- Introduction
- Configure SFTP for Web Server
- Xrdp port and Clip copy issue
- Scanning after adding new harddisk or increasing size
- Performance and System Utilization Report
- Add and remove the disk
- Fix the sudoers syntax error without root password
- Remove floppy disk
- Assigning ip address
- Reset the root password on centos7
- Generate CSR using openssl
- different ways to test a TCP port without telnet
I have started as a habit to document anything that I will do on Linux. It is not only help my documentation but also a reference for me and others.
This configuration for configuring sftp users to uploade the files from computers to apached document root directory such as /var/www/html
-
Create a sftp user:
useradd webtester
passwd webtester
-
Restrict user to the document root
editvi /etc/ssh/sshd_config
put following content:Subsystem sftp internal-sftp Match User webtester ChrootDirectory /var/www/ ForceCommand internal-sftp -u 0022 X11Forwarding no AllowTcpForwarding no PasswordAuthentication yes ```
-
Restart the sshd service:
service sshd restart
-
Chaange the owner and gropu of html directory
chown webtester:webtester /var/www/html
That's is all. It is easy right?
you can test it uploading indext.html from your desktop any linux box using winscp.
- Note: if you want allow multiple users to upload then you can create a group called
sftpuser
and add all the users to that group. you can changeMatch User webtester
toMatch Group sftpusers
andchown root:sftpuser /var/www/html
andchmod 775 /var/www/html
I recently faced an issue that user unable to take rdp session on Linux machine. The main issue I found that port 3389 wasn't listening
-
Edit xrdp.ini
port: 3389
service xrdp restart
-
work around for copy paste issue.
Edit .bashrc of user that facing the issue and add following:
/usr/bin/vncconfig -get SendPrimary 2>/dev/null
if [ $? -eq 0 ];
then
/usr/bin/vncconfig -set SendCutText=0
/usr/bin/vncconfig -set SendPrimary=0
fi
source /home/<user_name>/.bashrc
service xrdp restart
Hopefully these steps will fix the issue.
-
Adding new disk: you can run the below command to discover the newly added disk on host
echo "- - -" >> /sys/class/scsi_host/host_$i/scan
where $i is the host numberecho "- - -" >> /sys/class/scsi_host/host0/scan echo "- - -" >> /sys/class/scsi_host/host1/scan echo "- - -" >> /sys/class/scsi_host/host2/scan
Note: If the added disk doest show up on the host after rescan, Please readd the disk with different scsi id.
-
Adding more space to existing disk: If the added space doesn't show up on the host then you run the following command:
echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan
echo 1 > /sys/class/scsi_device/0\:0\:1\:0/device/rescan
You can run the above command based on the disk ID. IF you added space then fist disk then run on 0:0:0:0
-
Extending the mounted disk without Partition:
You can create physical volume directly from disk without partitioning it such as:
pvcreate /dev/sdd
once you have creaed the pv then you can create VolumeGroup(VG) adn LVM.
Whenever you want to extend the disk which is used to create PV without partition, you need to run following command after increasing the size and running the disk scan.
pvresize /dev/sdd
Automatically it increases the VG as well that is created from this disk.
-
dstat
is a excellent pefomance monitoring tool to provide the combined report that is provided by indivual command asvmstate
,iostate
,netstat
,mpstate
etc-
Installation
yum install dstat
man dstat
# detail information and options available -
Examples:
dstat
It gives following output:- CPU stats:
cpu usage by a user (usr) processes, system (sys) processes, as well as the number of idle (idl) and waiting (wai) processes, hard interrupt (hiq) and soft interrupt (siq). - Disk stats:
total number of read (read) and write (writ) operations on disks. - Network stats:
total amount of bytes received (recv) and sent (send) on network interfaces. - Paging stats:
number of times information is copied into (in) and moved out (out) of memory. - System stats:
number of interrupts (int) and context switches (csw)
dstat -c
#CPU statsdstat -d
#Disk read/write
- CPU stats:
-
-
Adding new disk:
dstat -m
#memory stats
dstat -n
# network stats
dstat -g
# paging stats
dstat -y
# system stats
dstat -p
# running process
dstat -r
# read and write stats
dstat -s
# swap details
dstat -tcdm --output report.csv
# it stores the time, cpu, disk and memory in report.csv file -
systate
-
Adding new disk:
Let say that you want to add a disk with 100GB, create a partition,create lvm with that partion and mount on /data directory.
