Author: rdircio

I cannot install packages in a machine, so i wrote this very basic substitute to nmap called nmap.ksh
 

#!/bin/ksh
 H=$1
 X=0
 L=600
 while [ $X -lt $L ];do
 O=`echo "~." | telnet -r $H $X 2>&1| grep -i connected | wc -l | sed 's/ //g'`
 if [ $O -eq 1 ];then
 echo "port $X open "
 fi
 X=`echo "$X + 1" | bc`
 done

You want to copy some files from and to a server and you don’t have root access to it?
But you do have access to its netbackup master server?
yeah!
use bpgp
The command should be executed on the Master Server.
The formats are:
A. To get a file from a client to the MasterServer:
bpgp from <client-name> <full-pathname-of-file-to-get> <full-pathname-of file-on-MS>
B. To put a file from the Master Server to a client:
bpgp to <client-name> <full-pathname-of file-on-MS> <full-path-name-of-file-to create-on-client>
thx to Alberto Vazquez 🙂
240/433

I wanted to watch my movies remotely, so i used h264 for video and aac for audio, and built a vlc config to startup a
daemonized RTSP server.I built a script to create the config file by scanning all my videos, and then start the vlc
daemon :). Here it is:
#!/bin/ksh
ps -ef | grep -i vlc | grep -v grep |awk ‘{ print $2 }’ |while read p;do
kill $p
done
(
x=0
find /disk2/VIDEO -type f | egrep -i ‘avi|mpg’ |while read v;do
#—- if not using x264
# echo “new $x vod enabled”
# echo -n “setup $x input “file://$v” output”
#—- if using x264
echo “new $x vod”
echo -n “setup $x input “file://$v” enabled output”
#—- low quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,width=640,height=480,fps=12,vb=128,ab=8}”
echo ” #transcode{vcodec=h264,acodec=mp4a,width=640,height=480,vb=100,ab=4}”
#—- mid quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,scale=.5,fps=10,vb=256,ab=64}”
#echo ” #transcode{vcodec=h264,acodec=mp4a,scale=.5,fps=12,vb=256,ab=64}”
#—- high quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,scale=.5,fps=10,vb=512,ab=64}”
#echo ” #transcode{vcodec=h264,acodec=mp4a,scale=.5,fps=12,vb=512,ab=128}”
echo ” ”
x=$(($x+1))
done
) > /etc/v.config
nohup cvlc –vlm-conf /etc/v.config -I telnet –telnet-password vl –rtsp-host 0.0.0.0:564 &
Try it, and enjoy 🙂
38/433

To make “only ftp” users, meaning they can only use ftp, no telnet or ssh, do this:
add /bin/false to the list of shells in /etc/shells
change your user’s shell to /bin/false
To make users be able to sftp & ftp, but not telnet or ssh change their shell to /usr/sbin/sftp-server
done!
testing ipmp
To make one of your interfaces fail:
# ifconfig adapter_name modinsert ldterm@2
To get it back
# ifconfig adapter_name modremove ldterm@2
You can also do the supported command:
#if_mpadm -d qfe1
to get it back
# if_mpadm -r qfe1
221/433

These are the steps to add oracle enterprise linux as a kickstart
option at an existing kickstart server, it does pxe boot and serves the package install by
http. Your server must be on the kickstart network to be pxe booted by
this.
Make a directory to store your downladed ISOS, and store them there:
# mkdir -p /u01/ISOS/ORACLE_EL4x64
# ls/u01/ISOS/ORACLE_EL4x64
. Enterprise-R4-U5-x86_64-disc1.iso Enterprise-R4-U5-x86_64-disc3.iso
.. Enterprise-R4-U5-x86_64-disc2.iso Enterprise-R4-U5-x86_64-disc4.iso
Make a directory to store all the RPMs and all install files for your distro
# mkdir /installroot/oracle_el4x64
Copy all the files from the isos to /installroot/oracle_el4x64 by mounting them loopback and doing a cpio:
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc1.iso /mnt
# cd /mnt/
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc2.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc3.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
184/433
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc4.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
Make a directory to put all the files that will be served by tftp when the server to be installed is pxe booted
# mkdir /tftpboot/oracle_el4x64
Copy the small os and small kernel that is served by pxe/tftp when the server is pxe booted
# cp -rp /installroot/oracle_el4x64/images/pxeboot/initrd.img
/tftpboot/oracle_el4x64/
# cp -rp /installroot/oracle_el4x64/images/pxeboot/vmlinuz
/tftpboot/oracle_el4x64/
Add a profile to the pxe boot options
1.
vi /tftpboot/pxelinux.cfg/default
label oracle_el4x64
kernel oracle_el4x64/vmlinuz
append initrd=oracle_el4x64/initrd.img load_ramdisk=1 ip=dhcp
Add a http docbase to serve the install files and rpms using apache
# vi /etc/apache2/conf.d/inst_server. conf
185/433
<IfDefine
x y z
inst_server>
Alias /oracle_el4x64/ /installroot/oracle_el4x64/
Alias /oracle_el4x64 /installroot/oracle_el4x64
<Directory
/installroot/oracle_el4x64>
Options +Indexes +FollowSymLinks
x y z
IndexOptions
x y z
+NameWidth
x y z
=*
Order allow,deny
Allow from all
</Directory
x y z
>
</IfDefine
x y z
>
Add a custom message that appears on the screen when the server to be installed is pxe booted:
# vi /tftpboot/bootmsg.txt
(for version 4 choose oracle_el4x64)
Restart apache so the new apache docbase is active
# /etc/init.d/apache2 stop
# /etc/init.d/apache2 start
Reboot the server to be installed and enjoy!
186/433
187/433

