When installing exchange 2007 sp2
In the services manager set Remote Registry to "Disabled" then reboot.
When the workstation has restarted open the services manager and set it to "auto" or "manual" then try the install again.
Sunday, October 25, 2009
Saturday, October 24, 2009
attempting to load a 64-bit application however this cpu is not compatible with 64-bit mode
Solution to this problem.
1. Check your server BIOS settings and enable Virtualization.
****** YOU HAVE TO SHUT DOWN YOUR SERVER AND PLUG OUT THE POWER CORD FOR AT LEAST 2 MINUTES TO MAKE THIS SETTING EFFECTIVE.
1. Check your server BIOS settings and enable Virtualization.
****** YOU HAVE TO SHUT DOWN YOUR SERVER AND PLUG OUT THE POWER CORD FOR AT LEAST 2 MINUTES TO MAKE THIS SETTING EFFECTIVE.
2.There is no 64bit support for VMI. VMI is not compatible with 64bit guests.
You must disable VMI to power on this 64bit guest operating systems.
To disable VMI:
- Choose the virtual machine in VMware Infrastructure Client.
- Click Edit Settings > Options > Advanced.
- Deselect Paravirtualization.
Tuesday, October 20, 2009
IP/Port Blocking
Q. All machines with IP range 10.10.10.x should have access to Port 80 on
(Machine 10.10.10.xx). and rest all should be blocked.
Ans.
Via IPTABLES
iptables -A INPUT -s 10.10.10.0/24 -p tcp --destination-port 80 -j
ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -j DROP
Via Hosts
in hosts.allow
80: 10.10.10.0/24
in hosts.deny
80: ALL
(Machine 10.10.10.xx). and rest all should be blocked.
Ans.
Via IPTABLES
iptables -A INPUT -s 10.10.10.0/24 -p tcp --destination-port 80 -j
ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -j DROP
Via Hosts
in hosts.allow
80: 10.10.10.0/24
in hosts.deny
80: ALL
Wednesday, October 14, 2009
Count Disk Space
To show the size of all sub directories of a specific directorydu -sh /home/*du /path/to/dir --max-depth=1 | sort -nr
To show all the 1 level sub directories sizedu -shdf -h /path/to/dir
du -sh *To show the size of specific directorydu -sh /home
Wednesday, September 23, 2009
sudo: sorry, you must have a tty to run sudo
1. visudo
2. comment out # Defaults requiretty
3. it is always better that you block this for a particular user e.g
4.Defaults:backupuser !requiretty
here is the man page for quick reference
http://www.linuxmanpages.com/man5/sudoers.5.php#lbAM
2. comment out # Defaults requiretty
3. it is always better that you block this for a particular user e.g
4.Defaults:backupuser !requiretty
here is the man page for quick reference
http://www.linuxmanpages.com/man5/sudoers.5.php#lbAM
Monday, August 17, 2009
How to use "noatime" option in linux ext3 filesystem for better performance of I/O
use the 'noatime' option:
- Edit the file '/etc/fstab'
- Add the option 'noatime', separated with a comma, to the fourth field of every disk based filesystem entry
- Save the file and reboot (or remount all the filesystems corresponding to the modified entries (using the command: mount -o remount
))
Most Linux desktop and server is hurt by a noticeable IO performance slowdown due
to the constant atime updates, while there's just two or three real users of it:
tmpwatch [which can be configured to use ctime so it's not a big issue]
and some backup tools.
and mail-notify.
Example
proc /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/md0 /boot ext3 defaults 0 0
/dev/md1 none swap sw 0 0
/dev/md2 / ext3 defaults,noatime 0 0
Also in addition to this
if you put your swap partition at the beginning of the drive it will give some improvement.
The beginning of the drive is physically located on the outer portion of the cylinder, and the read/write head can cover
much more ground per revolution.
You can check that with /sbin/hdparm -t /dev/sda1 or sda2 etc etc command.
Tuesday, August 11, 2009
DoS-denial attacks
How to Prevent it in linux
Add these lines to the end of /etc/rc.d/rc.local
######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
##### End
Add these lines to the end of /etc/rc.d/rc.local
######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
##### End
VISUDO
1. Add a user
#useradd -g users admin
#passwd admin
2. #visudo
here insert the below line in the end.
admin ALL=(ALL) NOPASSWD: ALL
with NOPASSWD it will not prompt for admin users password
Now if you want to give permissions to just few services instead of full privilege
1. #visudo
2. admin ALL=(root) NOPASSWD: /etc/init.d/postgresql
Save and Exit as :wq
now
# sudo /etc/init.d/postgresql start
will start the postgresql service without asking your password.
