Monday, November 28, 2016

How can I install Sun/Oracle's proprietary Java JDK 6/7/8 or JRE

http://askubuntu.com/questions/56104/how-can-i-install-sun-oracles-proprietary-java-jdk-6-7-8-or-jre

There is a similar answer on how to install JRE 7.

8 or JRE

Install Java JDK

The manual way

Download the 32-bit or 64-bit Linux "compressed binary file" - it has a ".tar.gz" file extension.
Uncompress it

tar -xvf jdk-8-linux-i586.tar.gz (32-bit)

tar -xvf jdk-8-linux-x64.tar.gz (64-bit)

The JDK 8 package is extracted into ./jdk1.8.0 directory. N.B.: Check carefully this folder name since Oracle seem to change this occasionally with each update.

Now move the JDK 8 directory to /usr/lib

sudo mkdir -p /usr/lib/jvm

sudo mv
    ./jdk1.8.0 /usr/lib/jvm/

Now run

sudo update-alternatives --install
    "/usr/bin/java" "java"
    "/usr/lib/jvm/jdk1.8.0/bin/java" 1

sudo update-alternatives --install
    "/usr/bin/javac" "javac"
    "/usr/lib/jvm/jdk1.8.0/bin/javac" 1

sudo
    update-alternatives --install "/usr/bin/javaws"
    "javaws" "/usr/lib/jvm/jdk1.8.0/bin/javaws" 1

This will assign Oracle JDK a priority of 1, which means that installing other JDKs will replace it as the default. Be sure to use a higher priority if you want Oracle JDK to remain the default.

Correct the file ownership and the permissions of the executables:
```
sudo chmod a+x /usr/bin/java
```
```
sudo chmod a+x /usr/bin/javac
```
```
sudo chmod a+x /usr/bin/javaws
```
```
sudo chown -R
    root:root /usr/lib/jvm/jdk1.8.0
```
N.B.: Remember - Java JDK has many more executables that you can similarly install as above. java, javac, javaws are probably the most frequently required. This answer lists the other executables available.

Run

sudo
    update-alternatives --config java

You will see output similar to the one below - choose the number of jdk1.8.0 - for example 3 in this list (unless you have have never installed Java installed in your computer in which case a sentence saying "There is nothing to configure" will appear):

$ sudo
    update-alternatives --config java

There are 3 choices
    for the alternative java (providing /usr/bin/java).

  Selection
       Path                                            Priority  
    Status

------------------------------------------------------------

  0
               /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java   1071 
        auto mode

  1
               /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java   1071 
        manual mode

* 2           
    /usr/lib/jvm/jdk1.7.0/bin/java                   1         manual
    mode

  3
               /usr/lib/jvm/jdk1.8.0/bin/java                   1    
        manual mode

Press enter to keep
    the current choice[*], or type selection number: 3

update-alternatives:
    using /usr/lib/jvm/jdk1.8.0/bin/java to provide /usr/bin/java
    (java) in manual mode

Repeat the above for:

sudo
    update-alternatives --config javac

sudo
    update-alternatives --config javaws

Note for NetBeans users!

You need to set the new JDK as default editing the configuration file.

If you want to enable the Mozilla Firefox plugin:

32 bit:

ln -s
   /usr/lib/jvm/jdk1.8.0/jre/lib/i386/libnpjp2.so ~/.mozilla/plugins/

64 bit:

ln
   -s /usr/lib/jvm/jdk1.8.0/jre/lib/amd64/libnpjp2.so
   ~/.mozilla/plugins/

N.B.: You can link the plugin (libnpjp2.so) to /usr/lib/firefox/plugins/ for a system-wide installation (/usr/lib/firefox-addons/plugins from 15.04 onwards). For Ubuntu 13.10, the path to the plugin directory is /usr/lib/firefox/browser/plugins/.

