LINUX AND VMWARE STUFF

This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Thursday, October 4, 2018

How to read/convert Audit log timestamp in RHEL7

Thursday, October 04, 2018 0
By default, audit log would be like below.

 type=SYSCALL msg=audit(1510471123.129:36): arch=c000003e syscall=175 success=yes exit=0 a0=1901a20 a1=1c5d a2=41a2d8 a3=18fe400 items=0 ppid=7 24 pid=725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmo d" subj=system_u:system_r:insmod_t:s0 key=(null)
type=PROCTITLE msg=audit(1510471123.129:36): proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0069707461626C655F6D616E676C65 type=NETFILTER_CFG msg=audit(1510471123.276:37): table=nat family=2 entries=0

 Below commands are used to convert the auditlog timestamp to user readable timestamp.

 1. AUSEARCH : 

 ausearch utility allows us to search Audit log files for specific events. Also it is used to read the audit log epoch timestamp to user readable timestamp.By default, ausearch searches the /var/log/audit/audit.log file. We can specify a different file using the ausearch options -if file_name command

 [root@nsk log]# ausearch -i | grep -i CONFIG
type=CONFIG_CHANGE msg=audit(11/12/2017 12:48:40.357:5) : audit_backlog_limit=8192 old=64 auid=unset ses=unset subj=system_u:system_r:unconfined_service_t:s0 res=yes
type=CONFIG_CHANGE msg=audit(11/12/2017 12:48:40.357:6) : audit_failure=1 old=1 auid=unset ses=unset subj=system_u:system_r:unconfined_service_t:s0 res=yes

 -i, --interpret : Interpret numeric entities into text

 2. DATE :  

 A) Date command with %s is used to convert normal time to epoch time.
%s : seconds since 1970-01-01 00:00:00 UTC

 Display the current time in the given FORMAT, or set the system date
[root@nsk audit]# date +%s
1538570770
[root@nsk audit]# date +%s
1538570773

 B) Date command with -d@ is used to convert epoch time to normal time.
[root@nsk audit]# date -d@1538570776
Wed Oct  3 18:16:16 IST 2018
[root@nsk audit]#

 C) If we want to convert the specific system time to epoch time.
[root@nsk audit]# date --date="Wed Oct  3 18:16:16 IST 2018" +%s
1538570776

 3. PERL : Perl was originally a language optimized for scanning arbitrary text files, extracting information from those text files, and printing reports based on that information

 [root@nsk audit]# perl -pe 's/(\d+)/localtime/e' audit.log  | more
type=DAEMON_START msg=audit(Sun Nov Wed Oct  3 20:22:26 2018 12:48:40 2017.186:6974): op=start ver=2.7.6 format=raw kernel=3.10.0-693.el7.x86_64 auid=4294967295 pid=606 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=success
type=CONFIG_CHANGE msg=audit(Sun Nov Wed Oct  3 20:22:26 2018 12:48:40 2017.357:5): audit_backlog_limit=8192 old=64 auid=4294967295 ses=429496 7295 subj=system_u:system_r:unconfined_service_t:s0 res=1

 Here,
-p : Print out the pattern space
-e : command (This command allows one to pipe input from a shell command into pattern space)
localtime         : it is perl function, it is having 9 elements.
-d : Match 1 or more repetition of digits
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Wednesday, October 3, 2018

How to rebuild the GRUB configuration file in RHEL7

Wednesday, October 03, 2018 0
Rebuilding the GRUB configuration file in RHEL7

 Situation : Whenever there is inconsistency in the GRUB file, empty grub configuration or of the grub file got removed accidentally, follow the below steps to fix the grub issue.





Solution:

 STEP 1 : List the partitions by using “ ls “ command
grub > ls
(proc) (hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1) (fd0)

 STEP 2: Findout the root partitions by using command ls < partition name >. Run ls command to all above listed available  partitions.








