$ telnet localhost 25
ehlo
mail from: a@b.com
rcpt to: me@mydomain.com
250 2.1.5 Ok
data
.
Subject: SMTP testing
Greetings from me
.
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ telnet localhost 25
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
That means the server is not running, which you can confirm with Netstat:
# netstat -pant|grep :25
If it returns nothing, your SMTP server is not running
Friday, November 13, 2009
Tuesday, October 27, 2009
How to kill remote session via command line
C:\Documents and Settings\datagram>qwinsta /server:10.10.10.x
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console 0 Conn wdcon
rdp-tcp 65536 Listen rdpwd
rdp-tcp#4 datagram 1 Active rdpwd
administrator 2 Disc rdpwd
C:\Documents and Settings\datagram>rwinsta rdp-tcp#4 /server:10.10.10.x
Monday, October 26, 2009
Remotely Start/Stop windows services
Two ways.
1. sc \\"+MachineName+ start+ServiceName
2.
1. sc \\"+MachineName+ start+ServiceName
2.
- To start a service, type:
net startservice - To stop a service, type:
net stopservice
Sunday, October 25, 2009
Error: Service 'RemoteRegistry' failed to reach status 'Stopped' on this server.
When installing exchange 2007 sp2
In the services manager set Remote Registry to "Disabled" then reboot.
When the workstation has restarted open the services manager and set it to "auto" or "manual" then try the install again.
In the services manager set Remote Registry to "Disabled" then reboot.
When the workstation has restarted open the services manager and set it to "auto" or "manual" then try the install again.
Saturday, October 24, 2009
attempting to load a 64-bit application however this cpu is not compatible with 64-bit mode
Solution to this problem.
1. Check your server BIOS settings and enable Virtualization.
****** YOU HAVE TO SHUT DOWN YOUR SERVER AND PLUG OUT THE POWER CORD FOR AT LEAST 2 MINUTES TO MAKE THIS SETTING EFFECTIVE.
1. Check your server BIOS settings and enable Virtualization.
****** YOU HAVE TO SHUT DOWN YOUR SERVER AND PLUG OUT THE POWER CORD FOR AT LEAST 2 MINUTES TO MAKE THIS SETTING EFFECTIVE.
2.There is no 64bit support for VMI. VMI is not compatible with 64bit guests.
You must disable VMI to power on this 64bit guest operating systems.
To disable VMI:
- Choose the virtual machine in VMware Infrastructure Client.
- Click Edit Settings > Options > Advanced.
- Deselect Paravirtualization.
Tuesday, October 20, 2009
IP/Port Blocking
Q. All machines with IP range 10.10.10.x should have access to Port 80 on
(Machine 10.10.10.xx). and rest all should be blocked.
Ans.
Via IPTABLES
iptables -A INPUT -s 10.10.10.0/24 -p tcp --destination-port 80 -j
ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -j DROP
Via Hosts
in hosts.allow
80: 10.10.10.0/24
in hosts.deny
80: ALL
(Machine 10.10.10.xx). and rest all should be blocked.
Ans.
Via IPTABLES
iptables -A INPUT -s 10.10.10.0/24 -p tcp --destination-port 80 -j
ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -j DROP
Via Hosts
in hosts.allow
80: 10.10.10.0/24
in hosts.deny
80: ALL
Wednesday, October 14, 2009
Count Disk Space
To show the size of all sub directories of a specific directorydu -sh /home/*du /path/to/dir --max-depth=1 | sort -nr
To show all the 1 level sub directories sizedu -shdf -h /path/to/dir
du -sh *To show the size of specific directorydu -sh /home
Wednesday, September 23, 2009
sudo: sorry, you must have a tty to run sudo
1. visudo
2. comment out # Defaults requiretty
3. it is always better that you block this for a particular user e.g
4.Defaults:backupuser !requiretty
here is the man page for quick reference
http://www.linuxmanpages.com/man5/sudoers.5.php#lbAM
2. comment out # Defaults requiretty
3. it is always better that you block this for a particular user e.g
4.Defaults:backupuser !requiretty
here is the man page for quick reference
http://www.linuxmanpages.com/man5/sudoers.5.php#lbAM
Monday, August 17, 2009
How to use "noatime" option in linux ext3 filesystem for better performance of I/O
use the 'noatime' option:
- Edit the file '/etc/fstab'
- Add the option 'noatime', separated with a comma, to the fourth field of every disk based filesystem entry
- Save the file and reboot (or remount all the filesystems corresponding to the modified entries (using the command: mount -o remount
))
Most Linux desktop and server is hurt by a noticeable IO performance slowdown due
to the constant atime updates, while there's just two or three real users of it:
tmpwatch [which can be configured to use ctime so it's not a big issue]
and some backup tools.
and mail-notify.
