/disabled by re-running vmware-config-tools.pl.
Would you like to enable VMware automatic kernel modules?

[yes]
Thinprint provides driver-free printing. Do you wish to enable this feature?

[yes]
Disabling timer-based audio scheduling in pulseaudio.
Detected X server version 1.13.0
Distribution provided drivers for Xorg X server are used.
Skipping X configuration because X drivers are not included.
Creating a new initrd boot image for the kernel.

Starting Virtual Printing daemon:                                   done

Checking acpi hot plug                                  [  OK  ]

Starting VMware Tools services in the virtual machine:

Switching to guest configuration:                       [  OK  ]

VMware Automatic Kmods:                                 [  OK  ]

VM communication interface:                             [MISLUKT]

Guest filesystem driver:                                [  OK  ]

Mounting HGFS shares:                                   [  OK  ]

Blocking file system:                                   [  OK  ]

Guest operating system daemon:                          [  OK  ]

The configuration of VMware Tools 9.6.2 build-1688356 for Linux for this

running kernel completed successfully.
You must restart your X session before any mouse or graphics changes take

effect.
You can now run VMware Tools by invoking "/usr/bin/vmware-toolbox-cmd" from the

command line.
To enable advanced X features (e.g., guest resolution fit, drag and drop, and

file and text copy/paste), you will need to do one (or more) of the following:

1. Manually start /usr/bin/vmware-user

2. Log out and log back into your desktop session; and,

3. Restart your X session.
Enjoy,
--the VMware team
/sbin/restorecon:  Warning no default label for /tmp/vmware-block-restore0/tmp_file

[root@surabaya vmware-tools-distrib]#

Broadcast message from root@surabaya

(/dev/pts/0) at 7:11 ...
The system is going down for reboot NOW!

Connection to 192.168.178.49 closed by remote host.

Connection to 192.168.178.49 closed.

pdeneef@semarang:~#


		
		
			This entry was posted in Mac OS X, Oracle Enterprise Linux, VMWare on April 25, 2014 by admin.



	
				
			
						
				Security: fail2ban
			
										
					Leave a reply				

					


				
			Fail2ban is very useful application for you, if you are managing security of server, or you are running your own vps or physical server. Fail2ban scan log files created on system and has ability to ban ips which found malicious bassed on configuration rules. We can use it for monitoring various system services logs like Apache, SSH and blog the ips which are trying to breach the system’s security.
fail2ban-medium

Step 1: Install EPEL RPM Repository
CentOS/RHEL 6, 64 Bit x86_64):
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Fail2ban is available in EPEL repository, So make sure you have installed EPEL repository in your system or you can use these instructions to install it.

Step 2: Install Fail2ban Package
After installing required repository use yum package manager to install Fail2ban rpm package using following command.
# yum install fail2ban

Step 3: Setup Fail2ban Default Configuration
Fail2ban provides its own security configuration file /etc/fail2ban/jail.conf, but we need to create a copy of this file as jail.local.
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now we need to make necessory changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed, 
# so add your system ip to protect your ip from banned.
ignoreip = 127.0.0.1/8 192.168.1.0/24 11.22.33.44

# "bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below 
# settings, 2 minutes
findtime  = 120

# "maxretry" is the number of failures before a host get banned.
maxretry = 3 

Step 4: Protect SSH/SFTP

After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=22, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 3

Step 5: Protect FTP (vsFTPd) Server
Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.
[vsftpd-iptables]

enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=21, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800

Step 6: Restart Fail2ban Service
After making all the changes save your file and restart Fail2ban service using following command.
# service fail2ban restart
# chkconfig fail2ban on

Step 7: Protect WordPress
Install WP Fail2Ban plugin in WordPress.

On Centos 7 this write messages in /va/log/messages

/var/log/messages:Dec  4 03:04:12 one wordpress(site.com)[5728]: Authentication failure for  from 194.187.249.59

/var/log/messages:Dec  4 03:14:11 one wordpress(site.com)[1875]: Authentication failure for  from 93.115.7.70
Edit jail.local
[#Wordpress

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/messages
maxretry = 1
port = http,https

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/messages
maxretry = 3
port = http,https


Monitoring:

# iptables -L | grep unreachable
REJECT     all  --  219.111-30-62.static.virginmediabusiness.co.uk  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  219.111-30-62.static.virginmediabusiness.co.uk  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  218.92.1.144         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  203.160.174.214      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  175.6.5.52           anywhere             reject-with icmp-port-unreachable

