user is not in the sudoers file. This incident will be reported

Part of my testing, there are many best practices in hardening the server and part of it are not to allow "root" access via SSH. As root is common username for a Linux/Unix based system. So I decided to create a user and give it root privileges as I wanted to have complete access of the server. However we can provide limited access to user we want to create.

[root@linux ~]# useradd newuser

[root@linux ~]# passwd newuser

Changing password for user newuser.
New password: "enterpassword"

Retype new password:"enterpassword"

after creating the user when you try to sudo and use command you will face following error "newuser is not in the sudoers file.  This incident will be reported"

[root@linux ~]# su newuser
[ammar@panel root]$ sudo -s
[sudo] password for newuser:
ammar is not in the sudoers file. This incident will be reported.

go to 

[root@panel ~]# nano /etc/sudoers

add following line:

newuser   ALL=(ALL)       ALL      (note: this will grant all privileges to user newuser 

Hope it helps !

Force logout a user in Linux or Unix

There can be several users logged in Linux/Unix system and they all have different sessions.

[root@linux]# w
10:23:27 up 4:40, 4 users, load average: 1.44, 1.29, 1.27
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 xxx.xx.xxx.xx 05:44 3:04m 0.12s 0.12s -bash
root pts/2 xxx.xx.xxx.xx 05:46 4:37m 0.06s 0.06s -bash
root pts/3 xxx.xx.xxx.xx 05:46 4:37m 0.06s 0.06s -bash
root pts/4 xxx.xx.xxx.xx 06:49 0.00s 0.27s 0.00s w
[root@linux]#

(Where xxx.xx.xxx.xx is the IP from where connections are made.

You can find the process of the session by following command:

ps -dN|grep pts/3 (Where pts3 is seesion no.)

after entering the above command following output will come:

15552 pts/3 00:00:00 bash

Then you can kill the process by:

kill -9 15552

That session will be terminated. Hope it helps !

Force logout a user in Linux or Unix

error-pam-authentication-error-for-root-when-trying-to-ssh-to-freebsd-server-as-root

By default ssh is disabled in Freebsd and work around is shared my one of my posts, http://www.zyraxtech.com/2014/06/permission-denied-keyboard-interactive-authentication/ :

However We faced an issue with one of our old server who’s ssh was configured, by one of the lines were changed mistakenly which caused following error:

error: PAM: authentication error for root from 192.168.XXX.XXX

following lines were checked and changed:

PermitRootLogin yes 
PasswordAuthentication yes 
AllowUsers vht

to

AllowUsers root

NOTE: allowuser line was mistakenly changed.

Hope this helps !

unknown modifier ‘t’ freebsd ports error

Recently faced an error to install port in freebsd 9.0, the reason for this type of error is due to freebsd support for older version is no longer there. below is the screen shot of the error:

“unknown modifier ‘t’ freebsd ports”

to overcome this I updated freebsd 9.0 to 9.1 and then installed the ports easily.

root@freebsd:/root#freebsd-update upgrade -r 9.1-RELEASE

(to update release from 9.0 to 9.1)

/usr/sbin/freebsd-update install

(to install the update)

then reboot the server and run the above command again

root@freebsd:/root#portsnap fetch update

(to update the ports)

then you can install the desired ports without any error!

HOPE it works for you as well !

Permission Denied keyboard-interactive authentication

By default Freebsd has root ssh disabled. Even in Ubuntu 14.04 it is not allowed with some other linux/unix distros as well.

Following error we get on screen even after entering correct password:

To overcome this issue edit following ssh file: (ee is editor in freebsd)

ee /etc/ssh/sshd_config

in the file remove # from port 22

and remove # from

PermitRootLogin no

to

PermitRootLogin yes

then restart sshd demon

/etc/rc.d/sshd restart 

Remote host identification has changed

Normally this issue has a simple solution but people tend not to read whats is required to eliminate the error:

When you run the ssh command following error is received:

to remove this error, you just need to edit single line on the following path (I am using nano as editor):

 nano /root/.ssh/known_hosts

Remove the line which corresponds to the IP address which you were trying to access via ssh. save the file and again try to ssh.

Cloudstack 4.3 management installation

Cloudstack is an opensource Cloud platform which is robust as well as its rich features enables it to work in both Public and private cloud. Over the years its installation has become easier and easier and I was curious to check the new 4.3 version. As hypervisor I have used XEN but there are other options as well such as KVM, VMware, Hyper-V, LXC. Although its installation is pretty straight forward but here it goes:

I have deployed it in CentOS 6.5 server. I will update the details of steps:

hostname –fqdn

Check the hostname (fully qualified domain name)

If it doesn’t show the hostname then edit the name in /etc/hosts and insert the line.