STEP 3: Set the root partition. In our case its present in (hd0,msdos1)
grub> set root=(hd0,msdos1)
grub>

STEP 4: Type Linux and specify the kernel or Press tab for listing the available kernel. Once choosing it, we have to specify the root volume (In our example its /dev/sda1).






grub> linux /vmlinuz-3.10.0-229.el7.x86_64 ro root=/dev/sda1

STEP 5: Specify the initramfs image press tab for listing it. Choose the initramfs image with the same kernel version.







grub> initrd /initramfs-3.10.0-229.el7.x86_64.img

Execute 'boot' command to boot the server with above configuration.

Once the server is up, use grub2-mkconfig command to rebuild the grub.conf file. 

[root@nsk /]grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
...
.
done

Finally verify the grub file under /boot/grub2/
[root@nsk /]# cd /boot/grub2/
[root@nsk grub2]# ls
device.map  fonts  grub.cfg  grubenv  i386-pc  locale

Reboot the server and verify one more time.
Tags # Linux Troubleshooting Continue Reading
By v�o l�c No comments:
Labels:

Friday, September 14, 2018

python: SELinux is preventing httpd from connectto access on the unix_stream_socket /var/lib/mysql/mysql.sock - Mariadb running on RHEL 7

Friday, September 14, 2018 0
SELinux is preventing the httpd access by default.

 Situation
While connecting mysql database from web, getting this error.
 python: SELinux is preventing httpd from connectto access on the unix_stream_socket /var/lib/mysql/mysql.sock

 Solution
Run below command to allow httpd in Selinux.

[root@nsk ~]#  ausearch -c 'httpd' --raw | audit2allow -M my-httpd
******************** IMPORTANT ***********************
To make this policy package active, execute:

 semodule -i my-httpd.pp

 [root@nsk ~]# semodule -i my-httpd.pp

 Hope it helps.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Friday, September 7, 2018

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' - Mariadb running on RHEL7

Friday, September 07, 2018 0
Situation : 
                  I have tried to login as root to MariaDB Database in Linux Server, Getting below error.

 [root@nsk ~]# mysql -u root -p
Enter password:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'

 Solution: 
                We need to recover the root password of mariadb. Follow the below steps to achieve root password recovery.

 STEP 1 : Stop the mariadb service
[root@nsk ~]# systemctl stop mariadb.service
[root@nsk ~]#

 STEP 2 : Run mysql in safe mode
[root@nsk ~]# mysqld_safe --skip-grant-tables &
[1] 8051
[root@nsk ~]# 180907 13:23:49 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
180907 13:23:49 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

 STEP 3 : Login as root and select mysql db. Then reset root password.
[root@nsk ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1
Server version: 5.5.60-MariaDB MariaDB Server

 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 MariaDB [(none)]> show databases;
+-------------------------------+
| Database                      |
+-------------------------------+
| information_schema     |
| company                       |
| mydb                             |
| mysql                            |
| performance_schema   |
| test                                |
+-------------------------------+
6 rows in set (0.00 sec)

 MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> update user set password=PASSWORD("NewPassword") where User='root';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 3  Changed: 0  Warnings: 0

 MariaDB [mysql]>
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

 MariaDB [mysql]> quit
Bye

 STEP 4 : Now stop and start the mariadb service and test the new password.

 [root@nsk ~]# systemctl stop mariadb.service
[root@nsk ~]#
[root@nsk ~]# systemctl start mariadb.service
[root@nsk ~]#
[root@nsk ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.60-MariaDB MariaDB Server

 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 MariaDB [(none)]>

 Hope it helps.
Tags # General Topic Continue Reading
By v�o l�c No comments:
Labels:

Tuesday, September 4, 2018

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again - SOLVED

Tuesday, September 04, 2018 0
Situation : I have installed epel-release-latest-6.noarch.rpm on CentOS release 6.10 (Final) and trying to install 
python-pip, but getting the below error.

