Archive for the ‘RedHat’ Category

During some recent server patches on Red Hat Enterprise Linux 5.3, I kept getting ‘depsolve’ errors on several packages. This was odd, as I had not made any changes to anything, installed anything new, or removed anything.

Turns out this is a known bug in 5.3, and luckily, the solution is simple:

$> yum clean all

Run that, and it refreshes your local repository. The next time you go to update packages your server will refresh everything with the Red Hat respository, and all will be good!

Have you ever been in a rush or just had a complete brain freeze with your MySQL passwords?

Well…..I have. 

——————————-

Step # 1 : Stop mysql service

SHELL> /etc/init.d/mysql stop

——————————-

Step # 2: Start to MySQL server w/o password:

SHELL> mysqld_safe --skip-grant-tables &

——————————-

Step # 3: Connect to mysql server using mysql client and setup the new root password:

SHELL> mysql -u root

mysql> use mysql;
mysql> update user set password=PASSWORD("$PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

——————————-

Step #4: Stop and Restart MySQL Server: (try your new $PASSWORD)

SHELL> /etc/init.d/mysql stop
SHELL> /etc/init.d/mysql start
SHELL> mysql -u root -p

——————————-

Note: There are other ways to reset the password, but I like this one.

Over the past few years several people on the VMware communities forums have released patches to fix the vmware modules for the next “fresh” release of the Linux Kernel / Distro. I’ve used them in the past with much success, but I generally like waiting for the official VMware support. However, I’m pretty excited about Fedora 11 (just to many new goodies not to play) and I noticed there’s a new updated patch for 2.6.29 and even 2.6.30 Kernels!

VMware Workstation 6.5.2 module patches/discussion: 2.6.29

VMware Workstation 6.5.2 module patches/discussion: 2.6.30

Sun has official Fedora 11 support (and now 2.6.31) with VirtualBox: VirtualBox 3.0.0 (if that’s your cup of tea)

Note: Obviously Fedora is the test bed for the QEMU/KVM merger so you can go that route as well, but I love VMware. ;0)
Here is a great article to get you moving on the QEMU/KVM way of life: Clik Me

HTH

Starting in Fedora 10 (but disabled by default) Red Hat Fedora started providing the KMS Framework.

Fedora – KMS page: Click Me

X.Org – KMS page :  Click Me

Now if you’ve upgraded/installed the new Fedora 11 (or even Ubuntu 9.x etc.) KMS is enabled by default and you may have noticed there are new/still some regressions in the kernel and certain Intel and ATI cards may have issues.

If you’re having some crazy issues, fear not, you may have an answer here.

Intel Video Issues: Click Me

Ati/AMD Video Issues: Click Me

Note: This isn’t Fedora specific, you may have noticed you cant even enable desktop effects in Ubuntu 9.0.4 under certain cards (without de-blacklisting)

This is just the natural progression of trying to make things better and part of the growing pains that going with non-enterprise distros of Linux can give it’s users……but end the end, it will be worth it.

HTH.

If you are a conscientious system administrator, you like to keep tabs on your server by checking root’s email at least once a day, correct?  If you manage more than one server, or get tired of having to log in to check your mail, you can redirect where email for the root user gets sent.

I ran into problems on Red Hat Enterprise 5.2 doing this, so I thought I’d post the resolution here.

Read the rest of this entry »

This applies to RedHat Enterprise 4 & 5, and by association to Fedora and CentOS.  It probably works on some other distros as well, but your mileage may vary.

I am constantly having to reset user passwords, as I use the “three failures and your account is locked” schema, as well as set passwords to expire every 60 days. Read the rest of this entry »

I hardly ever trust the coupon sites floating around on the net, but I figured what they hey, it can’t hurt to try one.

I’ve really been wanting a Dell Latitude D630 series (yeah it’s an older model, on the 800 bus etc.) but, it IS the perfect laptop when looking to run 100% of any version of Linux and works with all the major “Security Tool” CD’s.  ;0) Read the rest of this entry »

Just in case the article dissapears (it happens). This is a edited version of the following.
“How do I rescan the SCSI bus to add or remove a SCSI device without rebooting the computer?”

