Sunday, June 16, 2013

LUN Scaning Script for RHEL 5.X

Step 1 : Run the below script to scan the LUN,

#!/bin/bash
#
# Lun Scanning script
# Works on RHEL 5.X
#
for i in `ls /sys/class/fc_host`
do
echo "1" > /sys/class/fc_host/$i/issue_lip
echo "- - -" > /sys/class/scsi_host/$i/scan
done


Step 2 : Check Lun Visibility in Server

# fdisk -l
Posted by at No comments:
Labels: ,

Tuesday, June 4, 2013

INODE Explained


INODE – Index Node (Also called as Index Number) is the basic and fundamental concept in Linux filesystem.

Each file in Linux has following attributes,
  • File type (executable, block special or character special etc)
  • Permissions (read, write, execute)
  • Owner
  • Group
  • File Size
  • File access, change and modification time
  • File deletion time
  • Number of links (soft/hard)
  • Extended attribute (Like no one can delete/append only..)
  • Access Control List (ACLs)

All the above information is stored in inode & every file has unique inode value in filesystem which identifies the file attributes.

We can get the inode value by ls & stat command


Note :
Remember that Linux never stores the file creation time.


Posted by at No comments:
Labels: ,

Monday, June 3, 2013

How to Create and Install an Apache Self Signed Certificate


Below steps is for creating and installing apache self signed certificate in RHEL 6.2

 Step 1 : Generate Key

[root@mail ]# cd /etc/ssl/certs/
[root@mail certs]# openssl genrsa -des3 -out new.key 2048
Generating RSA private key, 2048 bit long modulus
.........................................................................................................+++
...............................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for new.key:
Verifying - Enter pass phrase for new.key:
[root@mail certs]#


Step 2 : Removing passphrase from key (This step is optional, by this step we can avoid giving password every time we start apache service - httpd)

[root@mail certs]# cp new.key new.key_org
[root@mail certs]#
[root@mail certs]# openssl rsa -in new.key -out new.key
Enter pass phrase for new.key:
writing RSA key
[root@mail certs]# ll new.key
-rw-r--r-- 1 root root 1679 May 22 12:13 new.key
[root@mail certs]#

Step 3 : Generate a Certificate Signing Request (CSR)

[root@mail certs]# openssl req -new -key new.key -out webmail.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Tamil Nadu
Locality Name (eg, city) [Default City]:Madurai
Organization Name (eg, company) [Default Company Ltd]:Lynx Corp
Organizational Unit Name (eg, section) []:Leo
Common Name (eg, your name or your server's hostname) []:mail.isvivek.com
Email Address []:isvivek@isvivek.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mail certs]#


Step 4 :  Generate a self signed ssl certificate

[root@mail certs]# openssl x509 -req -days 365 -in webmail.csr -signkey new.key -out webmail.cert
Signature ok
subject=/C=IN/ST=Tamil Nadu/L=Madurai/O=Lynx Corp/OU=Leo/CN=mail.isvivek.com/emailAddress=isvivek@isvivek.com
Getting Private key
[root@mail certs]#


Step 5 : Installing generated ceritificate

[root@mail certs]# vim /etc/httpd/conf.d/ssl.conf

--->>Update it as follows

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

--->> Update VirtualHost as follows:


    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/webmail/webmail.cert
    SSLCertificateKeyFile /etc/ssl/certs/webmail/new.key
    SSLProtocol All -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
    DocumentRoot "/var/www/html/ssl"
    ServerName mail.isvivek.com:443


[root@mail certs]#  mkdir -p /var/www/html/ssl
[root@mail certs]#  chown apache /var/www/html/ssl

[root@mail certs]# vim /etc/httpd/conf/httpd.conf

--->>Update it as follows


         SSLRequireSSL
         SSLOptions +StrictRequire
         SSLRequire %{HTTP_HOST} eq "mail.isvivek.com"
         ErrorDocument 403 https://mail.isvivek.com/sslerror.html



[root@mail certs]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                             [  OK  ]
[root@mail certs]#

Step 6 :  Verify the details from by browsing the URL,




Posted by at No comments:
Labels: , , ,

Pseudo Terminals Limits

"/proc/sys/kernel/pty/max" file defines the maximum number of pseudoterminals,

[root@mail ~]# cat /proc/sys/kernel/pty/max
4096
[root@mail ~]#


"/proc/sys/kernel/pty/nr" is read-only file indicates how many pseudoterminals are currently in use

[root@mail ~]# cat /proc/sys/kernel/pty/nr
4
[root@mail ~]#

To limit or increase the Pseudo Terminals Permanently, 

# vim /etc/sysctl.conf

kernel.pty.max = 1024

#  sysctl -p

After the pty limits you will get below error if you try to open new session,



Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)