If you are creating a chroot jail and need to mount a filesystem from outside the jail, you can mount it as loopback,
before entering the jail.
For example, to mount /etc inside /jail/etc
# mount –bind /etc /jail/etc
done.
286/433

To see what pools do you have:
bash-3.00# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
mot117zpool1 116G 24.7G 90.9G 21% ONLINE –
To see what disks comprise a pool
bash-3.00# zpool status mot117zpool1
pool: mot117zpool1
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
mot117zpool1 ONLINE 0 0 0
c4t6006048000019 0101181533031393341d0 ONLINE 0 0 0
c4t6006048000019 0101181533031434543d0 ONLINE 0 0 0
errors: No known data errors
To check all pools health:
# zpool status -x
To mount all the zfs filesystems:
# zfs mount -a
156/433

I needed to share several directories with write permissions to some people and read permissions to others, so I had to
create all the necessary infrastructure for samba to work.
You have to create unix users and groups to later map them to samba users and groups.
In order to make this work with w95,w98, wxp, and w2k, I needed to use exactly the same usernames the people have
in their machines.
So, if, to say, Bob signs in his machine with the user bobd, i need to create bobd in my samba server, as a unix account,
and then map it to a smb user. The password is not going to be the same as his windows password, this would require
joining the windows NT/NT4 domain.
Said that, we proceed to create the groups and users like this
# groupadd infra
# useradd -m -d /home/rdircio -g infra rdircio
# passwd rdircio
Then, to add the users in samba
# smbpasswd -a rdircio
To map the unix groups we need to do
# net groupmap add ntgroup=”infra” unixgroup=infra type=d
After this, created the shared directories,inside /shared ending up like this
drwxrwxr-x 2 root infra 48 2006-01-03 12:20 cambios/
drwxr-xr-x 2 luis infra 48 2006-01-03 12:51 diagramas/
drwxrwxr-x 2 root infra 48 2006-01-03 12:17 inventario/
drwxrwxr-x 6 root inversion 240 2006-01-03 12:30 inversion/
drwxrwxr-x 10 root infra 280 2006-01-03 12:27 ismas/
drwxrwxr-x 5 root infra 152 2006-01-04 07:35 mantenimiento/
drwxrwxr-x 2 ppispma1 root 48 2006-01-03 09:47 publico/
you can see the permissions attached to specific users and groups, so read/write permission is achieved.
the smb.conf corresponding to this is:
[global]
workgroup = INFRA
server string = INFRA UNIX
security = SHARE
[mp3]
comment = musica
283/433
path = /mp3
read only = No
guest ok = Yes
[inversion ]
writeable = yes
read list = @infra
write list = @inversion
path = /shared/inversion
comment = Proyectos de Inversion
valid users = @infra
public = yes
[ inventario ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/inventario
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ mantto ]
read list = @infra
writeable = yes
path = /shared/mantenimiento
write list = @infra
comment = Informacion de Infraestructura
valid users = @infra
public = yes
create mode = 775
directory mode = 775
[ info general ]
writeable = yes
read list = @infra
admin users = ppispma1
write list = ppispma1
path = /shared/publico
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ cambios ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/cambios
comment = Informacion de Infraestructura
valid users = @infra
public = yes
284/433
[ ismas ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/ismas
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ homes ]
writeable = yes
read list = @infra
write list = @infra
path = /home
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[my home]
comment=%u home dir
path=/home/%u
writeable = yes
read list = @infra
write list = @infra
comment = homes
valid users = @infra
public = yes
The first share is totally public, anyone can enter, but the others require password.
We can avoid using different passwords for samba and unix users using pam_smbpass, we’ll discuss how to
do this later
285/433

format < /dev/null | grep -iv search | grep -i "." | awk '{ print $2 }' | while read line;do luxadm display /dev/rdsk/"$line"s2;
 done

You can use a combination of “jailkit” and pam’s chroot module for this, we’ll jail user “rdpm” in this example.
First, get jailkit from http://olivier.sessink.nl/jailkit/ , build it and install it
Now, create a generic jail
jk_init -v /home/jail sftp scp ssh jk_lsh basicshell
let’s now create the user “rdpm”
useradd -m -d /home/rdpm -g 10 rdpm
passwd rdpm
We want this to work only for ssh, so let’s add a line to /etc/pam.d/sshd to load the chroot module
session required pam_chroot.so debug
so, now let’s make rdpm’s home inside the jail directory
mkdir /home/jail/home/rdpm
chown rdpm /home/jail/home/rdpm
You may, if you want so, mount loopback his real home dir into the jail:
mount –bind /home/rdpm /home/jail/home/rdpm
And you may also make that bind mount permanent:
69/433
echo “/home/rdpm /home/jail/home/rdpm bind defaults,bind 0 0” >> /etc/fstab
let’s copy rdpm’s auth info into the jail
grep rdpm /etc/passwd >> /home/jail/etc/passwd
grep rdpm /etc/shadow >> /home/jail/etc/shadow
Let’s configure the chroot pam module
echo “rdpm /home/jail” >> /etc/security/chroot.conf
and that’s all, now “ssh rdpm@yourserver” and you’ll find urself in a jail
70/433