Now if you want to prohibit a users for accessing few services say shell, su,passwd or visudo
admin ALL = ALL, !SHELLS, !SU, !PASSWD, !VISUDO
#useradd -g users admin
#passwd admin
2. #visudo
here insert the below line in the end.
admin ALL=(ALL) NOPASSWD: ALL
with NOPASSWD it will not prompt for admin users password
Now if you want to give permissions to just few services instead of full privilege
1. #visudo
2. admin ALL=(root) NOPASSWD: /etc/init.d/postgresql
Save and Exit as :wq
now
# sudo /etc/init.d/postgresql start
will start the postgresql service without asking your password.
Now if you want to prohibit a users for accessing few services say shell, su,passwd or visudo
admin ALL = ALL, !SHELLS, !SU, !PASSWD, !VISUDO
Monday, August 3, 2009
Folder Access outside document root in apache
Say you have a folder with name "web" under /home
Give permission to that folder with the Apache user and group and under httpd.conf file add the below lines.
“Directories need to be executable by the Apache user, so that Apache can get listings of the files in the directory, and display the documents located in that directory”
Alias /web /home/web
Directory "/home/web">
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
AllowOverride None
Allow from all
Order allow,deny
/Directory>
Give permission to that folder with the Apache user and group and under httpd.conf file add the below lines.
“Directories need to be executable by the Apache user, so that Apache can get listings of the files in the directory, and display the documents located in that directory”
Alias /web /home/web
Directory "/home/web">
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
AllowOverride None
Allow from all
Order allow,deny
/Directory>
Thursday, June 11, 2009
restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
How to fix this.
(1) rm /etc/sysconfig/networking/profiles/default/resolv.conf
(2) restorcon /etc/resolv.conf
(3) ln -s /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf
Actually this is a bug in policycoreutils package and now have been Fixed in policycoreutils-2.0.57-16
https://bugzilla.redhat.com/show_bug.cgi?id=483371
(1) rm /etc/sysconfig/networking/profiles/default/resolv.conf
(2) restorcon /etc/resolv.conf
(3) ln -s /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf
Actually this is a bug in policycoreutils package and now have been Fixed in policycoreutils-2.0.57-16
https://bugzilla.redhat.com/show_bug.cgi?id=483371
Wednesday, June 10, 2009
How to Start Fedora Directory Server Manually
Go to /opt/fedora-ds
1.[root@vfds fedora-ds]# slapd-vfds/start-slapd
2./start-admin
3./startconsole
give userName and Password here....
1.[root@vfds fedora-ds]# slapd-vfds/start-slapd
2./start-admin
3./startconsole
give userName and Password here....
Tuesday, June 9, 2009
How to Install VMware-Tools on CentOS 5.3
1. Open the VMware Console
2.Click on VM
3.Select "Install VMware Tools"
4.This will mount the VMware tools to the CD-ROM automatically
5. run "rpm -ivh VMwareTools-6.x.x-xxxx.i386.rpm"
6. Run this script "vmware-config-tools.pl"
7.reboot the machine
2.Click on VM
3.Select "Install VMware Tools"
4.This will mount the VMware tools to the CD-ROM automatically
5. run "rpm -ivh VMwareTools-6.x.x-xxxx.i386.rpm"
6. Run this script "vmware-config-tools.pl"
7.reboot the machine
Tuesday, June 2, 2009
VMWARE PART -2 : VIRTAUL NETWORKING
• ESX Server Networking
• Virtual Switches
• Virtual Switches and VLANS
• NETWORKING Tools
How virtual machines communicate with rest of the appliance in network.
Why we need virtual networking
==> Each device requires a NIC, this NIC allow a device to communicate with rest of the devices in the network. With the introduction of virtualization in Vmware we have one big host which is physical device and several machines running on that physical host . And in a traditional sense you would need a NIC card for every virtual machine to allow connectivity to rest of the network , and it does not make sense to make 20-30 nic cards for virtual machines and this is where the concept of virtual switch comes into play.
A virtual switch mimics a physical switch except it is a software based and it will have ports in it and these ports can be added or deleted. You can have upto 1016 ports on a virtual switch.
The idea here is to connect one or more physical nic cards to this virtual switch, the virtual switch is server by one or more physical nic cards.
So we connect the VM machines nic with the virtual switch ports and virtual switch gives the connectivity to the outside world via physical NIC.
