Redhat Archives - Page 2 of 2 - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘Redhat’

How to install and configure NTP Server (ntpd) to synchronize Linux server clock over the Internet on CentOS, RHEL, Fedora

Thursday, February 9th, 2012

Every now and then I have to work on servers running CentOS or Fedora Linux. Very typical problem that I observe on many servers which I have to inherit is the previous administrator did not know about the existence of NTP (Network Time Protocol) or forgot to install the ntpd server. As a consequence the many installed server services did not have a correct clock and at some specific cases this caused issues for web applications running on the server or any CMS installed etc.

The NTP Daemon is existing in GNU / linux since the early days of Linux and it served quite well so far. The NTP protocol has been used since the early days of the internet and for centuries is a standard protocol for BSD UNIX.

ntp is available in I believe all Linux distributions directly as a precompiled binary and can be installed on Fedora, CentOS with:

[root@centos ~]# yum install ntp

ntpd synchronizes the server clock with one of the /etc/ntp.conf defined RedHat NTP list

server 0.rhel.pool.ntp.org server 1.rhel.pool.ntp.org server 2.rhel.pool.ntp.org

To Synchronize manually the server system clock the ntp CentOS rpm package contains a tool called ntpdate :
Hence its a good practice to use ntpdate to synchronize the local server time with a internet server, the way I prefer to do this is via a government owned ntp server time.nist.gov, e.g.

[root@centos ~]# ntpdate time.nist.gov 8 Feb 14:21:03 ntpdate[9855]: adjust time server 192.43.244.18 offset -0.003770 sec

Alternatively if you prefer to use one of the redhat servers use:

[root@centos ~]# ntpdate 0.rhel.pool.ntp.org 8 Feb 14:20:41 ntpdate[9841]: adjust time server 72.26.198.240 offset 0.005671 sec

Now as the system time is set to a correct time via the ntp server, the ntp server is to be launched:

[root@centos ~]# /etc/init.d/ntpd start ...

To permanently enable the ntpd service to start up in boot time issue also:

[root@centos ~]# chkconfig ntpd on

Using chkconfig and /etc/init.d/ntpd cmds, makes the ntp server to run permanently via the ntpd daemon:

[root@centos ~]# ps ax |grep -i ntp 29861 ? SLs 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g

If you prefer to synchronize periodically the system clock instead of running permanently a network server listening (for increased security), you should omit the above chkconfig ntpd on and /etc/init.d/ntpd start commands and instead set in root crontab the time to get synchronize lets say every 30 minutes, like so:

[root@centos ~]# echo '30 * * * * root /sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd

The time synchronization via crontab can be also done using the ntpdate cmd. For example if you want to synchronize the server system clock with a network server every 5 minutes:

[root@centos ~]# crontab -u root -e

And paste inside:

*/5 * * * * /sbin/ntpdate time.nist.gov 2>1 > /dev/null

ntp package is equipped with ntpq – Standard NTP Query Program. To get very basic stats for the running ntpd daemon use:

[root@centos ~]# ntpq -p remote refid st t when poll reach delay offset jitter ====================================================== B1-66ER.matrix. 192.43.244.18 2 u 47 64 17 149.280 41.455 11.297 *ponderosa.piney 209.51.161.238 2 u 27 64 37 126.933 32.149 8.382 www2.bitvector. 132.163.4.103 2 u 1 64 37 202.433 12.994 13.999 LOCAL(0) .LOCL. 10 l 24 64 37 0.000 0.000 0.001

The remote field shows the servers to which currently the ntpd service is connected. This IPs are the servers which ntp uses to synchronize the local system server clock. when field shows when last the system was synchronized by the remote time server and the rest is statistical info about connection quality etc.

If the ntp server is to be run in daemon mode (ntpd to be running in the background). Its a good idea to allow ntp connections from the local network and filter incoming connections to port num 123 in /etc/sysconfig/iptables :

-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT -A INPUT -s 127.0.0.1 -m state --state NEW -p udp --dport 123 -j ACCEPT -A INPUT -s 0.0.0.0 -m state --state NEW -p udp --dport 123 -j DROP

Restrictions on which IPs can be connected to the ntp server can also be implied on a ntpd level through /etc/ntp.conf. For example if you would like to add the local network IPs range 192.168.0.1/24 to access ntpd, in ntpd.conf should be added policy:

# Hosts on local network are less restricted. restrict 192.168.0.1 mask 255.255.255.0 nomodify notrap

To deny all access to any machine to the ntpd server add in /etc/ntp.conf:

restrict default ignore

After making any changes to ntp.conf , a server restart is required to load the new config settings, e.g.:

[root@centos ~]# /sbin/service ntpd restart

In most cases I think it is better to imply restrictions on a iptables (firewall) level instead of bothering change the default ntp.conf

Once ntpd is running as daemon, the server listens for UDP connections on udp port 123, to see it use:

[root@centos ~]# netstat -tulpn|grep -i ntp udp 0 0 10.10.10.123:123 0.0.0.0:* 29861/ntpd udp 0 0 80.95.28.179:123 0.0.0.0:* 29861/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 29861/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 29861/ntpd

Tags: Auto, boot time, BSD, bsd unix, CentOS, configure, consequence, correct time, dport, Draft, early days of the internet, existence, feb 14, GNU, gnu linux, government, init, INPUT, internet server, level, linux distributions, list server, listserver, network time protocol, ntp daemon, ntp protocol, ntpd, ntpntpd, orgserver, package, Protocol, Redhat, root, rpm, server, server clock, server services, server system, server time, standard protocol, system, system clock, system time, time issue, time server, tool, typical problem, yum
Posted in Linux, System Administration | 1 Comment »

How to add a range of virtual IPs to a CentOS and Fedora Linux server

Monday, July 18th, 2011

Recently I had the task to add a range of few IP addresses to as a virtual interface IPs.

The normal way to do that is of course using the all well known ifconfig eth0:0, ifconfig eth0:1 or using a tiny shell script which does it and set it up to run through /etc/rc.local .

However the Redhat guys could omit all this mambo jambo and do it The Redhat way TM 😉 by using a standard method documented in CentOS and RHEL documentation.
Here is how:

# go to network-script directory[root@centos ~]# cd /etc/sysconfig/network-scripts # create ifcfg-eth0-range (if virtual ips are to be assigned on eth0 lan interface[root@centos network-scripts]# touch ifcfg-eth0-range

Now inside ifcfg-eth0-range, open up with a text editor or use the echo command to put inside:

IPADDR_START=192.168.1.120 IPADDR_END=192.168.1.250 NETMASK=255.255.255.25 CLONENUM_START=0

Now save the /etc/sysconfig/network-scripts/ifcfg-eth0-range file and finally restart centos networking via the network script:

[root@centos network-scripts]# service network restart

That’s all now after the network gets reinitialized all the IPs starting with 192.168.1.120 and ending in 192.168.1.250< will get assigned as virtual IPs for eth0 interface
Cheers 😉

Tags: CentOS, CLONENUM, command, course, directory root, echo, echo command, eth, fedora linux, file, ifconfig eth0, ip addresses, ips, jambo, lan, lan interface, Linux, mambo jambo, Netmask, network, network scripts, Networking, range, rangeNow, Redhat, root, script directory, Shell, shell script, sysconfig, task, text, tiny shell, virtual interface, way
Posted in Linux and FreeBSD Desktop, System Administration | No Comments »

How to configure networking in CentOS, Fedora and other Redhat based distros

Wednesday, June 1st, 2011

On Debian Linux I’m used to configure the networking via /etc/network/interfaces , however on Redhat based distributions to do a manual configuration of network interfaces is a bit different.

In order to configure networking in CentOS there is a special file for each interface and some values one needs to fill in to enable networking.

These network adapters configuration files for Redhat based distributions are located in the files:

/etc/sysconfig/network-scripts/ifcfg-*

Just to give you and idea on the content of this network configuration file, here is how it looks like:

[root@centos:~ ]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe DEVICE=eth0 BOOTPROTO=static DHCPCLASS= HWADDR=00:19:99:9C:08:3A IPADDR=192.168.0.1 NETMASK=255.255.252.0 ONBOOT=yes

This configuration is of course just for eth0 for other network card names and devices, one needs to look up for the proper file name which corresponds to the network interface visible with the ifconfig command.
For instance to list all network interfaces via ifconfig use:

[root@centos:~ ]# /sbin/ifconfig |grep -i 'Link encap'|awk '{ print $1 }' eth0 eth1 lo

In this case there are only two network cards on my host.
The configuration files for the ethernet network devices eth0 and eth1 from below example are located in files /etc/sysconfig/network-scripts/ifcfg-eth{1,2}

/etc/sysconfig/network-scripts/ directory contains plenty of shell scripts related to Fedora networking.
This directory contains actually the networking boot time load up rules for fedora and CentOS hosts.