Depending on your configuration, you might need to update the apparmor profile for Firefox (or other browsers) in /etc/apparmor.d/abstractions/ubuntu-browsers.d/java:

# Replace the two
   lines:

# 
   /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx ->
   browser_java,

# 
   /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx ->
   browser_java,

# with those (or adapt
   to your new jdk folder name)

/usr/lib/jvm/jdk*/jre/bin/java{,_vm}
   cx -> browser_java,

/usr/lib/jvm/jdk*/jre/lib/*/libnp*.so
   cx -> browser_java,

Then restart apparmor:

sudo
   /etc/init.d/apparmor restart

The easy way

The easiest way to install the JDK 7 is to do it with the Web Up8 Oracle Java OOS. However, it is believed that this PPA is sometimes out of date. Also note the dangers of using a PPA.

This installs JDK 7 (which includes Java JDK, JRE and the Java browser plugin):

sudo apt-get install
   python-software-properties

sudo add-apt-repository
   ppa:webupd8team/java

sudo apt-get update

sudo apt-get install
   oracle-java7-installer

# or if you want JDK 8:

# sudo apt-get install
   oracle-java8-installer

# these commands
   install Oracle JDK7/8 and set them as default VMs automatically:

# sudo apt-get install
   oracle-java7-set-default

#
   sudo apt-get install oracle-java8-set-default

Source

N.B.: Before someone screams this is against the Oracle redistribution license - the PPA does not actually have Java in the personal repository. Instead, the PPA directly downloads from Oracle and installs it.

The Script way

If you're on a fresh installation of Ubuntu with no previous Java installations, this script automates the process outlined above if you don't want to type all that into a console. Remember, you still need to download Java from Oracle's website -- Oracle's links are not wget friendly.

Before using this make sure that this script is in the same directory as the .tar.gz file extension that you downloaded and there are no files that start with jdk-7 in the same folder. If there are, please move them out of the folder temporarily. Remember to make the script executable (chmod +x <script's file>).

#!/bin/sh

tar -xvf jdk-7*

sudo mkdir /usr/lib/jvm

sudo mv ./jdk1.7*
   /usr/lib/jvm/jdk1.7.0

sudo
   update-alternatives --install "/usr/bin/java" "java"
   "/usr/lib/jvm/jdk1.7.0/bin/java" 1

sudo
   update-alternatives --install "/usr/bin/javac" "javac"
   "/usr/lib/jvm/jdk1.7.0/bin/javac" 1

sudo
   update-alternatives --install "/usr/bin/javaws" "javaws"
   "/usr/lib/jvm/jdk1.7.0/bin/javaws" 1

sudo chmod a+x
   /usr/bin/java

sudo chmod a+x
   /usr/bin/javac

sudo
   chmod a+x /usr/bin/javaws

If you want to install the plugin for Firefox then add this to the end of the script:

mkdir
   ~/.mozilla/plugins

ln -s
   /usr/lib/jvm/jdk1.7.0/jre/lib/amd64/libnpjp2.so
   ~/.mozilla/plugins/

sudo
   /etc/init.d/apparmor restart

Check if installation was successful

You can check if the installation succeeded with the following command:

java
   -version

You should see something like

java version "1.8.0"

Java(TM) SE Runtime
   Environment (build 1.8.0-b132)

Java
   HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)

You can check if the JRE Mozilla plugin has been successful by using the official oracle website.

Monday, November 21, 2016

Restoring data from corrupted ext4 partition under LVM - fsck or repair bad blocks first?

   dmesg | tail
   fsck.ext4 -vy /dev/sda1
   mkfs.ext4 -S /dev/sda1
   mount /dev/sda1 /test

mkfs.ext4 -S /dev/sda1

    e2fsck -b 32768 /dev/sda1
    mount /dev/sda /test
    dmesg | tail
    smartctl -a /dev/sda | grep -i reallocated

mount -t ext4 /dev/sda1 /mnt

mount -o remount,rw /dev/sda1 /test

lvm vgscan
lvm vgchange -ay
lvm lvs

Tuesday, November 8, 2016

CentOS / Redhat: Install KVM Virtualization Software

kmod-kvm : kvm kernel module(s)
kvm : Kernel-based Virtual Machine
kvm-qemu-img : Qemu disk image utility
kvm-tools : KVM debugging and diagnostics tools
python-virtinst : Python modules and utilities for installing virtual machines
virt-manager : Virtual Machine Manager (GUI app, to install and configure VMs)
virt-viewer: Virtual Machine Viewer (another lightweight app to view VM console and/or install VMs)
bridge-utils : Utilities for configuring the Linux Ethernet bridge (this is recommended for KVM networking)

KVM Package Group

RHEL comes with KVM software group which includes full virtualization support with KVM. You can list all packages in the group as follows:
# yum groupinfo KVM

A Note About libvirt

libvirt is an open source API and management tool for managing platform virtualization. It is used to manage Linux KVM and Xen virtual machines through graphical interfaces such as Virtual Machine Manager and higher level tools such as oVirt. See the official website for more information.