In the above scenario both vm are connected with the virtual switch and VS is not connected with any physical NIC. So they can talk to each other only and this is perfect for testing only.
Next Scenario
One virtual switch with one physical nic.
As we gave physical connectivity so you can do traffic shaping.
Another scenario
Advantage is redundancy as you have multiple nic card.
One more scenario
NETWORK CONNECTIONS:
There are 3 types of port configuration that can we done on a virtual switch
• Service console
• Vmkernel : vmotion,iscsi, nfs/nas
• Virtual machines
On the same virtual switch you can have one or more port types ,
You can have virtual switch that supports port for the service console and also for vm for example or each virtual switch can have its own port types so all the ports on this virtual switch will only support virtual machines or service console or vmkernel.
Rolling Failover
No:= in the event that a physical nic card goes down and another nic card takes over its place continues production, after the failed nic card comes back online if this setting is sets to NO then the failed nic card that just came online will tackle the existing nic card will take its place and return to the servicing production.
If it is set to
YES: then the failed nic card remains offline even after it recovers from the failure that it experience and it will not take over the currently active nic card until the event another failure happens.
Network Failover Detection:-
Link state only--> if the failure is from switch end then the esx server will not able to know that
Becon Probing--> it will notify the esx that link from switch is down
NETWORKING TOOLS
• Service network restart ---when you want to change the ip address of service console
• Ifconfig --
• Findnic -- able to map the way esx server labels the vm nic to the actual physical nic.
• Mii-tool -- used to configure or modify nic settings from command line stand point from vm
• Virtual Switches
• Virtual Switches and VLANS
• NETWORKING Tools
How virtual machines communicate with rest of the appliance in network.
Why we need virtual networking
==> Each device requires a NIC, this NIC allow a device to communicate with rest of the devices in the network. With the introduction of virtualization in Vmware we have one big host which is physical device and several machines running on that physical host . And in a traditional sense you would need a NIC card for every virtual machine to allow connectivity to rest of the network , and it does not make sense to make 20-30 nic cards for virtual machines and this is where the concept of virtual switch comes into play.
A virtual switch mimics a physical switch except it is a software based and it will have ports in it and these ports can be added or deleted. You can have upto 1016 ports on a virtual switch.
The idea here is to connect one or more physical nic cards to this virtual switch, the virtual switch is server by one or more physical nic cards.
So we connect the VM machines nic with the virtual switch ports and virtual switch gives the connectivity to the outside world via physical NIC.
In the above scenario both vm are connected with the virtual switch and VS is not connected with any physical NIC. So they can talk to each other only and this is perfect for testing only.
Next Scenario
One virtual switch with one physical nic.
As we gave physical connectivity so you can do traffic shaping.
Another scenario
Advantage is redundancy as you have multiple nic card.
One more scenario
NETWORK CONNECTIONS:
There are 3 types of port configuration that can we done on a virtual switch
• Service console
• Vmkernel : vmotion,iscsi, nfs/nas
• Virtual machines
On the same virtual switch you can have one or more port types ,
You can have virtual switch that supports port for the service console and also for vm for example or each virtual switch can have its own port types so all the ports on this virtual switch will only support virtual machines or service console or vmkernel.
Rolling Failover
No:= in the event that a physical nic card goes down and another nic card takes over its place continues production, after the failed nic card comes back online if this setting is sets to NO then the failed nic card that just came online will tackle the existing nic card will take its place and return to the servicing production.
If it is set to
YES: then the failed nic card remains offline even after it recovers from the failure that it experience and it will not take over the currently active nic card until the event another failure happens.
Network Failover Detection:-
Link state only--> if the failure is from switch end then the esx server will not able to know that
Becon Probing--> it will notify the esx that link from switch is down
NETWORKING TOOLS
• Service network restart ---when you want to change the ip address of service console
• Ifconfig --
• Findnic -- able to map the way esx server labels the vm nic to the actual physical nic.
• Mii-tool -- used to configure or modify nic settings from command line stand point from vm
Monday, April 20, 2009
Virtualization – Where, When, Why - Part 1
- Make efficient use of hardware
- Consolidation of servers
- Consolidation of desktops
Testing /QA and Development Environment
- Network isolation
- Snapshots
- Fast OS/Application Deployment
Disaster Recovery
- Hardware independence
IT Administration
- Make life easier of a system administrator
- Faster OS deployment
- Faster Server Replacement
- Less hardware maintenance
Tuesday, April 14, 2009
Monitoring and system information under Linux
tail –f /var/log/messages
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy
uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy
uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system
Checking Disk Space in Linux
• ls –lSr [ it will Show files by size, biggest last ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]
Monday, April 13, 2009
RAID Concept
Raid Concept
1. Stripping
2. Mirroring
3. Parity
Stripping à process of breaking down data into pieces and distributing it across multiple disks that support a logical volume
- Better I/O performance
Mirroring -Ã process of writing the same data, to another “member” of the same volume simultaneously.
- Provides protection
Parity -Ã is the term for error checking.
Levels of RAID
RAID is s method of logically joining of two or more disks
RAID 0 : This level of RAID is a ‘normal’ file system with stripping, in which data loss is imminent with any disk failure.
- This gives good read/write performance but no recoverability.
- Minimum number of disks #2
RAID 1: Provides mirroring and hence full data redundancy.
- Mirroring, Recoverability, require write performance
- Minimum number of disks #2
RAID 5: Most common RAID implementation. Data redundancy is provided via parity calculations, but parity is stored along with the data.
- Recoverability, require read performance
- Minimum number of disks #3
Sync two servers
Let’s call the 2 servers ‘SOURCESERVER’ and ‘DESTSERVER’ for
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)
Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Part 2 - Creating the rsync script
Now for the rsync script.
I use a simple script such as the following
——————————————-
#!/bin/bash
SOURCEPATH=’/source/directory’
DESTPATH=’/destination’
DESTHOST=’123.123.123.123′
DESTUSER=’destuser’
LOGFILE=’rsync.log’
echo $’\n\n’ >> $LOGFILE
rsync -av –rsh=ssh $SOURCEPATH $DESTUSER@$DESTHOST:$DESTPATH 2>&1 >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
——————————————-
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘rsync.sh’
Set the permissions on the file to 700.
# chmod 700 rsync.sh
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.
Part 3 - Setting up the cron job
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
——————————————-
# Run my rsync script once every hour
0 * * * * /path/to/rsync.sh
——————————————-
Your 2 servers should now be syncing the chosen directory once every hour.
Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)
Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Part 2 - Creating the rsync script
Now for the rsync script.
I use a simple script such as the following
——————————————-
#!/bin/bash
SOURCEPATH=’/source/directory’
DESTPATH=’/destination’
DESTHOST=’123.123.123.123′
DESTUSER=’destuser’
LOGFILE=’rsync.log’
echo $’\n\n’ >> $LOGFILE
rsync -av –rsh=ssh $SOURCEPATH $DESTUSER@$DESTHOST:$DESTPATH 2>&1 >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
——————————————-
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘rsync.sh’
Set the permissions on the file to 700.
# chmod 700 rsync.sh
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.
Part 3 - Setting up the cron job
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
——————————————-
# Run my rsync script once every hour
0 * * * * /path/to/rsync.sh
——————————————-
Your 2 servers should now be syncing the chosen directory once every hour.
Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.
Sunday, April 12, 2009
Microsoft's free XP, Office 2003 support ends April 14
If you have a Software Assurance licensing contract with Microsoft, you can buy paid support.
Windows XP SP2: Service pack will be retired on July 13, 2010.
Windows XP SP3: Service pack due to be retired two years after SP4 (if there is one) releases or in April 2014, whichever comes first.
Windows Vista Business: Free support ends on April 10, 2012; paid support ends on April 11, 2017.
Windows Vista SP1: Service pack will be retired two years after the release of SP2 (which is expected in April 2009), so likely in April 2011 (?).
Office 2003 SP3: Service pack will be retired one year after SP4 (if there is one, which is doubtful) is released or in August 2014, whichever comes first.
Office 2007: Free support ends on April 10, 2012; paid support ends on April 11, 2017.
Office 2007 SP1: Service pack will be retired a year after SP2 debuts, so likely in April 2010 (?).
Windows Server 2008: Free support ends September 7, 2013; paid support ends October 7, 2018.
Wednesday, April 8, 2009
Conficker Preparations Tips
1. Patch all our computers with MS08-067
2. Get your AV updated with latest signature and make sure that all your PC's are getting updates from your AV server or directly.
3. Configure a full scan every night and make a list of infected nods for rebooting and in some cases send immediately for rebuilding
4. Get your SNORT systems up to date and blocking any RPC ,SMB 445 139 anomaly .
5. Gave a Nessus Scan to your LAN
6. make the folder: %windir%\Tasks - READ ONLY (for variant .b)
7. Disable auto run for all devices in GPO and apply the 967715 fix on your PC's.
8. use the removal tool from BitDefender (http://www.bdtools.net/)
2. Get your AV updated with latest signature and make sure that all your PC's are getting updates from your AV server or directly.
