LINUX AND VMWARE STUFF

This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Saturday, October 21, 2017

How to limit yum so that it lists or installs only Security Updates in Linux Server?

Saturday, October 21, 2017
Install the yum-security plugin

It is now possible to limit yum to install only security updates  using Red Hat Enterprise Linux 5,6, and 7. To do so, simply install the yum-security plugin:

For Red Hat Enterprise Linux 7

The plugin is already a part of yum itself, no need to install anything.

For Red Hat Enterprise Linux 6

# yum install yum-plugin-security

For Red Hat Enterprise Linux 5

# yum install yum-security

Alternatively, download the yum-security package from the Red Hat Network (RHN) and manually install it on the system.

For Red Hat Enterprise Linux 6 and 7

Using yum-security plugin

To list all available erratas without installing them, run:

# yum updateinfo list available

To list all available security updates without installing them, run:

# yum updateinfo list security all
# yum updateinfo list sec

To get a list of the currently installed security updates this command can be used:

# yum updateinfo list security installed

For Red Hat Enterprise Linux 5

Using yum-security plugin

To list all available erratas without installing them, run:

# yum list-sec

To list all available security updates without installing them, run:

# yum list-security --security

For both Red Hat Enterprise Linux 5, 6, and 7

To list all available security updates with verbose descriptions of the issues they apply to:

# yum info-sec

Run the following command to download and apply all available security updates from Red Hat Network hosted or Red Hat  Network Satellite:

# yum -y update --security

NOTE: It will install the last version available of any package with at least one security errata thus can install non-security erratas if they provide a more updated version of the package.

To only install the packages that have a security errata use
# yum update-minimal --security -y

yum-security also allows installing security updates based on the CVE reference of the issue. To install a security update  using a CVE reference run:

# yum update --cve <CVE>

e.g.

# yum update --cve CVE-2008-0947

Viewing available advisories by severities:

# yum updateinfo list

This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2014:0159 Important/Sec. kernel-headers-2.6.32-431.5.1.el6.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-devel-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-libs-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-server-5.1.73-3.el6_5.x86_64
RHBA-2014:0158 bugfix         nss-sysinit-3.15.3-6.el6_5.x86_64
RHBA-2014:0158 bugfix         nss-tools-3.15.3-6.el6_5.x86_64

If you want to apply only one specific advisory:

# yum update --advisory=RHSA-2014:0159

However, if you would like to know more information about this advisory before to apply it:

# yum updateinfo RHSA-2014:0159

For more commands consult the manual pages of yum-security with

# man yum-security

If you face any missing dependency issue while applying security patches on system then refer to yum update --security fails with missing dependency errors.
Tags # Linux General Continue Reading
By v�o l�c
Labels:

Friday, October 20, 2017

How to solve the issue with Large Number of LUNs in Linux server?

Friday, October 20, 2017 0
When a large number of LUNs are added to a node, using multipathed devices can significantly increase the time it  takes for the udev device manager to create device nodes for them. If you experience this problem, you can correct  it by deleting the following line in /etc/udev/rules.d/40-multipath.rules:

KERNEL!="dm-[0-9]*", ACTION=="add", PROGRAM=="/bin/bash -c '/sbin/lsmod | /bin/grep ^dm_multipath'", RUN+="/sbin/multipath -v0 %M:%m"

This line causes the udev device manager to run multipath every time a block device is added to the node. Even with this line removed, the multipathd daemon will still automatically create multipathed devices, and multipath will still be called during the boot process for nodes with multipathed root file systems. The only change is that multipathed devices will not be automatically created when the multipathd daemon is not running, which should not be a problem for the vast majority of multipath users.
Tags # DM Multipath Continue Reading
By v�o l�c No comments:
Labels:

How to enable log for chroot sftp users in Linux Server?

Friday, October 20, 2017 0
Follow the below steps to enable logs for chroot sftp users

1. Take the backup of /etc/ssh/sshd_config

2. Add the below settings to sshd_config

Subsystem       sftp   internal-sftp  -f LOCAL6 -l INFO

  Match group sftpgroup
  ChrootDirectory /home/%u
  KbdInteractiveAuthentication no
  PasswordAuthentication no
  AllowTCPForwarding no
  X11Forwarding no
  Subsystem       sftp  internal-sftp -f LOCAL6 -l INFO

Save & Exit the sshd configuration.