The complete list of options available which can be used in /etc/sysconfig/network-scripts/ifcfg-ethx is located in:
/usr/share/doc/initscripts-*/sysconfig.txt

, to quickly observe the documentation:

[root@centos:~ ]# less /usr/share/doc/initscripts-*/sysconfig.txt

One typical example of configuring a CentOS based host to possess a static IP address (192.168.1.5) and a gateway (192.168.1.1), which will be assigned in boot time during the /etc/init.d/network is loaded is:

[root@centos:~ ]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe IPV6INIT=no BOOTPROTO=static ONBOOT=yes USERCTL=yes TYPE=Ethernet DEVICE=eth0 IPADDR=192.168.1.5 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 BROADCAST=192.168.1.255 NETMASK=255.255.255.0

After some changes to the network configuration files are made, to load up the new rules a /etc/init.d/network script restart is necessery with the command:

[root@centos:~ ]# /etc/init.d/network restart

Of course one can always use /etc/rc.local script as universal way to configure network rules on a Redhat based host, however using methods like rc.local to load up, ifconfig or route rules in a Fedora would break the distribution logic and therefore is not recommended.

There is also a serious additional reason against using /etc/rc.local post init commands load up script.
If one uses rc.local to load up and configure the networing, the network will get initialized only after all the other scripts in /etc/init.d/ gets started.

Therefore using /etc/rc.local might also be DANGEROUS!, if used remotely via (ssh), supposedly it might completely fail to load the networking, if all bringing the server interfaces relies on it.

Here is an example, imagine that some of the script set in to load up during a CentOS boot up hangs and does continue to load forever (for example after some crucial software upate), as a consequence the /etc/rc.local script will never get executed as it only starts up after all the rest init scripts had succesfully completed execution.

A network eth1 interface configuration for a Fedora host which has to fetch it’s network settings automatically via DHCP is as follows:

[root@fedora:/etc/network:]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 # Intel Corporation 82557/8/9 [Ethernet Pro 100]DEVICE=eth1 BOOTPROTO=dhcp HWADDR=00:0A:E4:C9:7B:51 ONBOOT=yes

To sum it up I think Fedora’s /etc/sysconfig/network-scripts methodology to configure ethernet devices is a way inferior if compared to Debian.

In GNU/Debian Linux configuration of all networking is (simpler)!, everything related to networking is in one single file ( /etc/network/interfaces ), moreover getting all the thorough documentation for the network configurations options for the interfaces is available as a system wide manual (e.g. man interfaces).

Partially Debian interfaces configuration is a bit more complicated in terms of syntax if matched against Redhat’s network-scripts/ifcfg-*, lest that generally I still find Debian’s manual network configuration interface to be easier to configure networking manually vicommand line.

Tags: AIPADDR, bit, boot time, broadcom, broadcom corporation, card, card names, CentOS, Configuration, configuration files, configuration of network, configure, content, course, Debian, distributions, distros, etc network, eth, ethernet network, fedora, file, gateway, gigabit ethernet, host, ifcfg, init, instance, interface, Linux, loIn, manual configuration, network, network adapters, network configuration, network interface, network interfaces, network scripts, Networking, ONBOOT, order, Redhat, root, script, shell scripts, static ip address, sysconfig, time, time load, two network cards, typical example
Posted in Linux, System Administration | 1 Comment »

How to check to which package an installed file belongs to in Debian, Ubuntu, Redhat, CentOS and FreeBSD

Thursday, July 15th, 2010

Every now and then every system administrator has to determine to which installed package a certain file belongs.
This small article is about to give some few basics which will help you to achieve the task on Linux and Unix/BSD operating system.
Often times whenever we administrate a system we are required to list the content of a certain installed package below you will see a very basic ways to determine which file belongs to which package on Linux and BSD as well as how to list a file content on a few different *nix based operating systems. Of course there are numerous ways to achieve this operation so this examples are definitly not the only ones:

1. Determining a file belongs to which (.deb) package on Debian Linux
– The straight way to determine a file belongs to which package is:

debian:~# dpkg -S coreutils: /bin/ls

– Letâ€™s say you would like to check every installed package on your Debian or Ubuntu Linux for a file name related to a certain file or binary. To do so on this distros you might use apt-file (by default not included in debian and ubuntu), so install it and use it to find out a binary is adherent to which package.

ubuntu:~# apt-get install apt-file ubuntu:~# apt-get update

ubuntu:~# apt-file search cfdisk
dahb-html: /usr/share/doc/dahb-html/html/bilder/betrieb/cfdisk.png
doc-linux-html: /usr/share/doc/HOWTO/en-html/IBM7248-HOWTO/cfdisk.html
gnu-fdisk: /sbin/cfdisk
gnu-fdisk: /usr/share/info/cfdisk.info.gz
gnu-fdisk: /usr/share/man/man8/cfdisk.8.gz
manpages-fr-extra: /usr/share/man/fr/man8/cfdisk.8.gz
manpages-ja: /usr/share/man/ja/man8/cfdisk.8.gz
mtd-utils: /usr/sbin/docfdisk
util-linux: /sbin/cfdisk
util-linux: /usr/share/doc/util-linux/README.cfdisk
util-linux: /usr/share/man/man8/cfdisk.8.gz

– A good possible tip if youâ€™re on a Debian or Ubuntu Linux is to list a certain package directly from the packages repository, e.g. without having it installed locally on your Linux.