A Note About QEMU

QEMU is a processor emulator that relies on dynamic binary translation to achieve a reasonable speed while being easy to port on new host CPU architectures. When used as a virtualizer, QEMU achieves near native performances by executing the guest code directly on the host CPU. QEMU supports virtualization when executing under the Xen hypervisor or using the KVM kernel module in Linux. When using KVM, QEMU can virtualize x86, server and embedded PowerPC, and S390 guests. See the official website for more information.

A Note About Virtio Drivers

Virtio is paravirtualized drivers for kvm/Linux. With this you can can run multiple virtual machines running unmodified Linux or Windows VMs. Each virtual machine has private virtualized hardware a network card, disk, graphics adapter, etc. According to Redhat:

Para-virtualized drivers enhance the performance of fully virtualized guests. With the para-virtualized drivers guest I/O latency decreases and throughput increases to near bare-metal levels. It is recommended to use the para-virtualized drivers for fully virtualized guests running I/O heavy tasks and applications.

Host Operating System

Your main operating system such as CentOS or RHEL is known as host operating system. KVM is a Linux kernel module that enables a modified QEMU program to use hardware virtualization. You only need to install KVM under host operating systems.

KVM Domains

It is nothing but a guest operating system running under host operating system. Each kvm domain must have a unique name and ID (assigned by system).

Guest Operating Systems

KVM supports various guest operating systems such as

MS-Windows 2008 / 2000 / 2003 Server
MS-Windows 7 / Vista / XP
FreeBSD
OpenBSD
Sun Solaris
Various Linux distributions.
NetBSD
MINIX
QNX
MS DOS
FreeDOS
Haiku
Amiga Research OS

Install KVM

Type the following command to install KVM under RHEL or CentOS:

#
yum install kvm virt-viewer virt-manager libvirt libvirt-python
python-virtinst

# yum
groupinstall KVM

Important Configuration And Log Files (Directories) Location

The following files are required to manage and debug KVM problems:

/etc/libvirt/ – Main configuration directory.
/etc/libvirt/qemu/ – Virtual machine configuration directory. All xml files regarding VMs are stored here. You can edit them manually or via virt-manager.
/etc/libvirt/qemu/networks/ – Networking for your KVM including default NAT. NAT is only recommended for small setup or desktops. I strongly suggest you use bridged based networking for performance.
/etc/libvirt/qemu/networks/default.xml – The default NAT configuration used by NAT device virbr0.
/var/log/libvirt/ – The default log file directory. All VM specific logs files are stored here.
/etc/libvirt/libvirtd.conf – Master libvirtd configuration file.
/etc/libvirt/qemu.conf – Master configuration file for the QEMU driver.

TCP/UDP Ports

By default libvirt does not opens any TCP or UDP ports. However, you can configure the same by editing the /etc/libvirt/libvirtd.conf file. Also, VNC is configured to listen on 127.0.0.1 by default. To make it listen on all public interfaces, edit /etc/libvirt/qemu.conf file.

Virtual Machine Configuration

Bridged mode networking (eth0 == br0 and eth1 == br1) with full access to both LAN and Internet.
Accelerator virtio drivers used for networking (model=virtio)
Accelerator virtio drivers for disk (if=virtio) and disk will show up as /dev/vd[a-z][1-9] in VM.
Various virtual machines running different guest operating systems as per requirements.