once you attached the disk to vm from Vcenter/Vcloud, the disk mayn't be visible on OS
you can run the below command to discover the newly added disk on hostecho "- - -" >> /sys/class/scsi_host/host_$i/scan
where $i is the host numberecho "- - -" >> /sys/class/scsi_host/host0/scan echo "- - -" >> /sys/class/scsi_host/host1/scan echo "- - -" >> /sys/class/scsi_host/host2/scan
Note: If the added disk doest show up on the host after rescan, Please readd the disk with different scsi id.
You can verify the disk by runningfdisk -l
command, You will see a disk such as /dev/sdb 100GB-
Partition the disk:
The partition can be created by runningfdisk /dev/sdb
and provide following: # please note that /dev/sdb is the device name
n
(new),
p
(primary),
enter
(default first block),
enter
(default last block),
enter
(default block size),
t
(providing filetype),
enter
(default takes the 1st partition),
8e
(code for Linux LVM),
w
(write changes),
Runpartprobe -s
to discover the newly created partioned that is #/dev/sdb1 verify the partition by runningfdisk -l
-
Create physical volume(PV) from newly created partition
pvcreate /dev/sdb1
and verify bypvs
-
Create Volume Group(VG)
vgcreate vg_data /dev/sdb1
vg_data is the name of the volume group and verify by runningvgs
-
Create Logical Volume Group(lvm)
lvmcreate -n lv_data -l+100%FREE vg_data
# This creates lv_data lvm with all 100GB space and verify by runninglvs
orlvdisplay
-
We need to create the filesystem such xfs
mkfs.xfs /dev/vg_data/lv_data
-
Create a directory
mkdir /data
-
Add the entry in /etc/fstab file
vi /etc/fstab
/dev/mapper/vg_data-data /data xfs defaults 0 0 -
Finally mount it
mount -a
-
verify using
df -hT
# you can see the /data partition with 100GB
-
-
Removing disk:
After creating the /data partition, you have reliased that you need to devide the 100GB to /data and /home. The main problem is here that /data and /home are from different volume group(vg) that vg_data and vg_root. The only solution we have to remove the partition and disk and create 2 partition of each 50GB, creat pvs with those partion for differrent voulme group.-
Please note these steps will delte your data. so please backup and careful. Need to perform following steps:
unmount /data
If it fails due to device busy then you have find the process using that /data usinglsof | grep "/data"
and kill that process- Edit the fstab entry
vi /etc/fstab
#/dev/mapper/vg_data-data /data xfs defaults 0 0 lvremove /dev/mapper/vg_data-data
# Remove lv_data lvmvgremove vg_data
# remove volume group vg_datapvremove /dev/sdb1
# Remove physical volume(PV)echo "- - -" > /sys/class/scsi_host/host0/scan
# scan for change in fstab file- We are safe now to remove the disk from Vcenter/vcloud.
echo 1 > /sys/block/sdb/device/delete
# To Mark device is delete.echo "- - -" > /sys/class/scsi_host/host0/scan
# scan for the changes and makes sure that disk removed completely from Memory.- Add the disk now from from Vcenter/vcloud and run the below command to discover the newly added disk on host.
`` echo "- - -" >> /sys/class/scsi_host/host_$i/scan``` where $i is the host number
echo "- - -" >> /sys/class/scsi_host/host0/scan echo "- - -" >> /sys/class/scsi_host/host1/scan echo "- - -" >> /sys/class/scsi_host/host2/scan
Note: If the added disk doest show up on the host after rescan, Please readd the disk with different scsi id. You can verify the disk by running
fdisk -l
command, You will see a disk such as /dev/sdb 100GB-
Partition the disk:
The partition can be created by runningfdisk /dev/sdb
and provide following: # please note that /dev/sdb is the device name
n
(new),
p
(primary),
enter
(default first block),
enter
(+50GB),
t
(providing filetype),
enter
(default takes the 1st partition),
8e
(code for Linux LVM),
w
(write changes),
Runpartprobe -s
to discover the newly created partioned that is #/dev/sdb1
verify the partition by runningfdisk -l
and follow the steps to create pv, vg, lv , filesytem and mount as given the steps in adding hardisk section.