Example
proc /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/md0 /boot ext3 defaults 0 0
/dev/md1 none swap sw 0 0
/dev/md2 / ext3 defaults,noatime 0 0
Also in addition to this
if you put your swap partition at the beginning of the drive it will give some improvement.
The beginning of the drive is physically located on the outer portion of the cylinder, and the read/write head can cover
much more ground per revolution.
You can check that with /sbin/hdparm -t /dev/sda1 or sda2 etc etc command.
Tuesday, August 11, 2009
DoS-denial attacks
How to Prevent it in linux
Add these lines to the end of /etc/rc.d/rc.local
######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
##### End
Add these lines to the end of /etc/rc.d/rc.local
######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
##### End
VISUDO
1. Add a user
#useradd -g users admin
#passwd admin
2. #visudo
here insert the below line in the end.
admin ALL=(ALL) NOPASSWD: ALL
with NOPASSWD it will not prompt for admin users password
Now if you want to give permissions to just few services instead of full privilege
1. #visudo
2. admin ALL=(root) NOPASSWD: /etc/init.d/postgresql
Save and Exit as :wq
now
# sudo /etc/init.d/postgresql start
will start the postgresql service without asking your password.
Now if you want to prohibit a users for accessing few services say shell, su,passwd or visudo
admin ALL = ALL, !SHELLS, !SU, !PASSWD, !VISUDO
#useradd -g users admin
#passwd admin
2. #visudo
here insert the below line in the end.
admin ALL=(ALL) NOPASSWD: ALL
with NOPASSWD it will not prompt for admin users password
Now if you want to give permissions to just few services instead of full privilege
1. #visudo
2. admin ALL=(root) NOPASSWD: /etc/init.d/postgresql
Save and Exit as :wq
now
# sudo /etc/init.d/postgresql start
will start the postgresql service without asking your password.
Now if you want to prohibit a users for accessing few services say shell, su,passwd or visudo
admin ALL = ALL, !SHELLS, !SU, !PASSWD, !VISUDO
Monday, August 3, 2009
Folder Access outside document root in apache
Say you have a folder with name "web" under /home
Give permission to that folder with the Apache user and group and under httpd.conf file add the below lines.
“Directories need to be executable by the Apache user, so that Apache can get listings of the files in the directory, and display the documents located in that directory”
Alias /web /home/web
Directory "/home/web">
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
AllowOverride None
Allow from all
Order allow,deny
/Directory>
Give permission to that folder with the Apache user and group and under httpd.conf file add the below lines.
“Directories need to be executable by the Apache user, so that Apache can get listings of the files in the directory, and display the documents located in that directory”
Alias /web /home/web
Directory "/home/web">
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
AllowOverride None
Allow from all
Order allow,deny
/Directory>
Thursday, June 11, 2009
restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
How to fix this.
(1) rm /etc/sysconfig/networking/profiles/default/resolv.conf
(2) restorcon /etc/resolv.conf
(3) ln -s /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf
Actually this is a bug in policycoreutils package and now have been Fixed in policycoreutils-2.0.57-16
https://bugzilla.redhat.com/show_bug.cgi?id=483371
(1) rm /etc/sysconfig/networking/profiles/default/resolv.conf
(2) restorcon /etc/resolv.conf
(3) ln -s /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf
Actually this is a bug in policycoreutils package and now have been Fixed in policycoreutils-2.0.57-16
https://bugzilla.redhat.com/show_bug.cgi?id=483371
Wednesday, June 10, 2009
How to Start Fedora Directory Server Manually
Go to /opt/fedora-ds
1.[root@vfds fedora-ds]# slapd-vfds/start-slapd
2./start-admin
3./startconsole
give userName and Password here....
1.[root@vfds fedora-ds]# slapd-vfds/start-slapd
2./start-admin
3./startconsole
give userName and Password here....
Tuesday, June 9, 2009
How to Install VMware-Tools on CentOS 5.3
1. Open the VMware Console
2.Click on VM
3.Select "Install VMware Tools"
4.This will mount the VMware tools to the CD-ROM automatically
5. run "rpm -ivh VMwareTools-6.x.x-xxxx.i386.rpm"
6. Run this script "vmware-config-tools.pl"
7.reboot the machine
2.Click on VM
3.Select "Install VMware Tools"
4.This will mount the VMware tools to the CD-ROM automatically
5. run "rpm -ivh VMwareTools-6.x.x-xxxx.i386.rpm"
6. Run this script "vmware-config-tools.pl"
7.reboot the machine
Tuesday, June 2, 2009
VMWARE PART -2 : VIRTAUL NETWORKING
• ESX Server Networking
• Virtual Switches
• Virtual Switches and VLANS
• NETWORKING Tools
How virtual machines communicate with rest of the appliance in network.
