Archive for the ‘Mẹo vặt của hiếu râu’ Category

2
Jan

PAM on Slackware

   Posted by: admin

mount -o loop slackware1337.iso /mnt

installpkg /a/ap/l/d/n/*.txz

cd /mnt/extra/source/pam

./pam.SlackBuild

installpkg /tmp/pam-1.1.3-x86_64-1.txz

——————-

cp -R /mnt/source/a/shadow /tmp/shadow

cd /tmp/shadow

edit shadow.SlackBuild

insert “read -p ‘Modify code now. Enter when complete…’” before ./configure

./shadow.SlackBuild

When asked for Modify code, open new ssh session, modify code on /tmp/shadow-4.1.4.3/libmisc/chkname.c

save / close ssh session

press Enter on other ssh session

removepkg shadow

installpkg /tmp/shadow-4.1.4.3-x86_64.txz

cd /etc/pam.d

root@slax:/etc/pam.d# cat login

#%PAM-1.0

auth            include         common-auth

account         include         common-account

password        include         common-password

session         include         common-session

root@slax:/etc/pam.d# cat common-auth

auth            sufficient      pam_unix.so

auth            required        pam_deny.so

root@slax:/etc/pam.d# cat common-account

account         sufficient      pam_unix.so

account         required        pam_permit.so

root@slax:/etc/pam.d# cat common-password

password        sufficient      pam_unix.so

password        required        pam_deny.so

root@slax:/etc/pam.d# cat common-session

session         sufficient      pam_mkhomedir.so skel=/etc/skel umask=0022

session         sufficient      pam_unix.so

session         required        pam_deny.so

root@slax:/etc/pam.d#login

edit /etc/login.defs , comment (#) out warnings

root@slax:/etc/pam.d# cat sshd

#%PAM-1.0

auth       required     pam_google_authenticator.so try_first_pass forward_pass secret=${HOME}/otp/.google_authenticator

auth            required      pam_unix.so use_first_pass

#auth            include         common-auth

account         include         common-account

password        include         common-password

session         include         common-session

root@slax:/etc/pam.d# cat su

#%PAM-1.0

auth            sufficient      pam_rootok.so

auth            include         common-auth

account         include         common-account

password        include         common-password

session         include         common-session

root@slax:/etc/pam.d# cat passwd

#%PAM-1.0

auth            include         common-auth

account         include         common-account

password        include         common-password

session         include         common-session

root@slax:/etc/pam.d# cat useradd

#%PAM-1.0

auth            sufficient      pam_rootok.so

account         required        pam_permit.so

password        include         common-password

———————-

open-ssh, edit slackBuid, replace –without-pam with –with-pam, edit sshd_config , UsePAM yes

# cat /etc/pam.d/sshd

#%PAM-1.0

auth       sufficient   pam_radius_auth.so

account    required     pam_unix.so

account    required     pam_permit.so

password   sufficient   pam_unix.so

password   required     pam_deny.so

session    sufficient   pam_unix.so

session    required     pam_deny.so

slackware 14.1 http://www.slackware.com/~vbatts/pam/
24
Dec

mysql master master replication

   Posted by: admin

MySQL Master-Master replication:
Master-1 IP: 0.0.0.1
Master-2 IP: 0.0.0.2

Master-1 my.cnf configuration:

log-bin

log_warnings

log_slow_queries = /var/lib/mysql/slow.log

long_query_time = 5

tmpdir = /tmp

server-id = 1

auto_increment_increment = 2

auto_increment_offset = 1

relay-log = mysql-relay-bin

Master-2 my.cnf configuration:

log-bin

log_warnings

log_slow_queries = /var/lib/mysql/slow.log

long_query_time = 5

tmpdir = /tmp

server-id = 2

auto_increment_increment = 2

auto_increment_offset = 2

relay-log = mysql-relay-bin

Replication procedure:

1st setup Master1 as Master and Master2 as slave for Master-1:

Follow below steps:
On Master-1:

Step 1: mysql> grant replication slave on *.* to ‘replicationuser1′@’0.0.0.2′ identified by ‘password’;

Step 2: mysql> show master status;
It shows file name and position, Use these records on Master-2 to run it as slave for Master-1.