Now we have to create another partion such as /dev/sb2 for extending the /home partion by 50GB. -
Partition the disk:
The partition can be created by runningfdisk /dev/sdb
and provide following: # please note that /dev/sdb is the device name
n
(new),
p
(primary),
enter
(default first block),
enter
(defalut last sector),
t
(providing filetype),
enter
(default takes the 1st partition),
8e
(code for Linux LVM),w
(write changes),
Runpartprobe -s
to discover the newly created partioned that is #/dev/sdb2 -
Extend the /home partition
Let assume that the /home partition has created using vg_root volume group and lv_home logical volume -
Create physical volume(PV) from newly created partition /dev/sdb2
pvcreate /dev/sdb2
and verify bypvs
-
Extend vg_data volume group
vgextedn vg_data /dev/sdb2
vg_data is the name of the volume group and verify by runningvgs
. You will see 50GB free -
Extend vg_root Logical Volume Group(lvm)
lvextend -l+100%FREE /dev/mapper/vg_data-lv_root
-
Grow the xfs filesystem
xfs_growfs /dev/mapper/vg_data-lv_root
-
Extend the ext4 filesystem
resize2fs /dev/mapper/vg_data-lv_root
-
verify by running
df -hT
- Edit the /etc/sudoers file suing
pkexec visudo
it will prompt for which user you want to authenticate with.
rmmod floppy
echo "blacklist floppy" | tee /etc/modprobe.d/floppy-blacklist.conf
update-initramfs -u
We can assign the IP addresses using the nmcli command
*nmcli con show
# It lists the connection(ethernet interfaces)nmcli con add con-name eth1 type ethernet ifname eth1
# add new connection of type ethernetnmcli con mod eth1 ipv4.addresses 192.168.10.100/24
# Assign the ip address to the newly interfacenmcli con mod eth1 ipv4.method manual autoconnect yes
# making change permanentnmcli con mod enp0s3 ipv4.gateway 192.168.1.1
nmcli con mod enp0s3 ipv4.dns "8.8.8.8"
nmcli con up eth1
nmcli con mod eth1 ipv6.addresses fbbd:fe2a:able::c0a8:64
# Ipv6nmcli con mod eth1 ipv6.method manual
nmcli con up eth1
ip add add 192.168.10.100/24 dev ens160
# Using IP commandip link set dev ens160 up
# activate the interfaceip route add default via 192.168.1.1dev ens160
# add default route
- select the rescue mode
- press "e"
- find the kernel line (starts with "linux16")
- change ro to rw and add init=/sysroot/bin/sh
- press ctrl+x
chroot /sysroot/
passwd root
touch /.autorelabel
exit
rebooot
# Genrate csr using below command: * openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out exmaple.com.csr # Please replace #example.com with your domain name and provide following details Country Name (2 letter code) [AU]:AE State or Province Name (full name) [Some-State]:Dubai Locality Name (eg, city) []:Dubai Organization Name (eg, company) [Internet Widgits Pty Ltd]:Testing Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:abc@example.com # Verify the newly generated CSR using below command * openssl req -text -noout -verify -in example.csr
# BASH * cat < /dev/tcp/127.0.0.1/22 SSH-2.0-OpenSSH_5.3 ^C * cat < /dev/tcp/127.0.0.1/23 bash: connect: Connection refused bash: /dev/tcp/127.0.0.1/23: Connection refused # cURL * curl -v telnet://127.0.0.1:22 About to connect() to 127.0.0.1 port 22 (#0) Trying 127.0.0.1... connected Connected to 127.0.0.1 (127.0.0.1) port 22 (#0) SSH-2.0-OpenSSH_5.3 ^C * curl -v telnet://127.0.0.1:23 About to connect() to 127.0.0.1 port 23 (#0) Trying 127.0.0.1... Connection refused couldn't connect to host Closing connection #0
-