3. Take the back of /etc/sysconfig/rsyslog & add the below entry.

SYSLOGD_OPTIONS="-m 0 -a /home/sftpuser/dev/log"

4. Create sftp.log file under /etc/rsyslog.d & add the below entry (This is used for create sockets)

# create additional sockets for the sftp chrooted users
module(load="imuxsock")
input(type="imuxsock" Socket="/path/to/somedirectory/dev/log" CreatePath="on")
input(type="imuxsock" Socket="/path/to/anotherdirectory/dev/log" CreatePath="on")

# log internal-sftp activity to sftp.log
if $programname == 'internal-sftp' then /var/log/sftp/sftp.log
& stop

5. Create dev directory under /home/sftpuser user

6. Now restart both sshd & rsyslog service

7. Now chroot sftp users activity logs are enabled & available under /var/log/sftp/

Hope it helps.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Thursday, October 19, 2017

Kernel: WARNING calibrate_APIC_clock: the APIC timer calibration may be wrong appear on Guest 5.x Linux VM's

Thursday, October 19, 2017 0
This was due to the MAX_DIFFERENCE parameter value (in the APIC calibration loop) of 1000 cycles being too aggressive for virtual guests. APIC (Advanced Programmable Interrupt Controllers) and TSC (Time Stamp Counter) reads normally take longer than 1000 cycles when performed from inside a virtual guest, due to processors being scheduled away from and then back onto the guest. With this update, the MAX_DIFFERENCE parameter value has been increased to 10,000 for virtual guests.

These messages can be stopped by adding ‘apiccalibrationdiff=10000’ to guest kernel in /etc/grub.conf.
Tags # Linux Troubleshooting Continue Reading
By v�o l�c No comments:
Labels:

How to Activate the Logical Volumes on Individual Cluster Member Nodes in a RHEL Cluster?

Thursday, October 19, 2017 0
If you have LVM installed in a cluster environment, you may at times need to activate logical volumes exclusively on one node.

To activate logical volumes exclusively on one node, use the lvchange -aey command. Alternatively, you can use lvchange -aly command to activate logical volumes only on the local node but not exclusively.


You can later activate them on additional nodes concurrently.
Tags # Linux General # LVM Continue Reading
By v�o l�c No comments:
Labels: ,

How to Power on a virtual machine from the command line?

Thursday, October 19, 2017 0
ESXi 4.x, 5.x and 6.0

To power on a virtual machine from the command line:

    List the inventory ID of the virtual machine with the command:

    vim-cmd vmsvc/getallvms |grep <vm name>Note: The first column of the output shows the vmid.   

    Check the power state of the virtual machine with the command:

    vim-cmd vmsvc/power.getstate <vmid>   

    Power-on the virtual machine with the command:

    vim-cmd vmsvc/power.on <vmid>


ESX 4.0 and ESX 4.1

To power on a virtual machine from the command line:

    To list the path of all the virtual machines on the host:

    vmware-cmd -l   

    Get the state of the virtual machine with the command:

    vmware-cmd <path to the VMX file> getstate

    Power on the virtual machine with the command:

    vmware-cmd <path to the VMX file> start

ESXi 3.5

To power on a virtual machine from the command line:

    List the inventory ID of the virtual machine with the command:

    vim-cmd vmsvc/getallvms |grep <vm name>

    Check the power state of the virtual machine with the command:

    vim-cmd vmsvc/power.getstate <vmid>

    Power on the virtual machine with the command:

    vim-cmd vmsvc/power.on <vmid>

ESX 3.5
To power on a virtual machine from the command line:

    To list the path of all the virtual machines on the host:

    vmware-cmd -l

    Get the state of the virtual machine with the command:

    vmware-cmd <path to the VMX file> getstate

    Power on the virtual machine with the command:

    vmware-cmd <path to the VMX file> start
Tags # VMware Continue Reading
By v�o l�c No comments:
Labels:

Wednesday, October 18, 2017

How to solve "Cannot vMotion virtual machines with physical mode RDM"

Wednesday, October 18, 2017 0

1.  Open the vSphere PowerCLI command-line.

2.  Run the command:

Get-VM | Get-HardDisk -DiskType "RawPhysical","RawVirtual" | Select Parent,Name,DiskType,ScsiCanonicalName,DeviceName | fl

This command produces a list of virtual machines with RDMs, along with the backing SCSI device for the RDMs.

    An output looks similar to:

    Parent              Virtual Machine Display Name
    Name                Hard Disk n
    DiskType            RawVirtual
    ScsiCanonicalNamenaa.60123456789abcdef0123456789abcde
    DeviceName            vml.020000000060123456789abcdef0123456789abcde1234567890ab

    If you need to save the output to a file the command can be modified:

Get-VM | Get-HardDisk -DiskType "RawPhysical","RawVirtual" | Select Parent,Name,DiskType,ScsiCanonicalName,DeviceName | fl | Out-File –FilePath RDM-list.txt
    
  3.  Identify the backing SCSI device from either the ScsiCanonicalName or DeviceName identifiers.
Tags # VMware Continue Reading
By v�o l�c No comments:
Labels: