Wednesday, December 21, 2011

Linux Mail Server Setup

Postfix SMTP Server Setup Howto for RHEL/CentOS 6

INSTALL POSTFIX AND DOVECOT

[root@ttc ~]# yum install -y postfix dovecot

Edit the file /etc/postfix/main.cf and uncommend the lines below.

inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/

In mydestination make the comment in other two lines

If Your are using ipv4 set ipv4 like in ipv6 also for both set all

inet_protocols = ipv4

Make sure that all mail_spool_directory lines are commented out.

Otherwise, it will override the setting in the home_mailbox line above.

Start the Service

# chkconfig postfix on
       # service postfix restart
       # service postfix status

Add a user like nan

Type in the command newaliases in a terminal window.

This will rebuild the aliases database file.

# newaliases

In the Terminal window, type in the highlighted commands below

[root@ttc ~]# telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 ttc.hpserver.com ESMTP Postfix
ehlo localhost
250-ttc.hpserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<nan>
250 2.1.0 Ok
rcpt to:<nan>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hi Nan  This is test mail 
Created on 22/12/2011
.
250 2.0.0 Ok: queued as DB7C213F6AC
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@ttc ~]#

To check if the mail indeed exists

[root@ttc ~]# cat /home/nan/Maildir/new/1324552225.V808I9f698M53702.ttc.hpserver.com

Return-Path: <nan@ttc.hpserver.com>
X-Original-To: nan
Delivered-To: nan@ttc.hpserver.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by ttc.hpserver.com (Postfix) with ESMTP id DB7C213F6AC
for <nan>; Thu, 22 Dec 2011 16:39:18 +0530 (IST)
Message-Id: <20111222110948.DB7C213F6AC@ttc.hpserver.com>
Date: Thu, 22 Dec 2011 16:39:18 +0530 (IST)
From: nan@ttc.hpserver.com
To: undisclosed-recipients:;

Hi Nan This is test mail
Created on 22/12/2011
[root@ttc ~]#

Dovecot POP3/IMAP Server Setup

Configure Dovecot

The settings for Dovecot are spread out across several files. Edit the files listed below and uncomment and updates its lines accordingly.

/etc/dovecot/dovecot.conf

protocols = pop3 imap lmtp

/etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir

/etc/dovecot/conf.d/20-pop3.conf

pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

Start the Dovecot service

[root@ttc ~]# service dovecot restart
Stopping Dovecot Imap:                                     [FAILED]
Starting Dovecot Imap:                                     [ OK ]
[root@ttc ~]# chkconfig dovecot on
In the Terminal window, type in the highlighted commands below.

[root@ttc ~]# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user nan
+OK
pass nan
+OK Logged in.
list
+OK 2 messages:
1 471
2 479
.
retr 1
+OK 471 octets
Return-Path: <nan@ttc.hpserver.com>
X-Original-To: nan
Delivered-To: nan@ttc.hpserver.com
Received: from localhost (localhost.localdomain [127.0.0.1])
    by ttc.hpserver.com (Postfix) with ESMTP id CF3D313F6AC
    for <nan>; Thu, 22 Dec 2011 16:12:14 +0530 (IST)
Message-Id: <20111222104228.CF3D313F6AC@ttc.hpserver.com>
Date: Thu, 22 Dec 2011 16:12:14 +0530 (IST)
From: nan@ttc.hpserver.com
To: undisclosed-recipients:;

HI This is test mail to you on 22/12/2011
.
retr 2
+OK 479 octets
Return-Path: <nan@ttc.hpserver.com>
X-Original-To: nan
Delivered-To: nan@ttc.hpserver.com
Received: from localhost (localhost.localdomain [127.0.0.1])
    by ttc.hpserver.com (Postfix) with ESMTP id DB7C213F6AC
    for <nan>; Thu, 22 Dec 2011 16:39:18 +0530 (IST)
Message-Id: <20111222110948.DB7C213F6AC@ttc.hpserver.com>
Date: Thu, 22 Dec 2011 16:39:18 +0530 (IST)
From: nan@ttc.hpserver.com
To: undisclosed-recipients:;

Hi Nan This is test mail
Created on 22/12/2011
.
quit

Friday, December 16, 2011

Setting up samba with Iptables and Selinux

Install samba on the server

# yum install samba

Create the group that all the samba users will be contained in, for example 'samba'