Why we need virtual networking
==> Each device requires a NIC, this NIC allow a device to communicate with rest of the devices in the network. With the introduction of virtualization in Vmware we have one big host which is physical device and several machines running on that physical host . And in a traditional sense you would need a NIC card for every virtual machine to allow connectivity to rest of the network , and it does not make sense to make 20-30 nic cards for virtual machines and this is where the concept of virtual switch comes into play.
A virtual switch mimics a physical switch except it is a software based and it will have ports in it and these ports can be added or deleted. You can have upto 1016 ports on a virtual switch.
The idea here is to connect one or more physical nic cards to this virtual switch, the virtual switch is server by one or more physical nic cards.
So we connect the VM machines nic with the virtual switch ports and virtual switch gives the connectivity to the outside world via physical NIC.
In the above scenario both vm are connected with the virtual switch and VS is not connected with any physical NIC. So they can talk to each other only and this is perfect for testing only.
Next Scenario
One virtual switch with one physical nic.
As we gave physical connectivity so you can do traffic shaping.
Another scenario
Advantage is redundancy as you have multiple nic card.
One more scenario
NETWORK CONNECTIONS:
There are 3 types of port configuration that can we done on a virtual switch
• Service console
• Vmkernel : vmotion,iscsi, nfs/nas
• Virtual machines
On the same virtual switch you can have one or more port types ,
You can have virtual switch that supports port for the service console and also for vm for example or each virtual switch can have its own port types so all the ports on this virtual switch will only support virtual machines or service console or vmkernel.
Rolling Failover
No:= in the event that a physical nic card goes down and another nic card takes over its place continues production, after the failed nic card comes back online if this setting is sets to NO then the failed nic card that just came online will tackle the existing nic card will take its place and return to the servicing production.
If it is set to
YES: then the failed nic card remains offline even after it recovers from the failure that it experience and it will not take over the currently active nic card until the event another failure happens.
Network Failover Detection:-
Link state only--> if the failure is from switch end then the esx server will not able to know that
Becon Probing--> it will notify the esx that link from switch is down
NETWORKING TOOLS
• Service network restart ---when you want to change the ip address of service console
• Ifconfig --
• Findnic -- able to map the way esx server labels the vm nic to the actual physical nic.
• Mii-tool -- used to configure or modify nic settings from command line stand point from vm
• Virtual Switches
• Virtual Switches and VLANS
• NETWORKING Tools
How virtual machines communicate with rest of the appliance in network.
Why we need virtual networking
==> Each device requires a NIC, this NIC allow a device to communicate with rest of the devices in the network. With the introduction of virtualization in Vmware we have one big host which is physical device and several machines running on that physical host . And in a traditional sense you would need a NIC card for every virtual machine to allow connectivity to rest of the network , and it does not make sense to make 20-30 nic cards for virtual machines and this is where the concept of virtual switch comes into play.
A virtual switch mimics a physical switch except it is a software based and it will have ports in it and these ports can be added or deleted. You can have upto 1016 ports on a virtual switch.
The idea here is to connect one or more physical nic cards to this virtual switch, the virtual switch is server by one or more physical nic cards.
So we connect the VM machines nic with the virtual switch ports and virtual switch gives the connectivity to the outside world via physical NIC.
In the above scenario both vm are connected with the virtual switch and VS is not connected with any physical NIC. So they can talk to each other only and this is perfect for testing only.
Next Scenario
One virtual switch with one physical nic.
As we gave physical connectivity so you can do traffic shaping.
Another scenario
Advantage is redundancy as you have multiple nic card.
One more scenario
NETWORK CONNECTIONS:
There are 3 types of port configuration that can we done on a virtual switch
• Service console
• Vmkernel : vmotion,iscsi, nfs/nas
• Virtual machines
On the same virtual switch you can have one or more port types ,
You can have virtual switch that supports port for the service console and also for vm for example or each virtual switch can have its own port types so all the ports on this virtual switch will only support virtual machines or service console or vmkernel.
Rolling Failover
No:= in the event that a physical nic card goes down and another nic card takes over its place continues production, after the failed nic card comes back online if this setting is sets to NO then the failed nic card that just came online will tackle the existing nic card will take its place and return to the servicing production.
If it is set to
YES: then the failed nic card remains offline even after it recovers from the failure that it experience and it will not take over the currently active nic card until the event another failure happens.
Network Failover Detection:-
Link state only--> if the failure is from switch end then the esx server will not able to know that
Becon Probing--> it will notify the esx that link from switch is down
NETWORKING TOOLS
• Service network restart ---when you want to change the ip address of service console
• Ifconfig --
• Findnic -- able to map the way esx server labels the vm nic to the actual physical nic.