LAN -->
Switch    -->  eth0 --> -+   10.10.21.70                       
     |

                                 | ---> br0
-+      +----------------+       +-------------> vm#3 (
10.10.21.73 / 123.1.2.6, OpenBSD 4.x Firewall )

                                 |           |
===> |   RHEL Server  |  -----+

                                 |           |  
   |      KVM       |       +-------------> vm#4 ( 10.10.21.74 /
123.1.2.7, Solaris 10 Testing Server )

                                 | ---> br1
-+      +----------------+       |

Wan --> ISP
Router --> eth1 --> -+   123.1.2.3

Thursday, November 3, 2016

How to migrate all users to an new server

I found the way to migrate all unix accounts, samba accounts and configuration from the old samba file server to new one. It is simple, justcopy the following files from the old filer server, then replace at the new file server:

/etc/passwd (User name and account info)
/etc/shadow (Passwords)
/etc/group (Group names and membership)
/etc/gshadow - Contains group encrypted passwords.
/etc/samba/*
/var/lib/samba/*

After copying completion, restart the following services

service smbd restart
service nmbd restart

Then all users login to new file server and share the files

Saturday, September 3, 2016

How to remove LVM Input/output error

Many time after changing the femware of LVM or removing the disk/LUN’s without clean shutdown/unmount you may get fallowing error:
/dev/sdf: read failed after 0 of 4096 at 0: Input/output error
/dev/sdf: read failed after 0 of 4096 at 3298534817792: Input/output error
/dev/sdf: read failed after 0 of 4096 at 3298534875136: Input/output error
/dev/sdf: read failed after 0 of 4096 at 4096: Input/output error
/dev/sdk: read failed after 0 of 4096 at 0: Input/output error
/dev/sdk: read failed after 0 of 4096 at 6442385408: Input/output error
/dev/sdk: read failed after 0 of 4096 at 6442442752: Input/output error
/dev/sdk: read failed after 0 of 4096 at 4096: Input/output error
# Check which Volume Group have the issue , run “vgscan” command .

1.vgscan

# Find out the Logical Volumes attached with that Volume Group.
# Inactive the logical volumes as :

1.lvchange -an lv-name

# Inactive Volume group as :

1.vgchange -an vg-name

# Again Scan Volume group using “vgscan” .

1.vgscan

# Now activate the Volume Group :

1.vgchange -ay volume-group-name

# Run command “lvscan” , the error should be gone now .
# Now activate the Logical Volume Name :

1.lvchange -ay lv-name

Rename eth1 as eth0

Step #2: Rename eth0 as wan0

To rename eth0 as wan0, edit a file called 70-persistent-net.rules in /etc/udev/rules.d/ directory, enter:

#
vi /etc/udev/rules.d/70-persistent-net.rules

The names of the Ethernet devices are listed in this file as follows:

# PCI device 0x14e4:0x1680 (tg3)

SUBSYSTEM=="net",
ACTION=="add",
DRIVERS=="?*",
ATTR{address}=="b8:ac:6f:65:31:e5",
ATTR{dev_id}=="0x0",
ATTR{type}=="1",
KERNEL=="eth*",
NAME="eth0"

Locate and identify the line with the NIC from step 1 (look for the MAC address). It may look like above. In this example, the interface eth0 will be renamed to wan0 (change NAME="eth0" to NAME="wan0"):

# PCI device 0x14e4:0x1680 (tg3)

SUBSYSTEM=="net",
ACTION=="add",
DRIVERS=="?*",
ATTR{address}=="b8:ac:6f:65:31:e5",
ATTR{dev_id}=="0x0",
ATTR{type}=="1",
KERNEL=="eth*",
NAME="wan0"

Save and close the file. Reboot the system to test changes:

#
reboot

Wednesday, August 24, 2016

Cloning a VPS into a local VM

Cloning a VPS into a local VM?

This will work perfectly for you ...
On the source VM instance ...

sudo su
cd /
tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /

On the target machine (dedicated or VPS)

tar xvpfz backup.tgz -C /

And make sure any dirs excluded are re-created

mkdir proc
mkdir lost+found
mkdir mnt
mkdir sys

Friday, August 12, 2016

Install xrdp Remote Desktop to CentOS 6 / RHEL 6

Prerequisites:

Install EPEL repository on CentOS 6.
32 Bit

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

64 Bit

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Installation:

Issue the following command to install xrdp

# yum -y install xrdp tigervnc-server

You will get the following output, make sure you are getting package from the newly created repository.