# groupadd samba

Create samba users and add it to the above group, which is in this example is 'samba'. Below is the example to create a user named 'user1' and add it to group 'samba'. Set the password for user1

# useradd user1 -g samba
# passwd user1

Create the directory to be shared. In this example, i will use /home/shared. Change the ownership to root and group ownership to the 'samba' group. Change permission so that only user and group can read write and execute

# mkdir /home/shared
# chown -R root.samba /home/shared
# chmod -R 775 /home/shared

5. Add the Port Numbers in the Ip tables
           [root@localhost ~]# iptables -I INPUT -p tcp -m tcp --dport 137 -j ACCEPT
           [root@localhost ~]# iptables -I INPUT -p tcp -m tcp --dport 138 -j ACCEPT
           [root@localhost ~]# iptables -I INPUT -p tcp -m tcp --dport 139 -j ACCEPT
           [root@localhost ~]# iptables -I INPUT -p tcp -m tcp --dport 445 -j ACCEPT
    6. Save and Restart the Iptables

[root@localhost ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

[root@localhost ~]# service iptables restart

7. Add SELinux Settings
# setsebool -P samba_export_all_rw on
8. Change the Setting in /etc/samba/smb.conf

         [Share]
   path = /var/share
         browseble = yes
         writable = yes
         valid users = nttf
      9.Add user/users to samba
        # smbpasswd -a user1
     10. Start smb service, restart if it has already been started
[root@localhost ~]# service smb restart
        Shutting down SMB services:                                [ OK ]
        Starting SMB services:                                     [ OK ]

How to Open Samba Client in terminal

smbclient //<hostname>/<sharename> -U <username>

[root@localhost ~]# smbclient //192.168.0.212/share -U nttf
Enter nttf's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6]
smb: \> ls
.                                   D        0 Fri Dec 16 14:00:21 2011
..                                  D        0 Fri Dec 16 12:00:26 2011

        53566 blocks of size 524288. 48561 blocks available
smb: \>

Wednesday, November 23, 2011

VNC Configuration

There are several ways to configure the vnc server. This HOWTO shows you how to configure VNC using the 'vncserver' service as supplied by CentOS.

1. Installing the required packages

The server package is called 'vnc-server'. Run the command rpm -q vnc-server.

The result will be either package vnc-server is not installed or something like vnc-server-4.0-11.el4.

If the server is not installed, install it with the command: yum install vnc-server.

The client program is 'vnc'. You can use the command yum install vnc to install the client if rpm -q vnc shows that it is not already installed.

Make sure to install a window manager in order to get a normal GUI desktop. You can use the command yum groupinstall "GNOME Desktop Environment" to install the Gnome Desktop and requirements, for example. Other popular desktop environments are "KDE" and "XFCE-4.4". XFCE is more light-weight than Gnome or KDE and available from the "extras" repository.

If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may complain about a missing libgaim.so.0. This is a known bug. Please see CentOS-5 FAQ for details.

If you are running CentOS 6, the server is tigervnc-server not vnc-server.

2. Configuring un-encrypted VNC

We will be setting up VNC for 3 users. These will be 'larry', 'moe', and 'curly'.

You will perform the following steps to configure your VNC server:

Create your VNC users.
Set your users' VNC passwords.
Edit the server configuration.
Create and customize xstartup scripts.
Start the VNC service.
Test each VNC user.
Setup the VNC service to start on reboot.
Additional optional enhancements

2.1. Create your VNC users

As root:

$ su -
# useradd larry
# useradd moe
# useradd curly
# passwd larry
# passwd moe
# passwd curly

2.2. Set your users' VNC passwords

[~]$ cd .vnc
[.vnc]$ ls
passwd

2.3. Edit the server configuration

Edit /etc/sysconfig/vncservers, and add the following to the end of the file.

VNCSERVERS="1:larry 2:moe 3:curly"
VNCSERVERARGS[1]="-geometry 640x480"
VNCSERVERARGS[2]="-geometry 640x480"
VNCSERVERARGS[3]="-geometry 800x600"

Larry will have a 640 by 480 screen, as will Moe. Curly will have an 800 by 600 screen.

2.4. Create xstartup scripts ( Skip this step for CentOS 6 )

We will create the xstartup scripts by starting and stopping the vncserver as root.

# /sbin/service vncserver start
# /sbin/service vncserver stop

[~]$ cd .vnc
[.vnc] ls
mymachine.localnet:1.log  passwd  xstartup

Edit xstartup. The original should look like:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Add the line indicated below to assure that an xterm is always present, and uncomment the two lines as directed if you wish to run the user's normal desktop window manager in the VNC. Note that in the likely reduced resolution and color depth of a VNC window the full desktop will be rather cramped and a look bit odd. If you do not uncomment the two lines you will get a gray speckled background to the VNC window.

#!/bin/sh
# Add the following line to ensure you always have an xterm available.
( while true ; do xterm ; done ) &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

2.5. Start the VNC server

Start the vncserver as root.

# /sbin/service vncserver start

2.6. Test each VNC user

2.6.1. Testing with a java enabled browser

Let us assume that mymachine has an IP address of 192.168.0.10. The URL to connect to each of the users will be:

Larry is http://192.168.0.10:5801
Moe   is http://192.168.0.10:5802
Curly is http://192.168.0.10:5803

Connect to http://192.168.0.10:5801. A java applet window will pop-up showing a connection to your machine at port 1. Click the [ok] button. Enter larry's VNC password, and a 640x480 window should open using the default window manager selected for larry . The above ports 5801, 5802 and 5803 must be open in the firewall {iptables) for the source IP addresses or subnets of a given client.

2.6.2. Testing with a vnc client

For Larry: vncviewer 192.168.0.10:1
For   Moe: vncviewer 192.168.0.10:2
For Curly: vncviewer 192.168.0.10:3

To test larry using vncviewer, vncviewer 192.168.0.10:1. Enter Larry's VNC password, and a 640x480 window should open using Larry's default window manager. The vncviewer client will connect to port 590X where X is an offset of 1,2,3 for Larry, Moe, and Curly respectively, so these ports must be open in the firewall for the IP addresses or subnets of the clients.

2.6.3. Starting vncserver at boot

To start vncserver at boot, enter the command /sbin/chkconfig vncserver on.

For basic VNC configuration the procedure is now complete. The following sections are optional refinements to enhance security and functionality.

3. VNC encrypted through an ssh tunnel

You will be connecting through an ssh tunnel. You will need to be able to ssh to a user on the machine. For this example, the user on the vncserver machine is Larry.

Edit /etc/sysconfig/vncservers, and add the option -localhost.

VNCSERVERS="1:larry 2:moe 3:curly"
VNCSERVERARGS[1]="-geometry 640x480 -localhost"
VNCSERVERARGS[2]="-geometry 640x480 -localhost"
VNCSERVERARGS[1]="-geometry 800x600 -localhost"

/sbin/service vncserver restart
Go to another machine with vncserver and test the VNC.
1. vncviewer -via larry@192.168.0.10 localhost:1
2. vncviewer -via moe@192.168.0.10 localhost:2
3. vncviewer -via curly@192.168.0.10 localhost:3

By default, many vncviewers will disable compression options for what it thinks is a "local" connection. Make sure to check with the vncviewer man page to enable/force compression. If not, performance may be very poor!

4. Recovery from a logout ( Not implemented for CentOS 6 )

If you logout of your desktop manager, it is gone!

We added a line to xstartup to give us an xterm where we can restart our window manager.
- For gnome, enter gnome-session.
- For kde, enter startkde.

5. Remote login with vnc-ltsp-config

To allow remote login access via a vnc-client to the Centos system, the RPM packages named vnc-ltsp-config and xinetd can be installed. When a vnc-client connects to one of the configured ports, the user will be given a login screen. The sessions will *not* be persistent. When a user logs out, the session is gone.

The rpm package vnc-ltsp-config is easily installed via the EPEL repository noted in Available Repositories

Note: There are no major dependencies for the package so the vnc-ltsp-config*.rpm could easily be downloaded and installed without the need for enabling the EPEL repository.

Install, as root via:

# yum install xinetd vnc-ltsp-config
# /sbin/chkconfig xinetd on
# /sbin/chkconfig vncts on
# /sbin/service xinetd restart

Next, as root edit the file "/etc/gdm/custom.conf".

To the next blank line below the "[security]" section add "DisallowTCP=false"
To the next blank line below the "[xdmcp]" section add "Enable=true"
Make sure you are in a position to either run "gdm-restart" for default Gnome installs or just reboot the CentOS box.