172.19.10.7 hostname.domain.com

update the server repository

yum update -y
nano /etc/yum.repos.d/cloudstack.repo

[cloudstack]
name=cloudstack
baseurl=http://cloudstack.apt-get.eu/rhel/4.3/
enabled=1
gpgcheck=0
yum install ntp -y
service ntpd start
nano /etc/selinux/config

set SElinux to permissive

reboot

yum install cloudstack-management -y

yum install mysql-server -y
chkconfig mysqld on

nano /etc/my.cnf

innodb_rollback_on_timeout=1
innodb_lock_wait_timeout=600
max_connections=350
log-bin=mysql-bin
binlog-format = ‘ROW’

service mysqld restart

wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util
mv vhd-util /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/
chmod +x /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util
mysql_secure_installation

mount 172.19.10.14:/storage/secondary /mnt/secondary/ -o nolock

cloudstack-setup-databases cloud:password@localhost –deploy-as=root:password
cloudstack-setup-management

/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://download.cloud.com/templates/4.3/systemvm64template-2014-01-14-master-xen.vhd.bz2 -h xenserver -F

Install VMware guest Linux OS tools

Installing VMware tools in guest Windows Based OS is simple where dialog box appears and user just needs to confirm the installation. In CLI based linux OS user needs to perform a couple of check and complete procedure is as following:

First step is to make sure that perl is present in the server;

Using the following command it can be verified:

rpm -qa | grep perl

if it is not present then use following commands to install (I have installed it in centOS);

yum -y install perl

after it is installed create a directory:
mkdir /mnt/cdrom

Then on the Vsphere client and attach the linux tools iso:

after iso is inserted mount the cdrom to folder which was created earlier

mount /dev/cdrom /mnt/cdrom

copy the tar file on /tmp folder
cp /mnt/cdrom/VMwareTools-*.tar.gz /tmp

after copy umount the device
umount /mnt/cdrom

unzip the tar file
tar -zxf /tmp/VMwareTools-*.tar.gz -C /tmp

then run the following command, -D means default setting if you want manual settings then remove the -D check
/./tmp/vmware-tools-distrib/vmware-install.pl -D

remove the files and tmp folder
rm -f /tmp/VMwareTools-*.tar.gz
rm -rf /tmp/vmware-tools-distrib

Copy files from linux to another linux server

There are other ways to copy files from a linux server to another linux server. We can use ftp protocol as well but that requires configuration. easiest way is to transfer files using scp.

Scp means “secure copy” it is based on SSH protocol which itself is secure protocol. To transfer files from Windows machine to linux or vice versa there is a software called winscp which can be easily install on windows machine. and it can transfer files to and from Linux server.

To copy files from one linux machine to another following methods is used:

[root@centos]#scp

-bash: scp: command not found

 “this means that scp rpm is not installed on the server. package openssh-clients needs to installed”

[root@centos]# yum install openssh-clients –y

“to install rpm”

To copy file use:

Scp /home/testfile.txt root@serverip:/home/

” to copy files from server you are logged in to a remote server”where serverip can be hostname of that server or what ever the ip that server has.”

To copy directory and all it content we use:

Scp -r /home/testdir root@serverip:/home/dir

” to copy directory and all its content we use the above command”

Error 404. That’s an error on domain.com

Recently purchased a new domain for my blog and removed it from a subdomain and redirected the blog to new domain. It was working fine until I checked it using http://zyraxtech.com and got 404. That’s an error.
It is a very small mistake people make and it result in traffic redirection loss. Fix is simple.
If we are using blogger then just go to the blog's dashboard, go to Settings>Basic and click on Edit.
then put a check on Redirect zyraxtech.com to www.zyraxtech.com.
This would redirect http://zyraxtech.com to www.zyraxtech.com (replace zyraxtech with your domain).

Resize swap memory in linux

We needed to to increase swap memory for one of our client who was using SUSE linux. There are two methods to overcome this and we used the following method.

Switch off swap

swapoff -a

First create a file named myswapfile and in this command count=1024 means 1GB so forexample our client needed swap memory of 44GB so we change count=45056

dd if=/dev/zero of=/root/myswapfile bs=1M count=1024

after file is created change the permission to root only

chmod 600 /root/myswapfile

enable the newly created swap

swapon /root/myswapfile

Add the following enteries in the fstab to keep the swap space after reboot

cat /etc/fstab /root/myswapfile swap           swap    defaults        0 0

after entry to make sure new swap is used:

swapoff -a

swapon -a

then verify using the top command. Hope it helps !