Installed:
  tigervnc-server.x86_64 0:1.1.0-8.el6_5      xrdp.x86_64 0:0.5.0-0.13.el6
 
Dependency Installed:
  libXmu.x86_64 0:1.1.1-2.el6
  xorg-x11-fonts-misc.noarch 0:7.2-9.1.el6
  xorg-x11-xauth.x86_64 1:1.0.2-7.1.el6

Once it is installed, lets start the xrdp service.

# service xrdp start

xrdp will listen on 3389, lets confirm this by issuing following command.

# netstat -antup | grep xrdp
tcp        0      0 127.0.0.1:3350              0.0.0.0:*                   LISTEN      11299/xrdp-sesman
tcp        0      0 0.0.0.0:3389                0.0.0.0:*                   LISTEN      11295/xrdp

By default, services wont auto start after system reboot. Issue the following command to enable the service at system start up.

# chkconfig xrdp on
# chkconfig vncserver on

Test:

Now take rdp from any windows machine using Remote Desktop Connection, enter ip address of Linux server in computer field and click on connect.

Friday, August 5, 2016

installing JBoss 7.1.1 on CentOS 6.x.

JBoss 7.1.1 will work with JDK 6 or JDK 7.

Download jdk from http://www.oracle.com/technetwork/java/javase/downloads/index.html

Downloads]# rpm -ivh jdk-7u7-linux-x64.rpm

Downloads]# wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip

unzip jboss-as-7.1.1.Final.zip -d /usr/share/

cd /usr/share

mv jboss-as-7.1.1.Final/ jboss-as

Create a new group, jboss, and then create the user jboss and add the user to the jboss group.

Downloads]# groupadd jboss;useradd -s /bin/bash -g jboss jboss

Downloads]# chown -Rf jboss.jboss /usr/share/jboss-as/

Downloads]# passwd jboss

Downloads]# cat /root/.bash_profile

JAVA_HOME=/usr/java/jdk1.7.0_07

export JAVA_HOME

PATH=$JAVA_HOME/bin:$PATH

export PATH

Downloads]# . ~/.bash_profile

java version "1.7.0_07"

Java(TM) SE Runtime Environment (build 1.7.0_07-b10)

Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)

Downloads]# java -version

java version "1.7.0_07"

Java(TM) SE Runtime Environment (build 1.7.0_07-b10)

Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)

Downloads]# su - jboss

vellore ~]$ java -version

java version "1.6.0_24"

OpenJDK Runtime Environment (IcedTea6 1.11.1) (rhel-1.45.1.11.1.el6-x86_64)

OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

vellore ~]$ exit

Downloads]# cp /usr/share/jboss-as/bin/init.d/jboss-as-standalone.sh /etc/init.d/jboss

Downloads]# vim /etc/init.d/jboss

5 # chkconfig: 234 80 20

18 JBOSS_USER=jboss

19 export JBOSS_USER

Downloads]# chmod 755 /etc/init.d/jboss

Downloads]# chkconfig --add jboss

Downloads]# chkconfig --level 234 jboss on

Downloads]# service jboss start

Starting jboss-as: [ OK ]

Downloads]# service jboss stop

vim /usr/share/jboss-as/standalone/configuration/standalone.xml

By default, JBoss 7.1.1 is bound to the loopback IP of 127.0.0.1, so if we want to make it available on the web, we need to change this.

Locate standalone.xml under /usr/share/jboss-as/standalone/configuration/.

Open standalone.xml in vi or a text editor and look for the public interfaces node as shown below.

<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>

To make JBoss publicly accessible, change 127.0.0.1 to either 0.0.0.0 to allow access on all interfaces or to your public IP.

So, for example, if your public IP is 10.66.191.232, you would change it as so:

[root@vellore ~]# vim /usr/share/jboss-as/standalone/configuration/standalone.xml

275 <interfaces>

276 <interface name="management">

277 <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

278 </interface>

279 <interface name="public">

280 <inet-address value="${jboss.bind.address:10.66.191.232}"/>

281 </interface>

282

283 <interface name="unsecure">

284 <!--

285 ~ Used for IIOP sockets in the standard configuration.