 [root@puppetlabs tmp]# rpm -ivh epel-release-latest-6.noarch.rpm
warning: epel-release-latest-6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release         ###########################################  [100%]
[root@puppetlabs tmp]#
[root@puppetlabs tmp]# yum install python-pip
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

 Solution:

 Edit both /etc/yum.repos.d/epel.repo and /etc/yum.repos.d/epel-testing.repo files, commenting all entries 
starting with mirrorlist=  and uncomment all the entries starting with baseurl= 

 epel.repo base url is changed from http://download.fedoraproject.org/pub/epel/6/  to http://del-repos.extreme-ix.org/epel/6/x86_64/repodata/ update the same.
epel-testing.repo base url is changed from http://del-repos.extreme-ix.org/epel/testing/6/ to http://del-repos.extreme-ix.org/epel/testing/6 update the same.

 Now run yum repolist command.

 [root@puppetlabs yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.far.fi
 * extras: centos.mirror.far.fi
 * updates: centos.mirror.far.fi
repo id                 repo name                                                                        status
base                    CentOS-6 - Base                                                               6,713
epel                     Extra Packages for Enterprise Linux 6 - x86_64           12,522
extras                  CentOS-6 - Extras                                                                 31
updates               CentOS-6 - Updates                                                             114
repolist: 19,380

 Hope it helps.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Monday, September 3, 2018

How to reduce (lvreduce) the Logical Volume in Linux Server

Monday, September 03, 2018 0
How to reduce (lvreduce) the Logical Volume in Linux Server.

 Situation

 Here, /app1 is 100GB filesystem. We need to reduce it to 70GB 

 [root@testserver ~]# df -hP
Filesystem                                                 Size  Used Avail Use% Mounted on
/dev/mapper/vg_main-lv_root                   31G  2.0G    28G   7%    /
tmpfs                                                        3.7G     0      3.7G   0%   /dev/shm
/dev/xvdb1                                              477M   93M  355M  21%  /boot
/dev/mapper/vg_DPFERT-lv_app1           99G   11G    84G  11%   /app1
[root@testserver ~]# vgs
  VG                #PV #LV #SN Attr      VSize    VFree
  vg_DPFERT    1   1      0    wz--n-  100.00g    0
  vg_main           1   2      0    wz--n-    31.50g   0

 [root@testserver ~]# fdisk -l /dev/xvdc

 Disk /dev/xvdc: 107.4 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

     Device Boot      Start         End      Blocks   Id  System
/dev/xvdc1               1       13054   104856254+  8e  Linux LVM

 STEP 1 : First Unmount the LV

 STEP 2 : Run e2fsck command to check the file system

 [root@testserver ~]# e2fsck -f /dev/vg_DPFERT/lv_app1
e2fsck 1.43-WIP (20-Jun-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/vg_DPFERT/lv_app1: 57971/6553600 files (0.2% non-contiguous), 3073907/26213376 blocks
STEP 3 : Run resize2fs command for resizing the file system.

 [root@testserver ~]# resize2fs /dev/vg_DPFERT/lv_app1 70G 
resize2fs 1.43-WIP (20-Jun-2013)
Resizing the filesystem on /dev/vg_DPFERT/lv_app1 to 18350080 (4k) blocks.
The filesystem on /dev/vg_DPFERT/lv_app1 is now 18350080 blocks long.

 STEP 4 : Run lvreduce command to resuce the lvsize.

 [root@testserver ~]# lvreduce -L 70G /dev/vg_DPFERT/lv_app1
  WARNING: Reducing active logical volume to 70.00 GiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce lv_app1? [y/n]: y
  Size of logical volume vg_DPFERT/lv_app1 changed from 100.00 GiB (25599 extents) to 70.00 GiB (17920 extents).
  Logical volume lv_app1 successfully resized
[root@testserver ~]#

 STEP 5 : Mount the LV
[root@testserver ~]# lvs
  LV          VG                  Attr          LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  lv_app1  vg_DPFERT  -wi-a-----  70.00g
  lv_root    vg_main       -wi-ao----  31.22g
  lv_swap  vg_main       -wi-ao---- 288.00m