This will add the ability to get the following default vnc-client based session connections:

resolution	color-depth	port
1024x768	16	5900/tcp
800x600	16	5901/tcp
640x480	16	5902/tcp
1024x768	8	5903/tcp
800x600	8	5904/tcp
640x480	8	5905/tcp

Tuesday, October 11, 2011

DNS Server

Install the required packages:

[root@nan ~]# yum install -y bind bind-utils bind-libs

Ensure that the service is set to start on system boot:

[root@nan ~]# chkconfig named on

Otherwise start the service

[root@nan ~]# service named start

Use the iptables command to create your firewall rules:

[root@nan ~]# iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT
[root@nan ~]# iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT

Save the rules you just created:

[root@nan ~]# service iptables save

SELinux Boolean provides protection to the DNS service.
You need to adjust it for the DNS service to work properly.

Query for the Boolean value you need to change:

[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> off

Disable the SELinux protection:

[root@nan ~]# setsebool -P named_disable_trans=1

Verify that the Boolean has changed:

[root@nan ~]# getsebool -a | grep named_dis
named_disable_trans --> on

Check the context type

[root@nan ~]# chcon -t named_conf_t /etc/named.conf

Verify with this command:

[root@nan ~]# ls -Z /etc | grep named.conf

Configuring a DNS Server

To begin configuring the DNS server, check out these key config files for a
BIND server:

/etc/named.conf                            Main config file
/etc/rndc.key                                 Key file
/etc/rndc.conf                               Key config file
/usr/share/doc/bind-9*/sample     Directory that holds sample files

Verify that the localhost is used for DNS queries on

[root@nan ~]# cat /etc/resolv.conf

# Generated by NetworkManager

domain localdomain

search localdomain server.com

nameserver 192.168.16.2

nameserver 192.168.25.111 // Add the name server IP address

Configure BIND IP address [192.168.25.111/24], Domain name [nan.server.com]. However, Please use your own IPs and domain name when you set config on your server.

[root@nan ~]# cat /etc/named.conf

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    # Add the ip address in listen-on port
    # If You want all port means make # line
    listen-on port 53 { 127.0.0.1; 192.168.25.111;};

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

# set any in allow-query
allow-query { any; };

#allow-query-cache { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

#Our sample domain is server.com defined here

zone    "server.com" IN {
    type master;
    file "server.zone";
    allow-update{none;};
};
zone "example.com" IN {
    type master;
    file "example.zone";
    allow-update{none;};
};
zone "111.25.168.192.in-addr.arpa" IN {
    type master;
    file    "111.25.168.192.db";
    allow-update{none;};
};
include "/etc/named.rfc1912.zones";

Now that you have
an /etc/named.conf file, you need to create the zone files.

Before going any further, you should also understand the different
types of resource records used with DNS and why each one is important.

A            Maps the hostname to an IP address
NS         Contains the IP address or CNAME of the nameserver
MX         Defines where mail for a particular domain goes
PTR     Maps the IP address to a hostname
SOA       Contains general administrative control for the domain
CNAME Used as an alias

In the /var/named directory, you can set up the following example.com.zone file:

[root@nan ~]# cat /var/named/server.zone
$TTL 3D
@   IN   SOA   nan.server.com.   root.nan.server.com. (
                   20111004123   ; serial
                   1D   ; refresh
                   1H   ; retry
                   1W   ; expire
                   3H )   ; minimum
@   IN   NS   nan.server.com.
nan   IN   A   192.168.25.111

Everything is now in place for you to begin using your DNS server. Before starting the service, however, make sure that the config files don’t have any syntax errors.

You can use the configtest option of the named command to accom-
plish this:

# service named configtest

Because no errors are displayed, you can start the service:

# service named start

For verification

[root@nan ~]# dig nan.server.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> nan.server.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nan.server.com.           IN   A

;; Query time: 1 msec
;; SERVER: 192.168.25.111#53(192.168.25.111)
;; WHEN: Wed Oct 12 14:00:51 2011
;; MSG SIZE rcvd: 32

Friday, August 12, 2011

DHCP Configuration

ddns-update-style interim;
ignore client-updates;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
subnet 192.168.20.0 netmask 255.255.255.0 {

# --- default gateway
   option routers           192.168.20.1;
   option subnet-mask       255.255.255.0;

   option domain-name-servers   192.168.20.1;
   option subnet-mask       255.255.255.0;
   range 192.168.20.128 192.168.20.254;
        filename    "/pxelinux.0";
   default-lease-time 21600;
   max-lease-time 43200;
   next-server   192.168.20.1;
}

Wednesday, June 29, 2011

How to setup Boot Password (Grub)

Even before the operating system is booted, GRUB enables access to file systems. Users without root permissions can access files in your Linux system to which they have no access once the system is booted. To block this kind of access or prevent users from booting certain operating systems, set a boot password.
As the user root, proceed as follows to set a boot password:

At the root prompt, encrypt the password using grub-md5-crypt:

# grub-md5-crypt
Password: ****
Retype password: ****
Encrypted: $1$lS2dv/$JOcHkLosIn7CJk9xShzzJVw/

Paste the encrypted string into the global section of the file menu.lst:

gfxmenu (hd0,4)/message
color white/blue black/light-gray
default 0
timeout 8
password --md5 $1$lS2dv/$JOcHkLosIn7CJk9xShzzJVw/

Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu.

Thursday, June 23, 2011

Convert RHEL to CentOS

Hi

Recently i was installed in my desktop RHEL 5 and I was tried to upgrade. On the time it asked Searial Key. I was tried what the key mentiond in the DVD, but it has not taken. So i decided to convert RHEL to Centos. I Done Using following Steps.

Remove the redhat-release and yum-rhn-plugin repo

rpm -e --nodeps redhat-release
rpm -e --nodeps yum-rhn-plugin

Download the key from

http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

Install the RPM-GPG-KEY-CentOS-5

rpm --import RPM-GPG-KEY-CentOS-5

Download and Install the following rpms in this site

http://mirror.centos.org/centos/5.6/os/i386/CentOS/

centos-release-5-6.el5.centos.1.i386.rpm 
centos-release-notes-5.6-0.i386.rpm   
yum-3.2.22-20.el5.centos.noarch.rpm
yum-updatesd-0.9-2.el5.noarch.rpm

Then

Yum clean all

Yum upgrade

Your Centos will upgrade

Have the Centos update with help of Redhat Package

Wednesday, June 22, 2011

The trick to recover the lost RHEL installation number

This trick MAY or may NOT work. Since this DELL server is known to have preinstalled RHEL 5.5 with a valid subscription number, the chance to recover RHEL installation number is high:

1) Login to the system as root

2) Change directory to /etc/sysconfig/rhn and uses cat command to display the install-num file. Alternatively, you can just cat the file as this:

cat /etc/sysconfig/rhn/install-num

According to RHEL 5 Release Notes, the installation number is saved in /etc/sysconfig/rhn/install-num, if entered during RHEL installation. This install-num file is referred by rhn_register when registering with Red Hat Network.

Thursday, June 16, 2011

Change Login Screen Image on Fedora 14

I checked the “/usr/share/backgrounds/” directory and found a “laughlin” folder. Inside it is a folder named “default” that contains three other folders named normalish, standard, and wide and a laughlin.xml file. The three folders contained the default login screen image. If you open the xml file with a text editor, you’ll notice that a part of it specifies the path of the Laughlin wallpaper. Wide, Normalish, and Standard specifies the image dimensions. And using this xml file, we can change the login screen image.

Here’s what I did. First, I edited my image three times using the specified dimensions (this is optional) and saved them as PNG files. I then copied them to the three folders with respect to their dimensions.

[root@machine username]# cp /current/file/location/filename1.png /usr/share/backgrounds/laughlin/default/wide/
[root@machine username]# cp /current/file/location/filename2.png /usr/share/backgrounds/laughlin/default/standard/
[root@machine username]# cp /current/file/location/filename3.png /usr/share/backgrounds/laughlin/default/normalish/

Using vi, edit laughlin.xml and replace the filenames and save the file. See image below.

I logged off and there was my new login screen. I used a random Fedora wallpaper I got from the web.

Monday, June 6, 2011

How To Install Or Upgrade LAMP: Linux, Apache, MySQL and PHP Stack Using Yum

Installing LAMP stack using yum

is very easy and takes only minutes. This is a good option for beginners who don’t feel comfortable installing from source. Also, Installing LAMP stack using yum is a good choice, if you want to keep things simple and just use the default configuration.

1. Install Apache using Yum

# rpm -qa | grep httpd

[Note: If the above command did not return anything,
          install apache as shown below]

# yum install httpd

Verify that Apache got installed successfully

# rpm -qa | grep -i http

httpd-tools-2.2.9-1.fc9.i386
httpd-2.2.9-1.fc9.i386

Start the Apache as shown below.

# service httpd start

Starting httpd: [ OK ]

2. Upgrade Apache using Yum

If you’ve selected web server package during Linux installation, Apache is already installed on your Linux. In which case, you can upgrade Apache to the latest version as shown below.
Check whether Apache is already installed.

# rpm -qa | grep -i http

httpd-tools-2.2.8-3.i386 httpd-2.2.8-3.i386

Check whether latest version of Apache is available for installation using yum.

yum check-update httpd

Loaded plugins: refresh-packagekit

httpd.i386      2.2.9-1.fc9       updates

[Note: This indicates that the latest Apache version 2.2.9
       is available for upgrade]

Upgrade Apache to latest version using yum.

# yum update httpd

Verify whether the Apache got upgraded successfully.

# rpm -qa | grep -i http

httpd-tools-2.2.9-1.fc9.i386
httpd-2.2.9-1.fc9.i386
[Note: This indicates that Apache was upgraded to 2.2.9 successfully]

3. Install MySQL using Yum

Yum is very smart to identify all the dependencies and install those automatically. For example, while installing mysql-server using yum, it also automatically installs the depended mysql-libs, perl-DBI, mysql, perl-DBD-MySQL packages as shown below.

# yum install mysql-server

Verify whether MySQL got installed properly.

# rpm -qa | grep -i mysql

php-mysql-5.2.6-2.fc9.i386
mysql-libs-5.0.51a-1.fc9.i386
mysql-server-5.0.51a-1.fc9.i386
perl-DBD-MySQL-4.005-8.fc9.i386
mysql-5.0.51a-1.fc9.i386

# mysql -V

mysql  Ver 14.12 Distrib 5.0.51a, for redhat-linux-gnu (i386) using readline 5.0

Configure MySQL to start automatically during system startup.

# chkconfig mysqld on

Start MySQL service.

# service mysqld start

The first time when you start mysqld, it will give additional information message indicating to perform post-install configuration as shown below.

Initializing MySQL database:
Installing MySQL system tables... OK
Filling help tables... OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h dev-db password 'new-password'

Alternatively you can run: /usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
highly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at

http://www.mysql.com

Support MySQL by buying support/licenses at http://shop.mysql.com

Starting MySQL:                                            [  OK  ]

4. Perform MySQL post-installation activities

After the mysql installation, you can login to mysql root account without providing any password as shown below.

# mysql -u root

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.0.51a Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

To fix this problem, you need to assign a password to mysql root account as shown below. Execute mysql_secure_installation script, which performs the following activities:

Assign the root password
Remove the anonymous user
Disallow root login from remote machines
Remove the default sample test database

# /usr/bin/mysql_secure_installation

Output of mysql_secure_installation script:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: [Note: Enter the mysql root password here]
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...
All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!

Verify the MySQL post-install activities:

# mysql -u root

ERROR 1045 (28000):Access denied for user 'root'@'localhost'(using password:NO)
[Note: root access without password is denied]

# mysql -u root -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.0.51a Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
+--------------------+
2 rows in set (0.00 sec)
[Note: test database is removed]

5. Upgrade MySQL using Yum

Check whether MySQL is already installed.

# rpm -qa | grep -i mysql

Check whether a latest version of MySQL is available for installation using yum.

# yum check-update mysql-server

Upgrade MySQL to latest version using yum.

# yum update mysql-server

6. Install PHP using Yum

# yum install php

Install MySQL module for PHP.

# yum search php-mysql

# yum install php-mysql

If you need additional PHP modules, install them using yum as shown below.

# yum install php-common php-mbstring php-mcrypt php-devel php-xml php-gd

7. Upgrade PHP using Yum

Check whether PHP is installed.

# rpm -qa | grep -i php

Check whether a latest version of PHP is available for installation using yum.

# yum check-update php

Upgrade PHP to the latest version using yum.

# yum update php

Upgrade any additional PHP modules that you’ve installed using yum.

# yum check-update php-common php-mbstring php-mcrypt php-devel php-xml php-gd

# yum update php-common php-mbstring php-mcrypt php-devel php-xml php-gd

Verify the PHP installation by creating a test.php file as shown below.

# cat /var/www/html/test.php

<? phpinfo(); ?>

Invoke the test.php from the browser http://{lamp-server-ip}/test.php , which will display all PHP configuration information and the installed modules.