This is done through:

debian:~# apt-file list fail2ban fail2ban: etc/default/fail2ban fail2ban: etc/fail2ban/action.d/hostsdeny.conf fail2ban: etc/fail2ban/action.d/ipfw.conf fail2ban: etc/fail2ban/action.d/iptables.conf fail2ban: etc/fail2ban/action.d/iptables-multiport.conf ...

– Another possible way to find out which package a file belongs is via dlocate . Dlocate is probably be the tool of choice if you wonâ€™t to automate the process of finding to which package a file belongs in a shell script or smth.

Here is dlocateâ€™s description

uses GNU locate to greatly speed up finding out which package a file belongs to (i.e. a very fast dpkg -S). many other uses, including options to view all files in a package, calculate disk space used, view and check md5sums, list man pages, etc.
Debian and Ubuntu are not bundled by default with it so you will have to install it separately.

ubuntu:~# apt-get install dlocate

Letâ€™s say you would like to check where does the awk binary belongs, issue:

ubuntu:~# dlocate -S /usr/bin/fdisk testdisk: /usr/share/doc/testdisk/html/microsoft_fdisk_de.html testdisk: /usr/share/doc/testdisk/html/microsoft_fdisk_fr.html testdisk: /usr/share/doc/testdisk/html/fdisk_de_microsoft.html testdisk: /usr/share/doc/testdisk/html/microsoft_fdisk.html util-linux: /sbin/sfdisk util-linux: /sbin/cfdisk util-linux: /sbin/fdisk util-linux: /usr/share/man/man8/cfdisk.8.gz util-linux: /usr/share/man/man8/sfdisk.8.gz util-linux: /usr/share/man/man8/fdisk.8.gz util-linux: /usr/share/doc/util-linux/README.cfdisk util-linux: /usr/share/doc/util-linux/README.fdisk.gz util-linux: /usr/share/doc/util-linux/examples/sfdisk.examples.gz

– Now sometimes you will have to list the content of a package binary, in Debian this is easily done with:

debian:~# dpkg -L bsdgames ... var/games/bsdgames/hack /var/games/bsdgames/hack/save /var/games/bsdgames/sail /usr/share/man/man6/teachgammon.6.gz /usr/share/man/man6/rot13.6.gz /usr/share/man/man6/snscore.6.gz /usr/share/man/man6/morse.6.gz /usr/share/man/man6/cfscores.6.gz /usr/share/man/man6/ppt.6.gz ...

2. Here is also how o check which binary belongs to which package on FreeBSD here

freebsd# pkg_info -W /usr/local/bin/moon-buggy /usr/local/bin/moon-buggy was installed by package moon-buggy-1.0.51_1

– Also you might need to list a binary package content in FreeBSD, here is how:

freebsd# pkg_info -L bsdtris-1.1 Information for bsdtris-1.1:

Files:
/usr/local/man/man6/bsdtris.6.gz
/usr/local/bin/bsdtris

2. To check a package belongs to which package on Fedora, Redhat, CentOS with rpm

[root@centos]# rpm -qf /bin/ls coreutils-5.97-23.el5_4.2

Below command is above to show you all files which are contained in the sample package mysql-5.0.77-4.el5_5.3

[root@centos]# rpm -ql mysql-5.0.77-4.el5_5.3

/etc/my.cnf
/usr/bin/msql2mysql
/usr/bin/my_print_defaults
/usr/bin/mysql
/usr/bin/mysql_config
/usr/bin/mysql_find_rows
/usr/bin/mysql_tableinfo
/usr/bin/mysql_waitpid
/usr/bin/mysqlaccess
/usr/bin/mysqladmin
/usr/bin/mysqlbinlog
/usr/bin/mysqlcheck
/usr/bin/mysqldump
/usr/bin/mysqlimport
/usr/bin/mysqlshow
/usr/lib64/mysql
/usr/lib64/mysql/libmysqlclient.so.15

Tags: CentOS and FreeBSD, How to check to which package an installed file belongs in Debian, Redhat, Ubuntu
Posted in FreeBSD, Linux, System Administration | 2 Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘Redhat’

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites