Skip to content


scp and hidden files

Today, I recognized that scp does not copy hidden files……. or that I do not know how to use this command to copy hidden files (directories).
Today, I also recognize that rsync is a very handy tool to use instead of

For example, to copy contents of one file system form one host to another file system on another machine, do:

# rsync -av /source_fs/ loginName@targetKostName:/target_fs/

Posted in AIX, Linux.

Tagged with , , .


uploading files to RedHat

Today, I had to attach files to my case (PMR) and doing it with my web browser kept failing so I had to use command lines to deliver the files.

# redhat-support-tool addattachment -c 01285064 ./spacewalk-debug.tar.bz2

were -c defines the case (PMR) number and the last argument specifies path/file to be uploaded to RH support.
One more thing, your host may not have this tool installed. In this case, execute

# yum install redhat-support-tool

Posted in LINUX.


Editing crontab from a script

Several ORACLE LINUX “unbreakable” kernel (patching requires no reboot) need their root crontab file modified to allow scheduled and “unattended” monthly patching.
The file containing the effected hosts (one host per line) is called eSOA.list.
The script, called Crons.bsh does the job. Here it is:

#! /bin/bash
CronFile='/tmp/RootCron.txt'             # define storage file

chkconfig crond on                       # make sure cron starts at boot
crontab -u root -l > $CronFile           # extract root crontab into the file
crontab -u root -l > RootCrontabSaved    # saved copy, just in case

echo "MAILTO=UnixTeam" >>$CronFile       # add this line
echo "0 5 1 * * yum -y update" >>$CronFile # add this line too

crontab -u root /tmp/RootCron.txt         # replace root crontab
/etc/init.d/crond restart                 # restart crond
rm $CronFile                              # remove storage file

# create a new alias to receive "patching" emails
echo "UnixTeam: duszyk@wmd.edu, admin1@wmd.edu" >> /etc/aliases
newaliases                                # activate new aliases

With the above in Crons.bsh, the process of implementing this change on the selected hosts is trivial.

# for h in `cat eSOA.list`
do
scp Crons.bsh $h:/root/
ssh $h '/root/Crons.bsh'
ssh $h 'rm /root/Crons.bsh'
done

The last step, was of course executed from the host that has the "password-less" priviledge to all other UNIX hosts in my data centers.

Posted in Real life AIX.

Tagged with , , .


AD/KRB authentication for RedHat

Yesterday, I had to do it from scratch….. Start with making sure these rmp‘s are loaded.

# rpm -qa | grep krb
krb5-libs-1.10.3-33.el6.x86_64
pam_krb5-2.3.11-1.el6.x86_64

# rpm -qa | grep ldap
nagios-plugins-ldap-1.4.16-10.el6.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
pam_ldap-185-11.el6.x86_64
nss-pam-ldapd-0.7.5-18.2.el6_4.x86_64
openldap-2.4.39-8.el6.x86_64
php-ldap-5.3.3-38.el6.x86_64

# rpm -qa | grep nscd
nscd-2.12-1.149.el6.x86_64

# rpm -qa | grep fprintd
fprintd-0.1-21.git04fd09cfa.el6.x86_64
fprintd-pam-0.1-21.git04fd09cfa.el6.x86_64

Verify and disable sssd if present:

# chkconfig sssd off
# service sssd stop
# yum remove sssd

Generate KERBEROS environment.

# authconfig --enableshadow --passalgo=sha512 \
                  --enableldap --ldapserver=ldap://wmddc.wmd.edu \
                  --ldapbasedn="dc=chop,dc=edu" \
                  --disablefingerprint --enablekrb5 \
                  --krb5kdc=WMDDC.WMD.EDU \
                  --krb5adminserver=WMDDC.WMD.EDU \
                  --krb5realm=WMD.EDU \
                  --enablemkhomedir --update

Edit file /etc/nslcd.conf to add/edit these lines

# Mappings for Active Directory
pagesize 1000
referrals off
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (&(objectClass=group)(gidNumber=*))
# filter group  (objectClass=group)
map    group  uniqueMember     member

binddn CN=aixldapquery,OU=ServiceAccounts,OU=Corporate Servers,DC=chop,DC=edu
bindpw Ch0p2011$
uri ldap://wmddc.wmd.edu/
base dc=wmd,dc=edu

Edit the file /etc/pam.d/system-auth to look like below (order matters!)