3. Configure a full scan every night and make a list of infected nods for rebooting and in some cases send immediately for rebuilding
4. Get your SNORT systems up to date and blocking any RPC ,SMB 445 139 anomaly .
5. Gave a Nessus Scan to your LAN
6. make the folder: %windir%\Tasks - READ ONLY (for variant .b)
7. Disable auto run for all devices in GPO and apply the 967715 fix on your PC's.
8. use the removal tool from BitDefender (http://www.bdtools.net/)
Tuesday, April 7, 2009
Tips for Hardening a System
# Keep track with the latest vulnerabilities and patch your system
# Be aware about the services running and disable unneded services and ports
# Protect running services with tcp_wrappers if possible
# On the Internet, use only secure services
# Protect running network services with netfilter firewall
# Verify open ports and firewall rules with port scans
# Protect sensitieve data exchange over the internet with encryption
# On multi-user systems, protect access to user accounts (password hashes), set correct permissions on home directories, set disk quotas, establish user policies regarding passwords, applications, data, etc.
# Be aware about the services running and disable unneded services and ports
# Protect running services with tcp_wrappers if possible
# On the Internet, use only secure services
# Protect running network services with netfilter firewall
# Verify open ports and firewall rules with port scans
# Protect sensitieve data exchange over the internet with encryption
# On multi-user systems, protect access to user accounts (password hashes), set correct permissions on home directories, set disk quotas, establish user policies regarding passwords, applications, data, etc.
Sunday, March 22, 2009
Care for Desktop Performance
Few Points to look after
1.Windows Services : Disable all the unneeded services form the services.msc or msconfig, windows used to enable many services by default
2.Disk fragmentation :- If your disk is derangement the it is a good reason to defrag it as fragmented disk is a reason to slow down your desktop/server.
3. Check for spyware and viruses : They can also decrease the performance of your system. make sure you have anti virus installed and it is updated with the latest definition also make sure that your system is patched with the latest patches.
4. Bad Hardware : Check your HDD and RAM . they are also potential cause for slow system speed. HDD may have bad sectors and RAM might be faulty or not compatible to your mother board. in windows blue screen may be happen due this these.
5. Temp Files/history/cookies : Delete them manually or by cc-cleaner software.
1.Windows Services : Disable all the unneeded services form the services.msc or msconfig, windows used to enable many services by default
2.Disk fragmentation :- If your disk is derangement the it is a good reason to defrag it as fragmented disk is a reason to slow down your desktop/server.
3. Check for spyware and viruses : They can also decrease the performance of your system. make sure you have anti virus installed and it is updated with the latest definition also make sure that your system is patched with the latest patches.
4. Bad Hardware : Check your HDD and RAM . they are also potential cause for slow system speed. HDD may have bad sectors and RAM might be faulty or not compatible to your mother board. in windows blue screen may be happen due this these.
5. Temp Files/history/cookies : Delete them manually or by cc-cleaner software.
Thursday, February 26, 2009
Remove directory from CVS
CVS doesn't really keep directories under version control. If you want to remove a directory from a project, you first remove all the files in it, then use update -P to remove the directory from the working directory.
CVS checkout and update will always check out empty directories; that's just the way CVS is built. Do an update with "-P" -- "prune" -- to remove empty directories:
cvs update -dP
(Adding "-d" will update new directories that have appeared since your last update; otherwise, CVS will ignore them.)
Cvs tends to work on a two phase approach regarding directories that's why there is a -P option for many cvs commands to "Prune empty directories".
When this has happened, e.g. want to rename a directory I've just added, I delete the directory, delete the entry for the directory in the CVS/Entries file, it'll be a line perpended with a "D".
If I've committed, I make sure my current working area that contains the empty directory/ies is all checked in. Then I blow away the part of the work area that I have added the directories to.
Ex.
/mySandbox/Project_to_remove/etc_etc
/mySandbox/Project_to_remove/emptyDir
I make sure everything is up to date in both directories containing the stuff I want to keep. I then blow away Project_to_remove from within mySandbox.
Going back and checking out the same work area, e.g. Project_to_remove will give me the work area without the empty dirs.
Or just leave everything as is and use the -P option to get CVS check everything out (or update everything) then prune out the empty dirs.
Renaming Directories
checkout the project, make the changes on the local working copy, delete the CVS project in the repository and import the changed project again.