• Mii-tool -- used to configure or modify nic settings from command line stand point from vm
Monday, April 20, 2009
Virtualization – Where, When, Why - Part 1
- Make efficient use of hardware
- Consolidation of servers
- Consolidation of desktops
Testing /QA and Development Environment
- Network isolation
- Snapshots
- Fast OS/Application Deployment
Disaster Recovery
- Hardware independence
IT Administration
- Make life easier of a system administrator
- Faster OS deployment
- Faster Server Replacement
- Less hardware maintenance
Tuesday, April 14, 2009
Monitoring and system information under Linux
tail –f /var/log/messages
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy
uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy
uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system
Checking Disk Space in Linux
• ls –lSr [ it will Show files by size, biggest last ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]
Monday, April 13, 2009
RAID Concept
Raid Concept
1. Stripping
2. Mirroring
3. Parity
Stripping à process of breaking down data into pieces and distributing it across multiple disks that support a logical volume
- Better I/O performance
Mirroring -à process of writing the same data, to another “member” of the same volume simultaneously.
- Provides protection
Parity -à is the term for error checking.
Levels of RAID
RAID is s method of logically joining of two or more disks
RAID 0 : This level of RAID is a ‘normal’ file system with stripping, in which data loss is imminent with any disk failure.
- This gives good read/write performance but no recoverability.
- Minimum number of disks #2
RAID 1: Provides mirroring and hence full data redundancy.
- Mirroring, Recoverability, require write performance
- Minimum number of disks #2
RAID 5: Most common RAID implementation. Data redundancy is provided via parity calculations, but parity is stored along with the data.
- Recoverability, require read performance
- Minimum number of disks #3
Sync two servers
Let’s call the 2 servers ‘SOURCESERVER’ and ‘DESTSERVER’ for
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)
Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Part 2 - Creating the rsync script
Now for the rsync script.
I use a simple script such as the following
——————————————-
#!/bin/bash
SOURCEPATH=’/source/directory’
DESTPATH=’/destination’
DESTHOST=’123.123.123.123′
DESTUSER=’destuser’
LOGFILE=’rsync.log’
echo $’\n\n’ >> $LOGFILE
rsync -av –rsh=ssh $SOURCEPATH $DESTUSER@$DESTHOST:$DESTPATH 2>&1 >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
——————————————-
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘rsync.sh’
Set the permissions on the file to 700.
# chmod 700 rsync.sh
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.
Part 3 - Setting up the cron job
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
——————————————-
# Run my rsync script once every hour
0 * * * * /path/to/rsync.sh
——————————————-
Your 2 servers should now be syncing the chosen directory once every hour.
Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)
Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Part 2 - Creating the rsync script
Now for the rsync script.
I use a simple script such as the following
——————————————-
#!/bin/bash
SOURCEPATH=’/source/directory’
DESTPATH=’/destination’
DESTHOST=’123.123.123.123′
DESTUSER=’destuser’
LOGFILE=’rsync.log’
echo $’\n\n’ >> $LOGFILE
rsync -av –rsh=ssh $SOURCEPATH $DESTUSER@$DESTHOST:$DESTPATH 2>&1 >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
——————————————-
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘rsync.sh’
Set the permissions on the file to 700.
# chmod 700 rsync.sh
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.
Part 3 - Setting up the cron job
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
——————————————-
# Run my rsync script once every hour
0 * * * * /path/to/rsync.sh
——————————————-
Your 2 servers should now be syncing the chosen directory once every hour.
Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.
Sunday, April 12, 2009
Microsoft's free XP, Office 2003 support ends April 14
If you have a Software Assurance licensing contract with Microsoft, you can buy paid support.
Windows XP SP2: Service pack will be retired on July 13, 2010.
Windows XP SP3: Service pack due to be retired two years after SP4 (if there is one) releases or in April 2014, whichever comes first.
Windows Vista Business: Free support ends on April 10, 2012; paid support ends on April 11, 2017.
Windows Vista SP1: Service pack will be retired two years after the release of SP2 (which is expected in April 2009), so likely in April 2011 (?).
Office 2003 SP3: Service pack will be retired one year after SP4 (if there is one, which is doubtful) is released or in August 2014, whichever comes first.
Office 2007: Free support ends on April 10, 2012; paid support ends on April 11, 2017.
Office 2007 SP1: Service pack will be retired a year after SP2 debuts, so likely in April 2010 (?).
Windows Server 2008: Free support ends September 7, 2013; paid support ends October 7, 2018.
Subscribe to:
Posts (Atom)