 [root@testserver ~]# vgs
  VG                  #PV #LV #SN Attr       VSize      VFree
  vg_DPFERT    1      1      0    wz--n-  100.00g   30.00g
  vg_main           1      2     0     wz--n-  31.50g     0
  
[root@testserver home]# df -hP
Filesystem                                          Size  Used Avail Use% Mounted on
/dev/mapper/vg_main-lv_root             31G   2.0G   28G   7%   /
tmpfs                                                  3.7G     0      3.7G   0%  /dev/shm
/dev/xvdb1                                        477M   93M  355M  21% /boot
/dev/mapper/vg_DPFERT-lv_app1     69G   11G   56G   16%  /app1

Hope it helps.
Tags # LVM Continue Reading
By v�o l�c No comments:
Labels:

Export proxy variable in Linux by using command line

Monday, September 03, 2018 0
Here Export Command is used to set Proxy Environment Variables in Linux Servers.

Syntax:

 export "http_proxy=http://username:password@proxy.example.com:port_no/"
export "https_proxy=https://username:password@proxy.example.com:port_no/"

 Note : If password contains Reserved charecters, need to replace with respective percent-encoding.

 Reserved characters and Percent-encoding
! - %21
# - %23
$ - %24
& - %26
' - %27
( - %28
) - %29
* - %2A
+ - %2B
, - %2C
/ - %2F
: - %3A
; - %3B
= - %3D
? - %3F
@ - %40
[ - %5B
] - %5D

Check the proxy server settings by running env command.

 [root@puppetlabs ~]# env | grep -i proxy

 If we want to remove proxy variables. Run unset command.

 [root@puppetlabs ~]# unset http_proxy
[root@puppetlabs ~]# unset https_proxy
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Tuesday, July 10, 2018

How to upgrade Ansible by using PIP?

Tuesday, July 10, 2018 0
What is PIP

PIP is a package management system used to install and manage software packages written in Python. If you do not have PIP installed, we can download and install it from this page: https://pypi.org/project/pip/

Download the required ansible tar.gz package from below URL.

https://releases.ansible.com/ansible/

Here i already have ansible 2.0 running on this server. I need to upgrade it to 2.2.

[root@ansibleserver nskselvan]# pip install ansible-2.2.0.0.tar.gz
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Processing ./ansible-2.2.0.0.tar.gz
Requirement already satisfied: paramiko in /usr/local/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg (from ansible==2.2.0.0)
Requirement already satisfied: jinja2 in /usr/local/lib/python2.6/site-packages/Jinja2-2.8-py2.6.egg (from ansible==2.2.0.0)
Requirement already satisfied: PyYAML in /usr/local/lib/python2.6/site-packages (from ansible==2.2.0.0)
Requirement already satisfied: setuptools in /usr/local/lib/python2.6/site-packages/setuptools-18.1-py2.6.egg (from ansible==2.2.0.0)
Requirement already satisfied: pycrypto>=2.6 in /usr/local/lib/python2.6/site-packages (from ansible==2.2.0.0)
Requirement already satisfied: ecdsa>=0.11 in /usr/local/lib/python2.6/site-packages/ecdsa-0.13-py2.6.egg (from paramiko->ansible==2.2.0.0)
Requirement already satisfied: MarkupSafe in /usr/local/lib/python2.6/site-packages/MarkupSafe-0.23-py2.6-linux-x86_64.egg (from jinja2->ansible==2.2.0.0)
Installing collected packages: ansible
  Found existing installation: ansible 2.0.0.1
    Uninstalling ansible-2.0.0.1:
      Successfully uninstalled ansible-2.0.0.1
  Running setup.py install for ansible ... done
Successfully installed ansible-2.2.0.0
[root@ansibleserver nskselvan]#

[root@ansibleserver nskselvan]# ansible --version
ansible 2.2.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
[root@ansibleserver nskselvan]#

Note : For safer side, please take the backup of all necessary files.
Tags # Ansible Continue Reading
By v�o l�c No comments:
Labels: