Some NFS Notes

A few notes on configuring NFS on RedHat or Ubuntu

The server packages to install are:
Ubuntu:
apt-get-install nfs-kernel-server nfs-common quota
RedHat:
yum install nfs-utils nfs-utils-lib quota

The client Packages are:
Ubuntu:
apt-get install nfs-common
RedHat:
yum install nfs-utils nfs-utils-lib

A few things to configure on the server:

/etc/hosts.allow
Any hosts listed here will be granted access to everything i.e
ALL: 2.11.1.2[4-5]
ALL: 192.168.1.*

Example IPTables rules for a webserver

Just a quick and basic example IPTables ruleset to secure a web/mail server:

# Allow outgoing traffic and disallow any passthroughs

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic already established to continue

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Don’t be a Tw@t – Use At!

Sigh :( today I made a schoolboy error – making config changes to a live firewall on a remote server without giving myself any kind of safety net! Anyway, this is an example of where you should really use something like the at command to bail you out should anything go wrong:

get the current system time:
date

Schedule at to run a command 5 minutes from now:
at -m 13:50
service iptables stop
ctrl-d

Android Apps for a System Administrator

With phones getting smarter and smarter, its now possible to monitor servers and perform basic administration tasks from your android handset. Here are a few tools I find useful.

Connectbot is a great SSH client for the Android. It is fully functional, supporting SSH keys and copy/paste etc.

 

For Windows RDP connections, I found PocketCloud to be the nicest to use free app, but at the time of writing there was a keyboard bug on Samsung handsets. Remote RDP Lite does the same thing in a less elegant way.

Screen – Can be useful!

Screen is something I’ve never been interested in using previously, but to be honest, it has many benefits. Screen is basically a window manager that allows you to run many windows from your SSH session. By doing this you don’t need to initiate several SSH sessions to a box when running complex tasks. Also if your connection is terminated in the middle of your task, you can resume your screen session.

Basics:

Start screen:
screen

Create new screen window:
CTRL + A + C

Install Java 1.6 JRE and JDK On CentOS5

Very busy right now, so here’s a quick and dirty writeup for install Java 1.6 on centos5.

To install the JDK

yum install -y jpackage-utils
wget http://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/VerifyItem-Start/jdk-6u14-linux-x64-rpm.bin?BundledLineItemUUID=KxWJ_hCuwSUAAAEvTWRZB8TT&OrderID=WeuJ_hCuedUAAAEvLGRZB8TT&ProductID=tPxIBe.oz2IAAAEhmh0zLjfT&FileName=/jdk-6u14-linux-x64-rpm.bin
chmod +x jdk-6u14-linux-i586-rpm.bin
./jdk-6u14-linux-i586-rpm.bin

Roll back RPM packages – CentOS/RedHat

Wouldn’t it be useful to be able to easily undo a yum/RPM change that you have just made? Well you can.
By default yum/RPM do not save roll back information. This feature can easily be enabled by doing the following, however its not perfect and can use a lot of disk space as its repackaging the files whenever you do anything. Keep an eye on /var/spool/repackage to make sure its not growing too much.

/etc/yum.conf add the line:
tsflags=repackage

/etc/rpm/macros add the line:
(create this file if it doesnt exist)
%_repackage_all_erasures 1

Once this has been enabled, any install/update/erase you do through yum or RPM will save the roll back information, allowing you to easily roll back the transaction should something bad happen.

Examples:

rpm -Uhv –rollback ’14:00′
rpm -Uhv –rollback ’9 hours ago’
rpm -Uhv –rollback ‘december 12′
rpm -Uhv –rollback ‘yesterday’

Your WordPress.com account, xxx is not authorized to view the stats of this blog.

So its fair to say that I’ve been somewhat neglecting this blog – been far too busy in the world of access control software!

Anyway, to start with a simple one, I signed into my wordpress account today and noticed that the site stats weren’t working with the following error:

Your WordPress.com account, xxx is not authorized to view the stats of this blog.

Simple fix: wordpress.com stats now seem to be integrated with jetpack. Disable the stats plugin, then install the jetpack plugin. You will need a wordpress.com account if you haven’t got one already.

Pear – install alpha packages

Pear probably won’t let you install any alpha package by default (such as HTTP_Request2). Do this to install it quickly:

pear config-set preferred_state alpha
pear install HTTP_Request2
pear config-set preferred_state stable

Configuring TFTP on Centos to backup Cisco ASA / IOS

Setting up TFTP on CentOS is actually very trivial (excuse the pun)! I find it useful for backing up config from network devices such as my Cisco ASA.

Install tftp:
yum install tftp-server
chkconfig tftp on
service xinetd restart