Wednesday, April 27, 2011

Linux Mail Server Setup and Howto Guide

This website will show you how to setup an email server accessible using a POP3, IMAP or web browser client. It will also show you how to include virus scanning and spam tagging in the mail server. If you have an existing Active Directory or LDAP infrastructure, the last section will show you how to integrate it into your email server so you won’t have to maintain two sets of user accounts.

The link is

http://www.linuxmail.info/

Thursday, March 31, 2011

Doing pxe boot of windows 2003

install server 2003

configure the i) dns server
ii)dhcp server and create a scope

Configure the RIS Service

Goto start->Control panel->Add or Remove programs->Add/Remove Windows Components Select Remote Installation Service and copy files from cd( which u want to install in the client system)

Copying the image to the RemoteInstall folder

Goto start-> Administrator tools-> Remote Installation Service setup copy the image that which u want to install in the client system.

Give the full Authentication to the RemoteInstall folder(Right click the RemoteInstall folder where u created)

The Remote install folder should not be the System drive

DHCP server configuration

Create a scope if scope does not exists.

Goto start->Administrative tools -> DHCP Right click DHCP Add server then select this server option then the dhcp server will be created with domain name Right Click and select New scope and create a new scope then scope will be created.

Double click on scope ->scope options -> Right click configure options then

                                         configure these options i) Router
   ii)Boot server hostname
                                                                               iii)Bootfile name

Adding the Network driver to the RIS image

   Create the directory shown below inside the drive:\RemoteInstall\Setup\English\Images\WINDOWS\i386

      \$oem$\$1\Drivers\Nic

Download the oem network driver from below url:

http://drivers.brothersoft.com/realtek-ethernet-pci-e-driver-5.776-for-2003-xp-download-47037.html

Copy the downloaded driver into the below path

Drive:\RemoteInstall\Setup\English\Images\WINDOWS\i386\$oem$\$1\Drivers\Nic\

In Regedit(registry) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\devicePath default will be %Systemdrive%\inf change into

Drive:\RemoteInstall\Setup\English\Images\WINDOWS\i386\$oem$\$1\Drivers\Nic\

then restart u r computer and boot the client system through network.

Requirements for the client system

The system should be connected to the network.

Red Hat 6: How to boot into Single-user mode

There are a few situations where we need to take a Linux system actually offline:

file systems operations ( i.e. resizing, backup/restore, fsck)
general maintenance (certain things simply cannot be done in multi-user mode)
lost root passwords (often enough a single admin is around, typically not documenting changes etc., or disgrantled employees do some harm )

In such situations, it is necessary to boot into Single-user mode (aka runlevel 1).
There are basically 2 general ways of achieving this:

If you have a valid login account with elevated permissions, and want to do some maintenance, just change the runlevel as described here.
If you lost the root password, you must reboot the computer and edit the bootloader ( typically GRUB) to boot into Single user mode.

In a situation where the root password is already lost and no other account with equivalent permissions is available, you probably have to hard-reset the system.
If that is a physical server, you might have to press the power button typically for 4 seconds or longer, or even unplug the power cable, as most if not all modern servers can be configured on BIOS level to ignore the power buttons. Many companies have coded this in their policies to ensure important servers are not being switched off by coincidence.
To reset a physical server, you usually need to have also physical access to that very box, including keyboard and monitor, or via KVM switch if available.
A virtual machine can usually be reset a bit easier, depending on the host system (VMware, XEN, KVM, etc. etc.).
Either way, once your system is rebooting, you need to access the edit bootloader, which in Redhat 6 is GRUB (GRand Unified Bootloader).
When the screen shows the GRUB stage 1, it counts down 4 seconds (at least per default configuration, this can be different in many cases) with one head-line “Press any key to enter the menu” and printing another line every second, stating which kernel will be booted:

Press any key here to get into the GRUB menu:

Good job! As you can see in the text under the border, you have a few choices now:

use the cursor keys to switch between kernels (if you have more than 1 installed) to chose the one you want to boot
press “enter ” to boot the selected kernel
press “e” to edit the kernel commands before booting => this will be our choice
press “a” to modify the kernel arguments
press “c” to go to a command-line, for extended troubleshooting etc.

One you pressed “e” while the kernel of your choice is highlighted, you get a second menu:

Here it is vital to highlight the second line ( while it is possible to edit parameters on each of the lines, the second line is just where we need to go), and press “e” once more to edit:

Here we simply type the word “single” at the end of the line to add one more argument to the kernel:

(Note that there are quite a few more parameters available to add, but we want to get into single-user mode so that is all we need for now).
Make sure to hit “enter” to actually add the argument and to return to the boot menu. Escape does get you back to the same menu as well, but it does not add the argument, so your work will be undone actually.