Step 3: Now log on to master-2 and run the below query:

CHANGE MASTER TO MASTER_HOST=’0.0.0.1′, MASTER_USER=’replicationuser1′,MASTER_PASSWORD=’password’, MASTER_LOG_FILE=’mysql-bin.000017′,MASTER_LOG_POS=751;

Step 4: start slave
Step 5: show slave status \G

On this status, the following 2 records should be as follows
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

These 2 records indicates Replication status. If these parameters show “Yes” that means replication is running successfully.

Setup Master2 as Master and Master1 as slave for Master-2:

On Master-2 server:

Step 1: mysql> grant replication slave on *.* to ‘replicationuser2′@’0.0.0.1′ identified by ‘password’;

Step 2: mysql> show master status;

Step 3: Now log on to master-1 and run the below query:
CHANGE MASTER TO MASTER_HOST=’0.0.0.2′, MASTER_USER=’replicationuser2′,MASTER_PASSWORD=’password’, MASTER_LOG_FILE=’mysql-bin.000002′,MASTER_LOG_POS=536;
Step 4: start slave
Step 5: show slave status \G

The following parameters should show “Yes”, so that replication is running successfully

Slave_IO_Running: Yes
Slave_SQL_Running: Yes

On both servers “slave_IO_Running” and “slave_SQL_Running” parameters should always be “Yes” for successful Master-Master Replication.

http://rajesh9333.wordpress.com/2013/09/12/mysql-master-master-replication-on-redhat-and-centos-servers/

[root@api01 ~]# cat /etc/snmp/mysql.sh

#!/bin/bash

if [ "$1" == "processlist" ]; then

echo -n “0″

echo “select count(id) from information_schema.processlist;” | mysql –defaults-extra-file=/root/my.key | tail -n 1

exit

fi

echo “update SYNC.SYNC set Dt=NOW() where id=1;” | mysql –defaults-extra-file=/root/my.key > /dev/null 2>&1

echo “show slave status\G;” | mysql –defaults-extra-file=/root/my.key | grep Read_Master | awk ‘{print 0$2}’

create database SYNC;

create table SYNC (id int, dt datetime);

exec mysqlslave /etc/snmp/mysql.sh

exec mysqlprocess /etc/snmp/mysql.sh processlist

===== mysql 8.x

root@mysql02:~# while true; do if [[ $(mysql -e "SHOW SLAVE STATUS\G" | grep "Last_SQL_Error:" | grep -c "test.sync") -gt 0 ]]; then mysql -e “STOP SLAVE; SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1; START SLAVE;”; else break; fi; sleep 1; done

====

24
Dec

recover mysql master slave replication

   Posted by: admin

This is the full step-by-step procedure to resync a master-slave replication from scratch:

At the master:

RESET MASTER;
FLUSH TABLES WITH READ LOCK;
SHOW MASTER STATUS;

And copy the values of the result of the last command somewhere.

Wihtout closing the connection to the client (because it would release the read lock) issue the command to get a dump of the master:

mysqldump -uroot -p --all-databases > /a/path/mysqldump.sql

Now you can release the lock, even if the dump hasn’t end. To do it perform the following command in the mysql client:

UNLOCK TABLES;

Now copy the dump file to the slave using scp or your preferred tool.

At the slave:

Open a connection to mysql and type:

STOP SLAVE;

Load master’s data dump with this console command:

mysql -uroot -p < mysqldump.sql

Sync slave and master logs:

RESET SLAVE;
CHANGE MASTER TO MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=98;

Where the values of the above fields are the ones you copied before.

