Tag: linux

You are not allowed to use this program (crontab)

Welcome to Linux Book Center!

I recently came to know that using my account not able to crontab on newly installed machine with RHEL 7.9. Because of this I’m not able to schedule jobs and receiving below error whenever I try to edit the crontab to schedule a job.

[Brines ~]$ crontab -e
You (Brines) are not allowed to use this program (crontab)
See crontab(1) for more information

Which means we have not configured the crontab after the OS installation.
Basically, Crontab will check for below two files when you are trying to schedule a job using cron.
/etc/cron.allow
/etc/cron.deny

First system will check for cron.allow, if the it is not available/not configured then, it will check for cron.deny neither file exist/not configured then, system will allow only root user to use cron scheduler to schedule a job.

Finally in order to allow a normal user to use crontab, We have to add the username in /etc/cron.allow file and then we are free to use the scheduler.
below is the example:


        #vi /etc/cron.allow
          lbcuser     <   newly added user
       :wq


or

    #echo "lbcuser" >> /etc/cron.allow

RedHat Enterprise Linux 8 (RHEL 8) released






RedHat Enterprise Linux 8 (RHEL 8) released










RedHat Enterprise Linux 8 (RHEL 8) released on 7th May 2019 and another important thing is that this happened after acquisition of RedHat by IBM on 28th October 2018.





Release Date:





RHEL 8 released on 7th May 2019 and now its available for production environment.





RHEL 8 Download link:





RedHat Enterprise Linux 8 (RHEL 8) released





Architecture:







AMD64, Intel 64-bit, 64-bit ARM, IBM Power Systems, and IBM Z 







Overview:





RHEL 8 uses upstream Linux kernel 4.18





This is Secure, Stable and good foundation for hybrid cloud deployments.





New Features:





It Supports 4PB Physical memory





Wayland is default display server, instead of Xorg.





XFS supports shared copy-on-write data extends.





Now cockpit is default package and it comes along with RedHat OS image





RHEL 8 distributed with two main repositories: BaseOS & AppStream





RHEL 8 comes with new version of yum which is based on DNF.





nftables replaces iptables in network framework and we can convert existing iptables rules to nftables format for use.





Nginx 1.14 available in default repository.





Now in RHEL 8 sosreport can report any load of  eBPF (extended Berkeley Packet Filtering) programs and maps 





Geoliet2 database replaces geolite





In Cluster part we have new pcs commands to list and test available watchdog devices.





In the next post will see how to install RHEL 8





Reference: RedHat access portal

	


	





	

		
		
How to Register and Enable RedHat Subscriptions, Repositories for RHEL7
	


	
	
	

		

How to Register and Enable RedHat Subscriptions, Repositories for RHEL7





This post will guide you to know How to Register and Enable RedHat Subscriptions, Repositories for RHEL7 before system full upgrade or to install any packages from EPEL Repository in RedHat.





Enabling RedHat repositories are mandatory to install any packages using yum. RedHat subscription has the registered system details once the registration has been done. 





Requierment:





All we need is newly installed system with RedHat 7.





Registering and Activating RedHat Subscrition:





As a first step we should go to the RedHat Customer portal and register there. After the successful registration do remember the credentials.





Now login to the RHEL7 server and use the below command to register your system to RedHat Customer portal with RedHat credentials which you created just before  





#subscription-manager register --username <username> --password <password>





Once register your system, use the “list” option to get the all available subscription and than note down the subscription pool id which you need to activate it. 





#subscription-manager list -available





if your not getting any list, than your system registration with RedHat customer portal is not purchased for subscription.  Please get in touch with RedHat to proceed further.





Once you got the list of available subscription, you can use the below command to activate the subscription





#subscription-manager subscribe --pool=Pool ID number





To know the status of consumed subscription use the below command





#subscription-manager list –consumed





 To list the available subscription use the below command 





#subscription-manager list





Once your system registered with RedHat customer portal and activated subscription, you can enable the repositories . Use the below command to list the repositories for you subscription.