286 ~ To secure JacORB you need to setup SSL

287 -->

288 <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

289 </interface>

[root ~]# service jboss start

adding a Management user as shown on the error page:

# cd /usr/share/jboss-as/bin

Issue './add-user.sh' to run the script to add a Management user. Follow the prompts. Some defaults are provided.

bin]# ./add-user.sh

What type of user do you wish to add?

a) Management User (mgmt-users.properties)

b) Application User (application-users.properties)

(a):

Enter the details of the new user to add.

Realm (ManagementRealm) :

Username : amit

Password : ------ > should not give user name as password

Re-enter Password :

* Error *

JBAS015238: Username must not match the password.

Enter the details of the new user to add.

Realm (ManagementRealm) :

Username (amit) :

Password :

Re-enter Password :

About to add user 'amit' for realm 'ManagementRealm'

Is this correct yes/no? yes

Added user 'amit' to file '/usr/share/jboss-as/standalone/configuration/mgmt-users.properties'

Added user 'amit' to file '/usr/share/jboss-as/domain/configuration/mgmt-users.properties'

[root@vellore bin]#

While you can now access the Admin console on localhost (127.0.0.1), if you want to access it publicly, we need to update standalone.xml under /usr/share/jboss-as/standalone/configuration/ as we did earlier.

Open standalone.xml in vi or a text editor and look for the management interface node as shown below.

<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>

To make the JBoss Admin console publicly accessible, change 127.0.0.1 to your your public IP or to 0.0.0.0 for all interfaces.

So, for example, if your public IP is 10.66.191.232, you would change it as so:

[root@vellore bin]# vim /usr/share/jboss-as/standalone/configuration/standalone.xml

275 <interfaces>

276 <interface name="management">

277 <inet-address value="${jboss.bind.address.management:10.66.191.232}"/>

278 </interface>

279 <interface name="public">

280 <inet-address value="${jboss.bind.address:10.66.191.232}"/>

281 </interface>

282

283 <interface name="unsecure">

284 <!--

285 ~ Used for IIOP sockets in the standard configuration.

286 ~ To secure JacORB you need to setup SSL

287 -->

288 <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

289 </interface>

290 </interfaces>

Again, if you wish to have the Admin console publicly accessible on all interfaces, use 0.0.0.0 in place of your IP above.

Retstart JBoss to reload the the change to standalone.xml:

[root@vellore bin]# service jboss restart

Stopping jboss-as: *** JBossAS process (16532) received TERM signal ***

[ OK ]

Starting jboss-as: [ OK ]

website excess : http://10.66.191.232:8080

website Deployed path: -

/usr/share/jboss-as/standalone/deployments

example:- [root@mail deployments]# ls
bkchindiagro.war WelcomHelloJBoss.war
bkchindiagro.war.deployed WelcomHelloJBoss.war.deployed
README.txt

then service restart

First check 127.0.0.1:9990 then chang configration file after that excess your ip http://10.66.191.232:9990

OpenLDAP server Backup & Restore

Backup

To backup the entire LDAP database we can make use of the command slapcat. The slapcat command genetates a LDIF (LDAP Directory Interchange Format) file contianing the dump of entire LDAP database.

slapcat -v -l ldap-backup.ldif

The above command generates a backup file named ldap-backup.ldif in the current directory.

Without the -l option slapcat writes the content to standard output.

The slapcat command reads the ldap configuration file at the default location (/etc/openldap/slapd.conf) and takes the database dump. We can provide a LDAP configuartion file at a different location using -f option as given below.

slapcat -v -f /etc/openldap/slapd.conf -l ldap-backup.ldif

Restore

To restore the database from the earlier backup LDIF file we can use slapadd command.

slapadd -l ldap-backup.ldif

In case files already exist in the LDAP database location we have to clear them before restoring using slapadd while retaining the DB_CONFIG file. The sample DB_CONFIG file should be in /etc/openldap/DB_CONFIG.example.

rm -fr /var/lib/ldap/example.in/*

Once the files are cleared you should be able to restore the database using slapadd given above.