Finally type

START SLAVE;

And to check that everything is working again, if you type

SHOW SLAVE STATUS;

you should see:

Slave_IO_Running: Yes
Slave_SQL_Running: Yes

That’s it!

http://stackoverflow.com/questions/2366018/how-to-re-sync-the-mysql-db-if-master-and-slave-have-different-database-incase-o

17
Dec

Linux Disk Monitoring - SMARTCTL

   Posted by: admin

#lspci

01:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)

01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)

02:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)

02:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)

03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05)

08:03.0 VGA compatible controller: Matrox Electronics Systems Ltd. MGA G200eW WPCM450 (rev 0a)

#smartctl -d megaraid,0 -a /dev/sda
#smartctl -d megaraid,2 -a /dev/sda
#smartctl -d megaraid,3 -a /dev/sda
Vendor:               SEAGATE
Product:              ST3146855SS
Revision:             0002
User Capacity:        146,815,737,856 bytes [146 GB]
Logical block size:   512 bytes
Logical Unit id:      0×5000c50002fc27b3
Serial number:        3LN2T8WQ000098183TGT
Device type:          disk
Transport protocol:   SAS
Local Time is:        Tue Dec 17 09:27:58 2013 ICT
Device supports SMART and is Enabled
Temperature Warning Enabled
SMART Health Status: OK
Current Drive Temperature:     37 C
Drive Trip Temperature:        68 C
———————-
google MegaCLI linux IBM Support download
;
#rpm -ivh Lib_Utils-1.00-09.noarch.rpm
#rpm -e srvadmin-storelib-sysfs
#rpm -ivh MegaCli-8.04.10-1.noarch.rpm
#cd /opt/MegaRAID/MegaCli/
———————
follow this script
#./megalsi.sh status
Adapter 0 — Virtual Drive Information:
Virtual Drive: 0 (Target Id: 0)
Name                :
RAID Level          : Primary-5, Secondary-0, RAID Level Qualifier-3
Size                : 272.25 GB
Parity Size         : 136.125 GB
State               : Optimal
Strip Size          : 64 KB
Number Of Drives    : 3
Span Depth          : 1
—————-
# ./megalsi.sh drives
Slot Number: 0 - Online, Spun Up
Slot Number: 1 - Online, Spun Up
Slot Number: 2 - Online, Spun Up
Slot Number: 3 - Hotspare, Spun Up
16
Dec

sshd 5 on Centos 5

   Posted by: admin

# yum install gcc
# yum install openssl-devel
# yum install pam-devel
# yum install rpm-build

http://vault.centos.org download the source package

mc src.rpm -> containIO -> F5 the source .tar.bz2

tar -jxvf openssh-5.3p1-noacss.tar.bz2

cd openssh-5.3p1

# cp contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp ../openssh-5.3p1-noacss.tar.bz2 /usr/src/redhat/SOURCES/openssh-5.3p1.tar.bz2
# cd /usr/src/redhat/SPECS
# perl -i.bak -pe ’s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec
# rpmbuild -bb openssh.spec
# cd /usr/src/redhat/RPMS/

rpm -Uvh openssh-*.rpm ; chu y, co the die service sshd

/usr/sbin/sshd -p 443

16
Dec

sudoers

   Posted by: admin

# %wheel        ALL=(ALL)       NOPASSWD: ALL

thttpd  ALL=(ALL)    NOPASSWD: /bin/ls, /bin/w, /bin/whoami

Defaults:thttpd        !requiretty

14
Dec

VNC linux

   Posted by: admin

yum install vnc-server

vi /etc/sysconfig/vncservers

VNCSERVERS=”2:root”

