reload the “shutting_down” zone

Check zone process

# ps -fz zonename

reload the stucks zone

# zoneadm -z zonename unmount -f
# zoneadm -z zonename reboot — -s
# pkill -9 -z zonename

September 3, 2010 at 8:23 am Leave a comment

rpm problem

scriptlet failed, exit status 1

using this option to erase
–nopreun

January 10, 2008 at 9:53 am Leave a comment

check UDP connection command

netcat
nc -u host.yourdomain.com XX
or
nmap -s U -p 53 202.85.128.32

January 5, 2008 at 3:15 pm Leave a comment

redhat 9 update

lynx http://apt.freshrpms.net

January 5, 2008 at 3:15 pm Leave a comment

rescue grub

boot from linux live cd
chroot /mnt/root        <- mount the root partition
grub
root (hdX, Y)   <- X device no, Y partition no (start from 0)
setup (hdX)
quit

January 5, 2008 at 3:15 pm Leave a comment

diaster recovery for linux

boot from live cd
mount the partition
mv etc etc.ORG
mv sbin sbin.ORG
mv usr usr.ORG
mv var var.ORG
install the linux and keep all the mount point, do not format the partition
after installation
Restore account
cp /etc.ORG/passwd /etc; cp /etc.ORG/group /etc; cp /etc.ORG/shadow /etc; cp /etc.ORG/gshadow /etc
cp -a /etc.ORG/httpd /etc     <– any service config file you want to restore

January 5, 2008 at 3:14 pm 1 comment

if crontab -e not work

set this variable in profile file
EDITOR=usr/bin/vi; export EDITOR
the copy of cron file
/var/spool/cron

January 5, 2008 at 3:14 pm Leave a comment

ARCserve r11.5 for linux installation

mount /dev/cdrom /mnt/cdrom
./install
cstop
csetup     <- server name, domain name, caroot account, create database
cstart
config httpd.conf
start httpd service
Device config
/opt/CA/BrightStorARCserve/config/camediad.cfg
Device info
/dev/rcha*
cat /proc/scsi/scsi
Uninstall product
/opt/CA/BABcmagt/uninstall
Check License
/opt/CA/ca_lic/lic98.log
Restart Service
cstatus <– kill all process
cstop
cstart
Load and unload service
bab -unload servicename
bab -load servicename

January 5, 2008 at 3:13 pm Leave a comment

vsftpd

Troubleshooting
500 OOPS: cannot change directory:/home/*****
500 OOPS: child died
1. check iptables
# iptables -L
2. check SElinux
# setsebool -P ftpd_disable_trans 1
# getsebool ftpd_disable_trans
ftpd_disable_trans  on   <== correct !
# service vsftpd restart
————————————————-
vsftpd.conf
listen=YES

local_enable=YES
userlist_enable=YES
userlist_deny=NO

chroot_local_user=YES
chroot_list_enable=YES

anonymous_enable=NO
anon_root=/home/ftp/
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_upload_enable=NO

write_enable=YES

force_dot_files=YES
dirmessage_enable=YES

xferlog_enable=YES
dual_log_enable=YES

connect_from_port_20=YES

ascii_upload_enable=YES
ascii_download_enable=YES

ftpd_banner=Welcome to the FTP server.

secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

———————————————————————————————————————————————————–

chroot_list_enable
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.

Default: NO
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

Default: NO

So if you have both set to YES, whatever local user that logs in can view every folder/file on your system. I set chroot_local_user to NO and now it locks the user to their home directory. Other than that thanks for the config file, definitely helped.

January 5, 2008 at 3:13 pm Leave a comment

temporarily switch off and disable selinux

SELinux has 3 modes: disabled, permissive, enforcing

termporarily switch off selinux
# echo 0 >/selinux/enforce
# newrole -r sysadm_r
switch back into enforcing mode
# echo 1 >/selinux/enforce
# cat /selinux/enforce
“0” or “1” for permissive or enforcing

For REHL or Fedora
Permanently change to permissive or disabled
# vi /etc/selinux/config
change SELINUX=enforcing to SELINUX=permissive
change SELINUX=enforcing to SELINUX=disable

For other linux that don’t have the /etc/selinux/config, just change the grub config to activiate the setting
# vi /boot/grub/grub.conf
##—– permissive
title SE-Linux Test System
root (hd0,0)
kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb enforcing=0
#initrd /boot/initrd-2.4.20-selinux-2003040709.img

##—– disable
title SE-Linux Test System
root (hd0,0)
kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb selinux=0
#initrd /boot/initrd-2.4.20-selinux-2003040709.img

if you want to re-enable the SELinux
1. change back the config file
2. after booting into permissive mode run
# fixfiles relabel
(Alternatively in Fedora or RHEL)
# touch /.autorelabel
and reboot or put
# autorelabel

January 5, 2008 at 3:12 pm 2 comments

Older Posts

Categories

  • Computer News

    • Feeds