On successful completion of the restoration restart the LDAP server.

service ldap restart

basic command in ldap:-

ldapsearch -x -b "dc=amit,dc=com"

ldapsearch -x -D "uid=mukesh,ou=People,dc=amit,dc=com" -W -H ldap://puppet.amit.com -b "ou=People,dc=amit,dc=com" -s sub 'uid=mukesh'

Install phpLDAPadmin to Manage LDAP with a Web Interface

Install phpLDAPadmin

CentOS/RHEL 6, 32 Bit:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

CentOS/RHEL 6, 64 Bit:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

 yum --enablerepo=remi install httpd

# service httpd start
# chkconfig httpd on

 yum --enablerepo=remi install mysql mysql-server

service mysqld start
# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):     ## Press Enter ## 
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n]     ## Press Enter ##
New password:                ## Enter new password ##
Re-enter new password:       ## Re-enter new password ##
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]     ## Press Enter ##
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]     ## Press Enter ## 
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]     ## Press Enter ##
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]     ## Press Enter ##
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

yum -y install php php-mysql

yum --enablerepo=remi install php-common php-cli php-mysql php-devel

Install PHP

 yum install php php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely used open-source general purpose scripting language that is especially suited for web development and can be embedded into HTML.

Install PHP with following command:

# yum install php -y

Test PHP

Create a sample “testphp.php” file in Apache document root folder and append the lines as shown below:

# vi /var/www/html/testphp.php

Add the following lines.

Install phpLDAPadmin to Manage LDAP with a Web Interface

yum install epel-release

yum install phpldapadmin

Now we configure phpldapadmin

sudo vim /etc/phpldapadmin/config.php

Change dc=yourdomain,dc=com/in etc

On line 300

$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’));

On line 397: uncomment, line 398: comment out

$servers->setValue(‘login’,’attr’,’dn’);

// $servers->setValue(‘login’,’attr’,’uid’);

On line 326 or 332

$servers->setValue(‘login’,’bind_id’,’cn=Manager,dc=example,dc=com’);

Now, we edit permission for accessing phpldapadmin on network

vi /etc/httpd/conf.d/phpldapadmin.conf

<Directory /usr/share/phpldapadmin/htdocs> Order Deny,Allow Deny from all Allow from 127.0.0.1 192.168.1.0/24 (your IP range)

Allow from ::1 </Directory>

Now restart httpd service

/etc/rc.d/init.d/httpd restart

Stopping httpd:                     [  OK  ]
Starting httpd:                     [  OK  ]

# service httpd restart
# chkconfig httpd on
# service mysqld restart
# chkconfig mysqld on

check http://serverhostname/ldapadmin in browser.

squid server configuration with few ACL

yum install squid*

vim /etc/squid/squid.conf

##
get new ad server list curl-sS -L --compressed"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext"
> /etc/squid/ad_block.txt 

##refresh squid

/usr/local/sbin/squid -k reconfigure or squid -z
make to transparent proxy
# Squid normally listens to port 3128
http_port 192.168.101.97:3128 transparent
visible_hostname localhost

acl use to without restriction access web site
acl Boss_IP src 192.168.101.230 192.168.101.88 192.168.101.20 192.168.101.83 192.168.101.19
http_access allow Boss_IP

## disable ads ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/ad_block.txt"
http_access deny ads

acl limited_users src 192.168.101.0/24 # downlord limit_rule_
reply_body_max_size 330 MB limited_users

acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"

\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$ # .avi or .AVI
\.[Mm][Pp]3$ # .mp3 or .MP3
\.[Zz][Ii][Pp]$
\.[Mm][Ss][Ii]$
\.[Mm][Pp]4$
\.[Ff][Ll][Vv]$
\.[Rr][Pp][Mm]$
\.[Tt][Zz]$
\.[Bb][Zz]$
\.[Mm][Ss][Ii]$

# Deny all blocked extension
#deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles home ;;--yellow is my network acl

acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
http_access deny blockeddomain
http_reply_access deny CONNECT blockeddomain