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so

Edit file /etc/pam.d/password-auth to look like below

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so

Start the service.

# chkconfig nscd on
# service nscd start

Posted in Real life AIX.


dlnkmgr and mksysb

AIX host built from a mksysb image of another AIX host with HITACHI luns and disk drivers may have issues with its storage…. which apparently is a “well” known fact which is easily fixed executing the following command (results in the host reboot).

# >/usr/DynamicLinkManager/bin/dlmpostrestore
KAPL10555-I Executing the dlmpostrestore utility will reboot the host. Is this OK? [y/n]:y
KAPL10551-I The dlmpostrestore utility completed successfully. 

It worked like a charm!

Posted in HDS, Real life AIX.

Tagged with , , , .


aix, mksysb and cron issues

one of the hosts built from a mksysb image of another machine was showing the following message:

..... cannot create fifo queue

After login into another AIX hosts of the same operating system level and executing the following command:

# cd /var/adm/cron
# ls -la
total 16
drwxr-xr-x    2 root     system          256 Oct 28 07:45 .
drwxrwxr-x   10 root     system         4096 Oct 28 07:54 ..
prw-r--r--    1 root     system            0 Oct 28 07:44 FIFO
-rw-r--r--    1 root     cron           1072 Oct 28 07:57 log

Doing exactly the same on the “new” machined showed that there was no FIFO ……
The next command fixed this situation and the messages disappeared.

# mknod /var/adm/cron/FIFO p

Posted in Real life AIX.


a personal cause

Over the years, I have appreciated the support and interest my page have received. Now, I want you all to know about something that is close to my heart.
My daughter has been dreaming to become a dentist since she was in high school and now her dreams are coming true. As ambitious as she is to go to dental school, it’s even more ambitious to try to pay for it as each of the four years costs over $100,000. She has started a GoFundMe page in the hopes of raising some money to reduce her dental school debt.
Maggie has spent a lot of time helping me edit this site and would greatly appreciate any support – even $5 makes a difference. You can see her page at http://www.gofundme.com/fxzoqs.

Thanks,

MarkD:-)

Posted in Real life AIX.


This system profile has already been registered.....

Yesterday, we were installing RedHat but today we are installing the Oracle Unbreakable LINUX and as the part of the process we need to register these new systems with Oracle – if for anything else but to be able to download rpm’s and patches… The first Oracle Linux guest (we are using vmware for virtualization) registers just fine. The second one fails, the third fails and I do stop here to finally read the failure message. The message reads – “This system profile has already been registered……”. Really, is that so? By the way, this message is from our Oracle Linux 5 guests only. The later (kernel 6) ones do not have this “issue”.

As it turns out, the issues is really small. Oracle Linux 5 guests built from a template contain the same system “id” in the /etc/sysconfig/rhn/up2date-uuid which is wrong (each machine should have a unique one). Since Oracle Satellite is already aware of this uid, it trows a tantrum when another host is registering using the same uid. To fix it, you have to generate an new uid and use it to replace the existing one.

a. get the new guest uuid:

#/usr/bin/uuidgen -r
24cb61fc-1ab5-4bff-bd65-2a1d1b0f1203

b. replace the copied one with the guest very own one.

# cat /etc/sysconfig/rhn/up2date-uuid
uuid[comment]=Universally Unique ID for this server

# vi  /etc/sysconfig/rhn/up2date-uuid
####rhnuuid=91d0junk-1538-11db-8f59-123bdba2bb0f
rhnuuid=24cb61fc-1ab5-4bff-bd65-2a1d1b0f1203

Now, the up2date-nox --register works like a champ! Remember, this applies only to Linux5 and bellow.

Posted in Real life AIX.



iptrace at will

To record communication information on a specific port between two hosts, execute the following command:

# iptrace -a -i enX -s SourceHost -b -d DestinationHost -p PortNumber trace.out
[61800928]

Where enX -is the network interface use for the data transfer. The trace.out file is the bucket storing the received data. When enough data has been captured kill iptrace and translate its output so it can be read executing the ipreport command.

# ipreport trace.out > trace.report

To intercept all packets from a SourceHost, modify the last command like this:

 iptrace -a -i enX -s SourceHost trace.out

You can ask for the “bi-directional” traffic including -b and port using -p PortNumber.

Posted in Real life AIX.




© 2008-2014 www.wmduszyk.com - best viewed with your eyes.