CVS checkout and update will always check out empty directories; that's just the way CVS is built. Do an update with "-P" -- "prune" -- to remove empty directories:
cvs update -dP
(Adding "-d" will update new directories that have appeared since your last update; otherwise, CVS will ignore them.)
Cvs tends to work on a two phase approach regarding directories that's why there is a -P option for many cvs commands to "Prune empty directories".
When this has happened, e.g. want to rename a directory I've just added, I delete the directory, delete the entry for the directory in the CVS/Entries file, it'll be a line perpended with a "D".
If I've committed, I make sure my current working area that contains the empty directory/ies is all checked in. Then I blow away the part of the work area that I have added the directories to.
Ex.
/mySandbox/Project_to_remove/etc_etc
/mySandbox/Project_to_remove/emptyDir
I make sure everything is up to date in both directories containing the stuff I want to keep. I then blow away Project_to_remove from within mySandbox.
Going back and checking out the same work area, e.g. Project_to_remove will give me the work area without the empty dirs.
Or just leave everything as is and use the -P option to get CVS check everything out (or update everything) then prune out the empty dirs.
Renaming Directories
checkout the project, make the changes on the local working copy, delete the CVS project in the repository and import the changed project again.
Wednesday, February 25, 2009
Slackware Packaging tool
Two Things You May Need
1. Swaret
2.installpkg
How to install Swaret.
-- download the Swaret from the sourceforge.net and rename it as given below
$ cp swaret-1.6.2-noarch-1.tgz.tar swaret-1.6.2-noarch-1.tgz
log in as root to install the software using the installpkg command:
# installpkg swaret-1.6.2-noarch-1.tgz
Rename the conf file located in the /etc folder:
# cp /etc/swaret.conf.new /etc/swaret.conf
installpkg
By typing installpkg [packagename].tgz you can install packages on your system.
removepkg
In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename.
upgradepkg
Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:
upgradepkg oldpackagename%newpackagename
Do not add any extra whitespace between pairs of old/new package names.
rpm2targz
Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:
rpm2targz [filename].rpm
NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).
slapt-get is a very easy command line program to help you install, remove and upgrade Slackware packages.
To list packages you already have installed: slapt-get --installed
To list packages which are now available to you: slapt-get --available
To show a packages complete description: slapt-get --show [package(s)]
To search for a package in your list: slapt-get --search [package(s)]
To install a specific package: slapt-get --install [package(s)]
If you are a bit unsure of yourself before doing the "install" step do this:
slapt-get -s --install [package(s)]
this simulates the install process without actually doing anything. You can also use "-s" to simulate an upgrade.
If an install borks your system or you decide you don't need the software any longer remove the package with:
slapt-get --remove [packages(s)]
1. Swaret
2.installpkg
How to install Swaret.
-- download the Swaret from the sourceforge.net and rename it as given below
$ cp swaret-1.6.2-noarch-1.tgz.tar swaret-1.6.2-noarch-1.tgz
log in as root to install the software using the installpkg command:
# installpkg swaret-1.6.2-noarch-1.tgz
Rename the conf file located in the /etc folder:
# cp /etc/swaret.conf.new /etc/swaret.conf
installpkg
By typing installpkg [packagename].tgz you can install packages on your system.
removepkg
In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename.
upgradepkg
Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:
upgradepkg oldpackagename%newpackagename
Do not add any extra whitespace between pairs of old/new package names.
rpm2targz
Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:
rpm2targz [filename].rpm
NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).
slapt-get is a very easy command line program to help you install, remove and upgrade Slackware packages.
To list packages you already have installed: slapt-get --installed
To list packages which are now available to you: slapt-get --available
To show a packages complete description: slapt-get --show [package(s)]
To search for a package in your list: slapt-get --search [package(s)]
To install a specific package: slapt-get --install [package(s)]
If you are a bit unsure of yourself before doing the "install" step do this:
slapt-get -s --install [package(s)]
this simulates the install process without actually doing anything. You can also use "-s" to simulate an upgrade.