#subscription-manager repos --list





use the below command to list the available repository 





#yum repolist all





To enable a specific repository, open “vi /etc/yum.repos.d/redhat.repo” file and ensure that “enbaled=1” for concern repository which you want to enable





 Now list only enabled repository by executing below command





#yum repolist





Now you can use required yum commands to update your system/ install any packages like below





#yum update
#yum install <package_name>





Reference: RedHat portal

	


	





	

		
		
How to install Nagios Core server 4.4.3 on RHEL 6/7 & CentOS 6/7
	


	
	
	

		

This post will help you to know How to install Nagios Core server 4.4.3 on RHEL 6/7 & CentOS 6/7.





Nagios is a powerful monitoring tool. It will help to monitor a infrastructure.





It will monitor applications, service and entire infrastructure.





Required Packages:





  1. httpd
  2. php
  3. php-cli
  4. gcc
  5. unzip
  6. wget
  7. glibc
  8. glibc-common
  9. gd
  10. gd-devel
  11. net-snmp





[[email protected] ~]yum install httpd php php-cli gcc unzip wget glibc glibc-common gd gd-devel net-snmp





As we have installed httpd and this will be useful when we access the Nagios core to manage through web console.





 [[email protected] yumrepo]# systemctl start httpd 





Now create Nagios user account using below command:





[[email protected] yumrepo]# useradd Nagios
[[email protected] yumrepo]# passwd nagios
Changing password for user nagios. 
New password: 
BAD PASSWORD: The password contains the user name in some form 
Retype new password: 
passwd: all authentication tokens updated successfully. 





Now we need to create a group “nagcmd” to setup Nagios and then add the users “nagios” & “apache”   to be a part of group: nagcmd 





[[email protected] yumrepo]# groupadd nagcmd
[[email protected] yumrepo]# usermod -a -G nagcmd nagios 
[[email protected] yumrepo]# usermod -a -G nagcmd apache





Ñow its time to start Nagios Core server installation

Since Nagios third party tool, we need to download first for installation using below commands:





[[email protected] ~]# cd /opt
[[email protected] opt]# wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.3.tar.gz 
[[email protected] opt]# tar -xvf nagios-4.4.3.tar.gz 
[[email protected] nagios-4.4.3]# ./configure --with-command-group=nagcmd 
[[email protected] nagios-4.4.3]# make all 
[[email protected] nagios-4.4.3]# make install
[[email protected] nagios-4.4.3]# make install-init
[[email protected] nagios-4.4.3]# make install-daemoninit
[[email protected] nagios-4.4.3]# make install-commandmode
[[email protected] nagios-4.4.3]# make install-config
[[email protected] nagios-4.4.3]# make install-exfoliation





Now configure Apache for Nagios installation using below command:





[[email protected] nagios-4.4.3]# make install-webconf





Will configure Apache authentication for nagiosadmin which is default user. Don’t change this username. If you are changing then need to do more changes in configuration file.





[[email protected] nagios-4.4.3]# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin





Now restart the apache 





[[email protected] nagios-4.4.3]# systemctl restart httpd





As a next step need to install Nagios plugins, once installed Nagios core using below commands:





[[email protected] nagios-4.4.3]# cd /opt
[[email protected] opt]# wget http://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz
[[email protected] opt]# tar -xvf nagios-plugins-2.2.1.tar.gz
[[email protected] opt]# cd nagios-plugins-2.2.1





Now install and compile the plugins using below command:





[[email protected] nagios-plugins-2.2.1]# ./configure --with-nagios-user=nagios --with-nagios-group=Nagios
[[email protected] nagios-plugins-2.2.1]# make
[[email protected] nagios-plugins-2.2.1]# make install





We installed Nagios core and plugins. So, now will check and verify the configuration using below command:





[[email protected] nagios-plugins-2.2.1]#
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg





The output should give 0 Errors and 0 Warnings. If you get the same, then will start the Nagios like below





[[email protected] nagios-plugins-2.2.1]# systemctl start
nagios     





Check SELinux mode using below command:





[[email protected] ~]getenforce
Enforcing





If SELinux is in Enforcing mode, Than change it to Permissive mode or disable it like below





[[email protected] ~]# setenforce 0





Now make sure to enable web server permanently in firewall using below command:





[[email protected] ~]# firewall-cmd --permanent
--add-service=http





Execute below command to make affect in firewall changes which we did using our previous command





[[email protected] ~]# firewall-cmd –reload





Finally we have done everything and now will check whether the web console working on not





Enter url like below in your web browser and replace the IP_ADDR with your server ip





http://IP_ADDR/nagios





It will ask for the username and password. Remember that we already created a user name “nagiosadmin”. We can use that to login the console.