We are back to the previous menu, and if you like you can press “e” again to ensure that “single” is now added to the end of the line, otherwise you just can hit “b” now to boot into single-user mode:

As you can see at the bottom of the screen, you are now logged on as root without having to present any credentials. If you came here to reset your root password, just type passwd to do so:

[root@your_system /]# passwd

and enter the password of your choice when prompted.
As you can see, this is actually a very easy process. As such, please always be aware that anyone who has access to this system can do that as well! Server or workstation, both have should be always secured in one way or the other. File level encryption might be one way of securing your data, but it does probably not help against someone trying to bring your system down, i.e. DOS attacks.

Monday, March 28, 2011

How to setup multimedia on Redhat 6 & Centos (32 and 64 bit)

Step 1:

Add RPMforge repository access for your Redhat $ CentOS system. (Required for the majority of multimedia packages.)

Installing RPMforge for Redhat 6 & Centos 6

The default RPMforge repository does not replace any CentOS base packages. In the past it used to, but those packages are now in a separate repository (rpmforge-extras) which is disabled by default.

You can find a complete listing of the RPMforge package packages at http://packages.sw.be/

Download the rpmforge-release package. Choose one of the two links below, selecting to match your host's architecture. If you are unsure of which one to use you can check your architecture with the command uname -i

The preferred rpmforge-release package to retrieve and to install in order to enable that repository is one of the two listed above.

Install DAG's GPG key

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

Verify the package you have downloaded

rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm

Install the package

rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm

This will add a yum repository config file and import the appropriate GPG keys.

Installing Dag RPM Repository for Red Hat Enterprise Linux

The DAG RPM repositories which contains huge amount of rpm packages. It’s very easy. Just install the latest rpmforge-release package for your distribution and architecture.

This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

First :-

# gedit /etc/yum.repos.d/dag.repo

Insert :-

[dag]

name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el6/en/x86_64/dag/
gpgcheck=1
enabled=1

Then save the repo file also you can update RPM

Find out waht the actual name for missing package from this site:

http://pkgs.org/

Download the package from this site

http://ftp.redhat.com/redhat/rhel/beta/6/optional/x86_64/os/Packages/

Step 2: Install the multimedia applications.

The following steps will use yum to install all the packages needed to have full multimedia support. Note there will be a lot of dependencies.

yum install compat-libstdc++-33 libdvdcss libdvdread libdvdplay libdvdnav lsdvd libquicktime
yum install flash-plugin mplayerplug-in mplayer mplayer-gui gstreamer-ffmpeg gstreamer-plugins-bad gstreamer-plugins-ugly

Step 3: Install the w32Codecs. (Required for xvid and other proprietary formats.)

wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-20061022-1.i386.rpm
rpm -ivh mplayer-codecs-20061022-1.i386.rpm
wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-extra-20061022-1.i386.rpm
rpm -ivh mplayer-codecs-extra-20061022-1.i386.rpm

Redhat 6 Beta Package (32 and 64 bit)

Download Beta RPM in this site

http://ftp.redhat.com/redhat/rhel/beta/6/optional/x86_64/os/Packages/

Tuesday, March 22, 2011

Install Google Chrome with YUM on Fedora 14/13, Red Hat (RHEL) 6

This howto explains howto install Google Chrome Web browser on Fedora 14, Fedora 13, Fedora 12 and Red Hat 6 (RHEL 6). Best way to install and keep up-to-date with Google Chrome browser is use Google’s own YUM repository.

Enable Google YUM repository

Add following to /etc/yum.repos.d/google.repo file:

32-bit

[google]
name=Google - i386
baseurl=http://dl.google.com/linux/rpm/stable/i386
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

64-bit

[google64]
name=Google - x86_64
baseurl=http://dl.google.com/linux/rpm/stable/x86_64
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

Note: Both 32-bit and 64-bit repos can be placed in the same file.

Install Google Chrome with YUM (as root user)

Install Google Chrome Stable Version

## Install Google Chrome Stable version ##
yum install google-chrome-stable

Install Google Chrome Beta Version

## Install Google Chrome Beta version ##
yum install google-chrome-beta

Install Google Chrome Unstable Version

## Install Google Chrome Unstable version ##
yum install google-chrome-unstable