If an install borks your system or you decide you don't need the software any longer remove the package with:
slapt-get --remove [packages(s)]
Tuesday, February 24, 2009
IPTABLES
The first thing most people should do is set the default policy for each inbound chain to DROP:
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
When everything is denied, you can start allowing things. The first thing to allow is any traffic for sessions which are already established:
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So as not to break any applications that communicate using the loopback address, it is usually wise to add a rule like this:
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
The next thing to do would be to allow access to specific services running on your machine. If, for example, you wanted to run a web server on your machine, you would use a rule similar to this:
# iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
This will allow access from any machine to port 80 on your machine via the ppp0 interface. You may want to restrict access to this service so that only certain machines can access it. This rule allows access to your web service from 64.57.102.34:
# iptables -A INPUT -p tcp -s 64.57.102.34 --dport 80 -i ppp0 -j ACCEPT
Allowing ICMP traffic can be useful for diagnostic purposes. To do this, you would use a rule like this:
# iptables -A INPUT -p icmp -j ACCEPT
Most people will also want to set up Network Address Translation (NAT) on their gateway machine, so that other machines on their network can access the Internet through it. You would use the following rule to do this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
You will also need to enable IP forwarding. You can do this temporarily, using the following command:
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
When everything is denied, you can start allowing things. The first thing to allow is any traffic for sessions which are already established:
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So as not to break any applications that communicate using the loopback address, it is usually wise to add a rule like this:
# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
The next thing to do would be to allow access to specific services running on your machine. If, for example, you wanted to run a web server on your machine, you would use a rule similar to this:
# iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
This will allow access from any machine to port 80 on your machine via the ppp0 interface. You may want to restrict access to this service so that only certain machines can access it. This rule allows access to your web service from 64.57.102.34:
# iptables -A INPUT -p tcp -s 64.57.102.34 --dport 80 -i ppp0 -j ACCEPT
Allowing ICMP traffic can be useful for diagnostic purposes. To do this, you would use a rule like this:
# iptables -A INPUT -p icmp -j ACCEPT
Most people will also want to set up Network Address Translation (NAT) on their gateway machine, so that other machines on their network can access the Internet through it. You would use the following rule to do this:
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
You will also need to enable IP forwarding. You can do this temporarily, using the following command:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Monday, February 23, 2009
Step by Step using SSH auth without password
SSH ver 2
You need two machine and name them as CM (Client machine) and SM(Server Machine) respectively.
Client and Server
Step 1
Login to the client linux machine 'CM' via ssh to run below command and press "ENTER"
Step 2
Generate Key Pair
[root@CM ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 57:c6:8a:a4:a2:c8:b7:39:9c:14:3c:3a:70:07:5a:9e root@CM
Above command was executed as "root" user, and same can be done as a system user as well. Command will save a public/private key pair in .ssh directory located in HOME directory of the user. As in above case, command was executed as "root" so it will save the key pair in "/root/.ssh/".
After this, you need to append pubilc key of client machine 'CM' stored in id_dsa.pub to /root/.ssh/authorized_keys file of linux server 'SM'. To achieve that, run following command from linux client 'CM'. And on the password prompt, enter the user (in this case "root") password for linux server 'SM':
Step 3
Copy Public Key to Server
[root@CM ~]# scp /root/.ssh/id_dsa.pub root@IP_ADDRESS_OF_SERVER:/tmp root@IP_ADDRESS_OF_SERVER's password: id_dsa.pub 100% 606 0.6KB/s 00:00
Now login to the server machine 'SM' and execute below command to append the pubilc file of client machine 'CM' to authorized_keys file
Append Public Key to authorized_keys in server.
[root@SERVER_HOSTNAME ~]# cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
Every thing has been setup now. For testing, run below command from client machine 'CM' to verify that you are able to login to remote linux server 'SM' without entering password.
Login to Server
[root@CM ~]# ssh IP_ADDRESS_OF_SERVER Last login: Wed Jan 1 08:02:15 2009 from IP_ADDRESS [root@SERVER_HOSTNAME ~]#
Now, you can also copy files from serve to client and vice-versa using "scp" without being prompted for password.
Benefit
Automated server backups using scripts
No need to remember passwords for multiple servers
You need two machine and name them as CM (Client machine) and SM(Server Machine) respectively.
Client and Server
Step 1
Login to the client linux machine 'CM' via ssh to run below command and press "ENTER"
Step 2
Generate Key Pair
[root@CM ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 57:c6:8a:a4:a2:c8:b7:39:9c:14:3c:3a:70:07:5a:9e root@CM
Above command was executed as "root" user, and same can be done as a system user as well. Command will save a public/private key pair in .ssh directory located in HOME directory of the user. As in above case, command was executed as "root" so it will save the key pair in "/root/.ssh/".