How to install Nagios Core server 4.4.3 on RHEL 6/7 & CentOS 6/7





Enter the nagiosadmin credentials and the web console looks like below





How to install Nagios Core server 4.4.3 on RHEL 6/7 & CentOS 6/7





From the left side pan click on “Hosts” and it will show list of hosts which is added for monitoring. 
Since, we doesn’t added any host, it will show only localhost, which is Nagios server like below





How to install Nagios Core server 4.4.3 on RHEL 6/7 & CentOS 6/7










Finally we installed and configured Nagios server. Thanks for readin

	


	





	

		
		
what is split brain syndrome in clusters?
	


	
	
	

		






In this post we are going to see what is split brain syndrome in clusters?





Split brain syndrome is a state on a cluster where each cluster nodes are divided into small clusters and each one will believe themselves as itself only an active cluster.





Each nodes believes that all other nodes are dead and simultaneously will try to access the same data/ disks, which can be lead to data corruption. This situation will occur during the cluster reformation.





When one or more nodes fails, the cluster itself will reform the cluster with the available nodes. 





Note: High Availability clusters will use some mechanism like CMAN, Pacemaker, HP ServiceGaurd, and Linux HA  to avoid split brain syndrome.





Common methods to address split brain syndrome:





  1. I/O Fencing
  2. Quorum/ Local Disk
  3. Quorum Server
  4. Tie – Breakers
  5. STONITH(Shoot The Other Node In The Head)  






	


	





	

		
		
How to boot with an old kernel in RHEL4,5,6/CentOS
	


	
	
	

		

In this post, we are going to see How to boot with an old kernel in RHEL4,5,6/CentOS Operating systems.





How to boot with an old kernel in RHEL4,5,6/CentOS





RedHat Operating System uses GRUB boot loader as default one globally.





We can boot update the kernel using Yum/ RPM Package management like other package upgrades which we are doing.





Use the below command to know which boot loader installed on your OS.





#grubby -bootloader-probe





Changing kernel:





/boot/grub/grub.conf is the grub configuration file.





#cat /boot/grub/grub.conf 

default=0 timeout=5 password --encrypted $6$GXGrYVEnbKXAnQoT$p64OkyclNDt4qM2q47GMsgNxJxQaclNs79gvYYsl4h07ReDtJpt5P5kQn1KQ52u2eW8pKHTqcG50ffv0UlRcW0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Red Hat Enterprise Linux 6.4 (2.6.32-358.el6.x86_64)      ===> kernel 0 root (hd0,0) kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/vg_geeklab-lv_root rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_geeklab/lv_swap rd_LVM_LV=vg_geeklab/lv_root rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-358.el6.x86_64.img title Red Hat Enterprise Linux 6.3 (2.6.32-279.el6.x86_64)      ===> kernel 1 root (hd0,0) kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=/dev/mapper/vg_geeklab-lv_root rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=vg_geeklab/lv_swap rd_LVM_LV=vg_geeklab/lv_root rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-279.el6.x86_64.img





In this, we can see Default will be 0. From this, we can understand OS will read by the default top kernel.





Whenever we are upgrading the kernel that will be coming up and considered as 0 and old kernel will be marked as 1.





So, We should change the number from “0” to “1” on below line of /boot/grub/grub.conf file using vi editor and save it.





 





default=1





We done the needed configuration change to boot the OS with an old kernel.





On the next boot it will take effect.





Using below command reboot the system and then check whether its booting with old kernel or new one.





#shutdown -r now





Use the below command to check the kernel versions which is in use right now





#uname -r

	


	





	

		
		
awk command in linux
	


	
	
	

		
awk command in linux


We are going to see how to use awk command in Linux in this post.


It’s a scripting language and it’s used to generate Reports and Data Manipulation.


Syntax:


#awk <option> 'criteria {action}' input_file > output_file


Awk command to print file content:


[[email protected] ~]# awk '{print}' testfile.txt
Abu 1234
Thahir 5678
Tharun 9101
Rishi 2345


Above example is only to print all the content of a file.