#VNCSERVERARGS[2]=”-geometry 1080×720″

VNCSERVERARGS[2]=”-geometry 1280×960″

# -nolisten tcp -nohttpd -localhost”

————-
mkdir /root/.vnc
cd /root/.vnc
vncpasswd
vi xtartup
yum install gnome-session
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#setroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
#twm &
gnome-wm &
7
Dec

vmstat - Linux IO monitoring

   Posted by: admin

[root@proxy4 ~]# vmstat 2

procs ———–memory———- —swap– —–io—- –system– —–cpu—–

r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st

0  0   2568 154420 163468 1357600    0    0     0    36    1   10  1  0 97  1  0

0  0   2568 154420 163468 1357600    0    0     0    28   59   97  1  0 99  0  0

2  0   2568 153464 163468 1357600    0    0     0    54  112  183  4  1 95  0  0

0  0   2568 153416 163468 1357600    0    0     0     0   80  107  2  1 97  0  0

------------SSH-----------
# yum install pam-devel make gcc-c++ wget
https://google-authenticator.googlecode.com
# tar -jxvf libpam-google-authenticator-1.0-source.tar.bz2
# cd libpam-google-authenticator-1.0
# make
# make install
# google-authenticator
Open the PAM configuration file ‘/etc/pam.d/sshd‘ and add the to the top .
auth       required     pam_google_authenticator.so

Open file ‘/etc/ssh/sshd_config

ChallengeResponseAuthentication yes
restart sshd-> done
----------------vsftpd use password as PIN+OTP--------------------
auth       required     pam_google_authenticator.so try_first_pass forward_pass
https://github.com/chregu/GoogleAuthenticator.php/blob/master/example.php

——————- sFTP ——————

Subsystem     sftp   internal-sftp
Match Group sftpgroup
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no
—–
%h = HOME_DIR 755 root:root,
mkdir public_html, chown user:sftpgroup public_html
usermod -g sftpgroup user
mkdir otp; chown user
mv .google_au* otp
/etc/pam.d/sshd
auth required pam_google_authenticator.so \
try_first_pass forward_pass \
secret=${HOME}/otp/.google_authenticator

————— Apache ——————-

svn checkout http://google-authenticator-apache-module.googlecode.com/svn/trunk/ google-authenticator-apache-module-read-only
make; make install
Loadmodule authn_google_module modules/mod_authn_google.so
.htaccess
AuthType Basic
AuthName "BasicAuth with OTP"
AuthBasicProvider "google_authenticator"
Require valid-user
GoogleAuthUserPath /home/www/xxx/otp/site
GoogleAuthCookieLife 3600
GoogleAuthEntryWindow 4
--file /home/www/xxx/otp/site/username--
ZZZAAAOTPPINCODEAAAZZZ
"PASSWORD=mySecret
------
auth with username, password = mySecret+OTP

11
Jan

iscsi multipath

   Posted by: admin

change some settings in /etc/iscsi/iscsid.conf:

node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 10
node.session.timeo.replacement_timeout = 15

/etc/init.d/iscsi start

iscsiadm -m iface -I iface0 –op=new
iscsiadm -m iface -I iface1 –op=new
iscsiadm -m iface -I iface0 –op=update -n iface.hwaddress -v 00:11:22:33:44:55
iscsiadm -m iface -I iface1 –op=update -n iface.hwaddress -v 66:77:88:99:AA:BB

iscsiadm -m discovery -t st -p 10.X.X.X
iscsiadm -m node –loginall=all
iscsiadm -m session

The configuration file (/etc/multipath.conf) is set up by default

devnode_blacklist {
  devnode "^sda$"
  devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
  devnode "^hd[a-z]"
  devnode "^cciss!c[0-9]d[0-9]*"
}
multipaths {
  multipath {
    #get wwid by #multipath -ll
    wwid 360a9800043336a414c3a3954725a7869
    alias  my-lun0
  }

}
devices {
  device {
    vendor  "NETAPP"
    product  "LUN"
    path_grouping_policy  group_by_prio
    getuid_callout  "/sbin/scsi_id -g -u -s /block/%n"
    #prio_callout  "/opt/netapp/santools/mpath_prio_ontap /dev/%n"
    features  "1 queue_if_no_path"
    path_checker  readsector0
    failback  immediate
  }
}

/etc/init.d/multipathd start

multipath -ll
restart multipathd
restart iscsi
fdisk /dev/mpath/my-lun0
mkfs.ext3 /dev/mpath/my-lun0p1
mount /dev/mpath/my-lun0p1 /mnt