# tail /var/log/fail2ban.log
2018-12-04 05:42:59,787 fail2ban.jail           [20403]: INFO    Jail 'postfix-sasl' started
2018-12-04 05:42:59,792 fail2ban.jail           [20403]: INFO    Jail 'wordpress-hard' started
2018-12-04 05:42:59,799 fail2ban.jail           [20403]: INFO    Jail 'wordpress-soft' started
2018-12-04 05:43:01,282 fail2ban.actions        [20403]: NOTICE  [dovecot] Ban 62.30.111.219
2018-12-04 05:43:01,408 fail2ban.actions        [20403]: NOTICE  [postfix-sasl] Ban 62.30.111.219
2018-12-04 05:43:01,664 fail2ban.actions        [20403]: NOTICE  [sshd] Ban 203.160.174.214
2018-12-04 05:43:02,332 fail2ban.actions        [20403]: NOTICE  [sshd] Ban 218.92.1.144
2018-12-04 05:43:02,570 fail2ban.actions        [20403]: NOTICE  [sshd] 175.6.5.52 already banned
2018-12-04 05:43:38,287 fail2ban.filter         [20403]: INFO    [dovecot] Found 185.234.219.254
2018-12-04 05:43:42,130 fail2ban.filter         [20403]: INFO    [postfix-sasl] Found 185.234.219.254

					

		
		
			This entry was posted in Oracle Enterprise Linux, Security on April 9, 2014 by admin.								

	


	
				
			
						
				Linux Samba Configuration
			
										
					Leave a reply				

					


				
			http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
Installation
The Samba service is installed from a Yum repository using the following command.

# yum install samba

Turn on the Samba server and make sure it starts automatically on reboot.

# service smb start
# chkconfig smb on

Samba is configured by altering the contents of the “/etc/samba/smb.conf” and “/etc/samba/smbusers” files. Configuration changes have to be followed by a reload or a restart of the smb service.
 
Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggest opening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the following additions to the INPUT chain.

# Open ports for SAMBA.
iptables -A INPUT -p tcp --dport 135 -j ACCEPT
iptables -A INPUT -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -p tcp --dport 445 -j ACCEPT

SELinux
Install SELinux tools

# yum provides /usr/sbin/semanage
# yum -y install policycoreutils-python

If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getsebool command.

# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
#

The setsebool command is used to set a specific boolean value.

# setsebool use_samba_home_dirs on
# setsebool use_samba_home_dirs off

The samba_share_t context should be assigned to all content.

# semanage fcontext -a -t samba_share_t "/u01(/.*)?"
# restorecon -F -R -v /u01

You can check the current context setting on files and directories using the “ls -alZ” command.
More information on SELinux can be found here.
Create Network Shares for Group Collaboration
This section describes the steps necessary to create Samba shares suitable for group collaboration.
Create a group that will act as the owner of the shared files.

# groupadd developers

Create some users that are assigned to the “developers” group.

# useradd dev1 -G developers
# passwd dev1 # password set to dev1

# id dev1
uid=501(dev1) gid=504(dev1) groups=504(dev1),506(developers)
#

# useradd dev2 -G developers
# passwd dev2 # password set to dev2

# id dev2
uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers)
#

Set the Samba password for the users.

# smbpasswd -a dev1
New SMB password:
Retype new SMB password:
Added user dev1.
#

# smbpasswd -a dev2
New SMB password:
Retype new SMB password:
Added user dev2.
#

Create a directory to own the shared files, making sure its group is set correctly. The permissions are set to “g+rwx” (0770), since the group is the defining factor in accessing data in this directory.

# mkdir /developers_dir
# chgrp developers /developers_dir
# chmod g+s /developers_dir
# chmod -R 770 /developers_dir

Add the following share into the “/etc/samba/smb.conf” file. Notice the 0770 permissions again, so users don’t accidentally create files that can’t be amended by other members of the group.
 
Create Network Shares
Shares are created by editing the “/etc/samba/smb.conf” file. In RHEL5 and Fedora distributions you can use a GUI tool called system-config-samba, but this has been removed from RHEL6.
The “/etc/samba/smb.conf” file contains an example share definition towards the bottom of the file. The “;” characters are comments.
[benkel]
path = /media/benkel
force group = benkel
valid users = @benkel
create mask = 0775
force create mode = 660
write list = @benkel
browseable = yes
hosts allow 192.168.178.*
Mount from Mac OS X
cd /Users/userdir/
mkdir -p mountpoint
mount -t smbfs //smbuser:smbpass@smbhost/benkel /Users/userdir/mountpoint
Permanent Mount from Mac OS X
Create a Permanent SMB Mount in OSX (Updated)

					

		
		
			This entry was posted in Mac OS X, Oracle Enterprise Linux, Uncategorized on March 27, 2014 by admin.								

	


	
				
			
						
				Apache (13)Permission denied:
			
										
					Leave a reply				

					


				
			SE Linux issue
#setenforce Permissive
#systiem-config-selinux
(13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed
This error is not really about file permissions or anything like that. What it actually means is that httpd has been denied permission to connect to that IP address and port.
The most common cause of this is SELinux not permitting httpd to make network connections.
To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also want to restart httpd to reset the proxy worker, although this isn’t strictly required.
# setsebool -P httpd_can_network_connect 1
For more information on how SELinux can affect httpd, read the httpd_selinux man page. 
					

		
		
			This entry was posted in Apache, Fedora 18, Oracle Enterprise Linux on March 13, 2014 by admin.								

	

			
				Post navigation
				← Older posts