Awk command to print the lines which match with the given pattern:


[[email protected] ~]# awk '/Rishi/{print}' testfile.txt
Rishi 2345


awk command to split a line to fields:


$1 will be considered the first word as the first field in a line. accordingly $2,$3, etc…


[[email protected] ~]# awk '{print $2}' testfile.txt
1234
5678
9101
2345
[[email protected] ~]#


Built-in variables in awk:


NF:     We can print the last field of the lines by using NF in awk command


Example: 


[[email protected] ~]# awk '{print $NF}' testfile.txt
25000
30000
20000
15000


NR:     Using NR built-in option, we can print the specific fields along with line numbers and can print all content of a file along with the line numbers. Also, we can print the range of lines using NR in awk command.


Examples:


1. Displaying specific row with a specific field in a file


[[email protected] ~]# awk 'NR==2 {print $1,$3}' testfile.txt
Thahir 30000


2.Displaying content of a range of lines(from 2 to 4th line)


[[email protected] ~]# awk 'NR==2, NR==4 {print $1,$3}' testfile.txt
Thahir 30000
Tharun 20000
Rishi 15000


 


Thanks for reading our blog. Please drop your comments.

	


	





	

		
		
NFS Server Configuration RHEL 7 / Cent OS 7
	


	
	
	

		
Using NFS server will share the files/ Directories over the network.


Using this service will install operating system and access the remote server directory/file to read/write files and will share the file/directory to other machines.








Required Package:


libnfsidmap-0.25-15.el7.x86_64

nfs-utils-1.3.0-0.33.el7.x86_64


Installing NFS packages:


Use the below command to install all the required packages in one shot.




#yum install nfs*


 


Check whether the packages are installed by executing below command


[[email protected] ~]# rpm -qa | grep nfs
libnfsidmap-0.25-15.el7.x86_64
nfsometer-1.7-1.el7.noarch
nfs4-acl-tools-0.3.3-15.el7.x86_64
nfs-utils-1.3.0-0.33.el7.x86_64
nfstest-2.1.1-0.0.el7.noarch


Important configuration files:


/etc/exports :                This file contains which all are exported to remote                                                                 machines 

/etc/host.allow :           Daemon/ Client which matches the entry available in                                                        this file, will be granted access.

/etc/host.deny :           Access is denied for daemon/ client which matches in                                                     this file.

/etc/fstab :                      Will mount the shared directories/ filesystems                                                                   permanently using this file.

/etc/sysconfig/nfs:  Will manage the nfs port using this file.


Services which need to be enabled and started:


rpcbind  service

nfs-server  service


Command to enable the services:


#systemctl enable rpcbind

#systemctl enable nfs-server


[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# systemctl enable nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.


Command to start the services:


#systemctl start rpcbind

#systemctl start nfs-server


[[email protected] ~]# systemctl start nfs-server

[[email protected] ~]# systemctl start rpcbind


create directory for sharing:


[[email protected] ~]# mkdir /nfshare


set the all permission to all


#chmod 777 /nfshare


Now share the directory using NFS by mentioning the directory details in /etc/exports file


#vi /etc/exports

/nfsfileshare 192.168.12.7(rw,sync,no_root_squash)


save and exit from the file


Now use the below command to make it available in network as a shared directory


[[email protected] ~]# exportfs -r


Enable the services permanently in firewall in this session


[[email protected] ~]# firewall-cmd --permanent --zone public --add-service  mountd
success
[[email protected] ~]# firewall-cmd --permanent --zone public --add-service rpc-bind
success
[[email protected] ~]# firewall-cmd --permanent --zone public --add-service nfs
success


reload the firewall  changes and make effect in this session by executing below command


[[email protected] ~]# firewall-cmd --reload
success



 


Now all the configuration has been done in server side and have to check and mount the shared directory in client machine.


showmount command will help us to list the directory which is shared from remote machine.


[[email protected] ~]# showmount -e 192.168.43.226
Export list for 192.168.43.226:
/nfshare *


Now we need to mount the shared directory in client. Before that we should create a directory to use that as a mount point.


[[email protected] ~]# mkdir /nfsmount


Mount the directory temporarily


#mount 192.168.43.226:/nfshare  /nfsmount


Mount permanently by editing /etc/fstab file and make entry


#vi /etc/fstab
192.168.43.226:/nfshare/ /nfsmount nfs rw,sync 0 0


save and exit from the file.


unmount the directory because we mounted temporarily before restart and after restart issue mount to check whether the shared directory is listing or not. If its not listing then there is an issue with entry in /etc/fstab file.


#umount /nfsmount


Restart the client and check using mount command


[[email protected] ~]# mount | grep /nfsmount
192.168.43.226:/nfshare/ on /nfsmount type nfs (rw,sync,vers=4,addr=192.168.43.226,clientaddr=192.168.43.67)

	


	





	

		
		
How to check listening ports in Linux
	


	
	
	

	
	

		


We should pay attention to listening ports, to validate and disable the unused ports in infra is a very important thing. In that the way, we can secure the server from the attack surface. So, Will see How to check listening ports in Linux


Known Ports:



993    – IMAPS

1194  – openVPN

1812  – RADIUS

995    – POP3s

2049  – NFS (nfsd, rpc.nfsd, rpc, portmap)

2401  – CVS server

3306  – MySql

3690  – SVN

6000-6063- X11

123    – NTP (Network time protocol used for time syncing uses UDP protocol)

137    – NetBIOS (nmbd)

139    – SMB-Samba (smbd)

143    – IMAP

161    – SNMP (For network monitoring)

389    – LDAP (For centralized administration)

443    – HTTPS (HTTP+SSL for secure web access)

514    – Syslogd (udp port)

636    – ldaps (both ctp and udp)

873    – rsync

989    – FTPS-data

990    – FTPS

20      – FTP Data (For transferring FTP data)

21      – FTP Control (For starting FTP connection)

22      – SSH (For secure remote administration which uses SSL to encrypt the transmission)

23      – Telnet (For insecure remote administration)

25      – SMTP (Mail Transfer Agent for e-mail server such as SEND mail)

53      – DNS (Special service which uses both TCP and UDP)

67      – Bootp

68      – DHCP

69      – TFTP (Trivial file transfer protocol uses udp protocol for connection less transmission of data)

80      –  HTTP/WWW(Apache)

88      – Kerberos

110    – POP3 (Mail delivery Agent)





Issue the below command as root user to check the listening ports.


Will use  netstat command to check open ports.


#netstat -tulpn



t – Will enables listing of tcp ports.

u – Will enables listing of udp ports

n – this will shows the port numbers

l – It will list only listening pockets






We should pay attention to listening ports, to validate and disable the unused ports in infra is a very important thing. In that the way, we can secure the server from the attack surface. So, Will see How to check listening ports in Linux







/etc/services – by reading this file we can read different types port/protocol combinations and applications.


#less /etc/services












lsof command:



Package for lsof:  lsof-4.87-4.el7.x86_64


To check the package avilability in linux use the below command.


#rpm -qa | grep -i lsof




To list open ports:


#lsof -i












To display all open files:






nmap command:



    Using nmap  command will check the open ports for remote server.


Using below command will check open ports in local machine.



      #nmap -sT  -O localhost












Command to check remote machine open ports:


#nmap -sT -O 192.168.0.105














	


	





	

		
		
Changing/ Recovering root user password in RHEL7/ Cent OS 7
	


	
	
	

		


We are going to see How to Changing/ Recovering root user password in RHEL7/ CentOS 7 in this post


Boot the system and wait for GRUB menu. On some Operating systems, you need to disturb the booting by pressing any keys in your system.


Changing/ Recovering root user password in RHEL7/ Cent OS 7








Highlight the first line which is pointing the Operating System entry like showed in the above image and press “e” key in your keyboard to edit manually.




Then will get the below screen.








Using up/down, left/right arrow keys move the cursor to the “rhgb quiet” which is in kernel line starting with “linux16”








Using delete/backspace keys manually delete “rhgb quiet” entry and append “init=/bin/bash” entry like below.








Than press Ctrl+x  to reboot your OS with specified option. Once rebooted, will get a shell prompt without credentials.


check whether the root filesystem has been mounted or not.




Mount the root filesystem with RW permission.




Now issue the “passwd” command to recover/change the root password. It will ask for the new password and re-enter the password for confirmation. Once provided the new password will receive the “Authentication token successfully updated”








Relabel the SELinux content using below command.










Restart the machine using the below command.












Finally, we recovered the root password. Now will restart the machine and login with a new root password.