To add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running system: Read the rest of this entry »

Q. What is SWAT?
A. It’s the “Samba Web Administration Tool”

Q. What can I use it for?
A. (shrug )Maybe to quickly setup a SAMBA server etc. from following my previous howto.
A2. It does have some good info even if you don’t use it for your SMB configuration.

We all know it’s best to use the command line interface (CLI) when learning something,
and most GUI tools don’t give you all the options anyway. However, it’s nice to have a GUI tool when you’re in a rush or you just want to try something new without digging for hours.

This article assumes you have already installed SAMBA.  See my previous article if you haven’t.

According to the SWAT docs, it will overwrite you current SMB.conf,
so you may want to backup your current one first.

# Backup the current smb.conf
sudo cp --preserve=context /etc/samba/smb.conf /etc/samba/smb.conf.pre-swat

# Install the SWAT tool
sudo yum install -y samba-swat

# Set the service to launch and start it up
sudo vi /etc/xinetd.d/swat (change the disable from yes to no)
sudo /sbin/service xinetd restart

# Browse to

http://localhost:901/

* Addtional Info:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html

Q. What is SAMBA?
A. “Samba is a Free Open Source Software suite that provides seamless file and print services to SMB/CIFS clients.”

Q. Where is SAMBA’s home?
A. http://www.samba.org

Q. Why did you bother writing this?
A. Several reasons, mostly to help myself and others.

Note: You may want to copy/paste this into a txt file for easier reading.

---------------------------------------------
This “entry level” guide will show you how to configure SAMBA in order to let users
browse their home folders under Linux via Windows.

Please note: I write these guides under RHEL/CentOS. However, they should work under any distribution. You still may need to tweak things a little. ;0)

I’m also assuming you have sudo rights. You shouldn’t work from root!

---------------------------------------------
If you’ve installed the default settings for SELinux, it will be in “Enforcing” mode.

# To check your SELinux status. (1 = Enforcing, 0 = Permissive)

shell> /usr/sbin/getenforce

# If you wish to change the state from Enforcing to Permissive temporarily

shell> sudo /usr/sbin/setenforce 0

If you wish to change it permanently between reboots, alter the /etc/selinux/config file to say Permissive
If you wish to keep using SELinux, I’ll provide the extra step to work with this guide,
other wise just ignore the SELinux “setsebool” command.

NOTE: Review the /etc/samba/smb.conf for addtional SELinux settings.
---------------------------------------------
# Install the SAMBA server.

shell> sudo yum install samba

# Add a user for testing the SMB/CIFS Shared Home directory.

shell> sudo /sbin/useradd sambatest
shell> sudo passwd sambatest

# Configure the user “sambatest” smb password.

shell> sudo smbpasswd -a sambatest

# Backup the /etc/samba/smb.conf file prior to any changes.
# Edit the smb.conf file and set your “workgroup” / “netbios name” if needed.

shell> cd /etc/samba
shell> sudo cp --preserve=context smb.conf smb.conf.org
shell> sudo vim smb.conf

workgroup = workgroup (this is Windows default group)
netbios name = CENTOS (don’t forget to uncomment this line)

# Set the SMB daemon to start on boot up. (for levels 2345)

 shell> sudo /sbin/chkconfig smd on

# Start the SAMBA daemon.

 shell> sudo /sbin/service smb start

# OPTIONAL (if using SELinux)

shell> sudo /usr/sbin/setsebool -P samba_enable_home_dirs on

---------------------------------------------
# You’ll want to edit your iptables/firewall rules to allow connections.
# I would recommend locking this down to local network hosts etc.
# I’ll assume your trusted hosts are on a 192.168.1.0/24 network.

shell> cd /etc/sysconfig
shell> sudo cp --preserve=context iptables iptables.org
shell> sudo vim iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT

---------------------------------------------
# From Windows, browse your “workgroup” network and you should now see “CENTOS”
# Simply log in with the account/smbpasswd you’ve created.

---------------------------------------------
Additional Info:

* Official Samba 3.2.x HOWTO and Reference – http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/

* SELinux Guide – http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/
Copying / Moving files and retaining SELinux Contexts – See section “5.10. Maintaining SELinux Labels ”

* Dan Walsh’s SAMBA / SELinux info – http://danwalsh.livejournal.com/14195.html

* IPTables
- https://help.ubuntu.com/community/IptablesHowTo
- http://fedorasolved.org/Members/kanarip/iptables-howto