Ref: http://www.thegeekstuff.com/2010/08/how-to-add-swap-space/

VNC server idle timeout SUSE Linux

Recently one of our client using OpenSUSE VM had issues in using VNC viewer for installation of some software and he was facing logout issue when the system was idle. (Although this is good in terms of security but on his request we needed to switch off this feature)

There were several ways but we needed to resolve this quickly so following changes were made.

go to vi /etc/xinetd.d/services

Change the wait parameter from NO to YES

Session out issue resolved! 

VMware Guest VM Disk size greater than 2TB

Recently we needed to give our client a VM and additional disk of around 7TB. Issue that we were facing was when adding a disk of 7TB we were getting following errors:

Hot-extend was invoked with size (*** sectors) > =2TB. Hot-extend beyond or equal to 2TB is not supported. This disk extend operation failed: msg.disklib.INVAL

To resolve the issue power off the Virtual Machine and then retry the drive extend operation.

Or detach it from the Virtual machine it is connected to and then attach to a virtual machine that is powered off and perform the re-size operation.

Hope it solves the issue!.

Cloudstack Guest VM Issue

One of our client using our Cloudstack IaaS service and had a VM of Ubuntu 10.04. Issue was when his VM crashed and he wanted to create a VM from one the snapshots which were taken prior to the crash. After the VM was created he was getting following errors:

At first I thought that the template is not working but then after changing the OS type in the guest OS from original Ubuntu 10.04 x64 to Other (64-bit) , after that the VM booted smoothly. !

Subdomain redirect to blogger website

I already had a domain registered as was in use for my football club so I though why not to redirect the blogspot to a more easy name. so I did the following zyraxtech.blogspot.com ---> tech.fcrovers.org

First I went to godaddy from where I have got my domain, I went to Domain details and then first used forwarding of subdomain.

I added the domain in the following manner, you can change the alias as per you requirement.

then I went DNS zonefile and added the following entry as CNAME:

CNAME = tech , Points to = ghs.google.com

then go to blogger website and in settings -> Basic - > Publishing add tech.fcrovers.org

It normally takes time so be patient. :D
P.S: same could be achieved if you want to redirect website to domain name such as www.abc.com instead of a subdomain as in above example which was tech.abc.com 

Mikrotik Dual WAN Load balancing with PCC and DHCP on LAN

Recently I was working on a small test work so I deployed Mikrotik on my home LAN to balance the two ISP which I had at home. One was PTCL and other on Connect Communication, on both links I already have a router/modem which works as a DHCP server.

I used RB750 for this.


I started of by naming the interface for my convenience. ether1=PTCL , ether2=CONNECT, ether5=LAN

Then I enabled DHCP client on both ethernet interface on which PTCL and Connect were terminated.
Using winbox. Attached are screenshot:

After the DHCP is enable on both interfaces, we can verify by check on IP -> DHCP-CLIENT

FOR DHCP server at LAN:
/ip dhcp-server
setup
Select interface to run DHCP server on

dhcp server interface: LAN
Select network for DHCP addresses

dhcp address space: 192.168.100.0/24
Select gateway for given network

gateway for dhcp network: 192.168.100.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.0.2-192.168.200
Select DNS servers

dns servers: 10.101.10.5 (Connect) , 192.168.1.1 (PTCL)
Select lease time

lease time: 3d

after this mangle rule and routing follows which will be used for balancing the link.

/ip firewall mangle

add chain=input in-interface=CONNECT action=mark-connection new-connection-mark=CONNECT_conn
add chain=input in-interface=PTCL action=mark-connection new-connection-mark=PTCL_conn

add chain=output connection-mark=CONNECT_conn action=mark-routing new-routing-mark=to_CONNECT
add chain=output connection-mark=PTCL_conn action=mark-routing new-routing-mark=to_PTCL

add chain=prerouting dst-address=192.168.0.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=CONNECT_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=CONNECT_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=PTCL_conn passthrough=yes

add chain=prerouting connection-mark=CONNECT_conn in-interface=LAN action=mark-routing new-routing-mark=to_CONNECT
add chain=prerouting connection-mark=PTCL_conn in-interface=LAN action=mark-routing new-routing-mark=to_PTCL

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-mark=to_CONNECT check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_PTCL check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=CONNECT action=masquerade
add chain=srcnat out-interface=PTCL action=masquerade

above graph shows the bandwidth aggregated.
There is some tuning with the mikrotik balancing  and more testing will be posting as its done.

This can also be implement SOHO environment as well with RB750, RB750GL no need of getting a server and save electricity :D

Reference: http://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/