After this, you need to append pubilc key of client machine 'CM' stored in id_dsa.pub to /root/.ssh/authorized_keys file of linux server 'SM'. To achieve that, run following command from linux client 'CM'. And on the password prompt, enter the user (in this case "root") password for linux server 'SM':
Step 3
Copy Public Key to Server
[root@CM ~]# scp /root/.ssh/id_dsa.pub root@IP_ADDRESS_OF_SERVER:/tmp root@IP_ADDRESS_OF_SERVER's password: id_dsa.pub 100% 606 0.6KB/s 00:00
Now login to the server machine 'SM' and execute below command to append the pubilc file of client machine 'CM' to authorized_keys file
Append Public Key to authorized_keys in server.
[root@SERVER_HOSTNAME ~]# cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
Every thing has been setup now. For testing, run below command from client machine 'CM' to verify that you are able to login to remote linux server 'SM' without entering password.
Login to Server
[root@CM ~]# ssh IP_ADDRESS_OF_SERVER Last login: Wed Jan 1 08:02:15 2009 from IP_ADDRESS [root@SERVER_HOSTNAME ~]#
Now, you can also copy files from serve to client and vice-versa using "scp" without being prompted for password.
Benefit
Automated server backups using scripts
No need to remember passwords for multiple servers
Wednesday, February 11, 2009
Few Things to take care when an employee leaves
When can employee left the organization there are few things that is advised to take care.
1. Access control
It include to access to Email/Data/Office/Remote Access.
Close his/her email account and access to all third party accounts.
Take back the keys which control his/her physical access to organization.
2. Documentation/Knowledge Transfer
Documentation of employee work and projects. Take its backup at secure place.
3. Organization Assets
It includes Laptop/Desktop/Cell phone/Blackberry/Head Phones/Web Cam/key badage/Security Keys/Parking Stickers
Make a checklist of these things and recover them before employee left the organization. This work can be done by IT/HR department.
4. Exit Interview
It is a best idea to ask an employee to fill an exit form which include his view/suggestion about the organization e.g if he has some complains about the company, or want improvement in some process or have suggestion to implement some policy.
1. Access control
It include to access to Email/Data/Office/Remote Access.
Close his/her email account and access to all third party accounts.
Take back the keys which control his/her physical access to organization.
2. Documentation/Knowledge Transfer
Documentation of employee work and projects. Take its backup at secure place.
3. Organization Assets
It includes Laptop/Desktop/Cell phone/Blackberry/Head Phones/Web Cam/key badage/Security Keys/Parking Stickers
Make a checklist of these things and recover them before employee left the organization. This work can be done by IT/HR department.
4. Exit Interview
It is a best idea to ask an employee to fill an exit form which include his view/suggestion about the organization e.g if he has some complains about the company, or want improvement in some process or have suggestion to implement some policy.
Microsoft has released 4 new security bulletins.
Microsoft has released 4 new security bulletins.
MS09-002: Cumulative Security Update for Internet Explorer (961260)
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (959239)
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code
Execution (959420)
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote
Code Execution (957634)
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important
MS09-002: Cumulative Security Update for Internet Explorer (961260)
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (959239)
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code
Execution (959420)
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote
Code Execution (957634)
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important
Sunday, February 8, 2009
How to check if any user is login to CVS
If User has a password on server and repository is using pserver and using ssh for login.
Assuming the repository is using pserver (you really should use ssh)
export xorpw=`grep "$CVSROOT" ~/.cvspass |awk '{print $3}'`
if [ "$xorpw" != "A" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
With SSH
Assumption
A) $CVSROOT does not have a FQDN
B) hostname on the server does not return a FQDN
C) no username in $CVSROOT
or
D) both $CVSROOT and hostname will give you the same FQDN
If the above assumptions are wrong then script around them
MACHINE=`echo $CVSROOT |awk -F: '{print $3}'`
FROMMACHINE=`ssh $MACHINE hostname 2>/dev/null`
if [ "$FROMMACHINE" == "$MACHINE" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
Assuming the repository is using pserver (you really should use ssh)
export xorpw=`grep "$CVSROOT" ~/.cvspass |awk '{print $3}'`
if [ "$xorpw" != "A" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
With SSH
Assumption
A) $CVSROOT does not have a FQDN
B) hostname on the server does not return a FQDN
C) no username in $CVSROOT
or
D) both $CVSROOT and hostname will give you the same FQDN
If the above assumptions are wrong then script around them
MACHINE=`echo $CVSROOT |awk -F: '{print $3}'`
FROMMACHINE=`ssh $MACHINE hostname 2>/dev/null`
if [ "$FROMMACHINE" == "$MACHINE" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN
Subscribe to:
Posts (Atom)