Archive for the ‘Linux’ Category

Restarting the automounter on Redhat

Saturday, June 20th, 2015

I had a messed up automounter and wanted to restart it. Sometimes I just draw a blank for the command. It could be that I am focused mainly on Windows these days and I simply forget the command. Who knows?

It’s simple really,

service autofs restart

If I needed to start it:

service autofs start

To get a simple status:

service autofs status

Now that I have written this; it should remain.

Advertisements

Correcting a bad superblock on Redhat

Saturday, April 4th, 2015

One system had an issue with the secondary drive. The monitoring system reported it was in a Read-Only state. Suspecting a bad superblock as they happen from time to time; I gave the system a reboot.

As expected; I received:

 *** An error occurred during the file system check.
 *** Dropping you to a shell; the system will reboot.
 *** When you leave the shell.
 Give root password for maintenance
 (or type Control-D)
 (repair file system)#
After entering the root password; it was time to repair. In my case, the problem was easy as the second drive is allocated to one mount. If you are not sure, you will have to look at the partitions.
To list out the partitions, simply enter:
fdisk -l

In my situation, I was interested in this part:

Disk /dev/cciss/c0d1: 146.7 GB, 146778685440 bytes
255 heads, 63 sectors/track, 17844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1   *           1       17844   143331898+  83  Linux

If you have multiple partitions, you can verify the label as a precaution (that is if it’s still intact) by using the e2label command. For example:

e2label /dev/cciss/c0d1p1

Having verified the partition, it’s time to restore the superblock by using backup. This is accomplished by using the mke2fs command. Note: if the OS is running, you will need to unmount the drive.

Example:

mke2fs -n /dev/cciss/c0d1p1

It will list output (I forgot to copy it), but at the bottom you will see:

Superblock backups stored on blocks:
(various numbers)

It doesn’t matter which one you choose; I picked the third one. To start the restore of the superblock; enter:

e2fsck -y -b <block number> /dev/your drive path

The “-y” option is a good idea if your partition is large. Otherwise, you will find yourself pressing the “y” key many many times.

Once it’s completed, reboot the system.

Don’t be surprised if it doesn’t solve it on the first pass. Simply re-list the backup superblocks and use a different one for the e2fsck command. In my situation, it took three attempts.

Much as I would like to impress you with my knowledge, I have to give people their acknowledgments for reviewing their blog and site for review.

Linux Expresso

Linux Forums

PHPINFO on the home page

Wednesday, December 17th, 2014

A recent audit found the homepage of an Apache server with phpinfo() information displaying. Phpinfo() is a valuable debugging tool as it contains all EGPCS (Environment, GET, POST, Cookie, Server) data. Really useful for debugging and information gathering if you want to attack a system.

If you are not used to handling Apache, the obvious question is what to do?

The server in question for whatever reason; didn’t have a regular home page.  Probably a test environment or a “quick fix” for a problem.

The obvious solution is to get this information out of the home page.  A quick examination of the index.php file showed:

<?php
phpinfo();
?>

It would be simple to disable phpinfo() or remove the entry but the resulting page would be blank and to some in the PHP world; this is the “White Page of Death” which could cause confusion and waste time.

Since there wasn’t a home page; a simple print command was used to display a message.  For this example “hello:”

<?php
print("Hello");
?>

This eliminates the problem but we can go further by disabling phpinfo(). This is accomplished by a change in the php.ini file.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions
disable_functions = phpinfo

This requires restarting httpd.

phpinfo() can be restarted by simply placing a “;” in the disable_functions line and restarting httpd.

Audit answered; now back to our regularly scheduled entertainment.

Disabling phpinfo

Friday, December 12th, 2014

Penetration testing is something every IT group should perform as it can point out things which are often overlooked.

Such was the case of a small Apache server which uses PHP to provide an internal service. A recent PEN test showed the phpinfo function was enabled and it was the default page.

Phpinfo is a useful debugging tool as it will contain the EGPCS (Environment, GET, POST, Cookie, Server) data. This data is very useful for somebody who would want to attack the server. It is something that should be disabled.

If you never work with or rarely work with PHP, the obvious question is “How?”

Phpinfo is controlled through the php.ini file on the server. If the default parameters were used, it will exist in the /etc directory. If you are not sure, you can review the phpinfo information.  In my case, http://<server name or ip>  (I did mention this was a small server right?  Defaults).

There are other ways to disable the function but the best way is at the main php.ini file.

edit the php.ini file and look for disable_functions.

If you have a tightly controlled server, there will be other entries on that line.  Simply add :  ,phpinfo

In my case, the line looked like: disable_functions = phpinfo

After that, save your work and restart http by entering: service httpd restart

Phpinfo no longer displayed information.

Linux top command errors with Segmentation Fault

Wednesday, April 9th, 2014

A user reported he could not execute the top command.

I accessed his system and found top worked. However, if I used to the su command to become the user, top would fail with a segmentation fault. To add to the oddness was a strange message: Cannot get binary type. Odd messages such as this can fill a person with dread as it could mean somebody messed up their profile.  A debugging task that is rarely fun or rewarding.

I checked the PATH and found it was in order.

For fun; I reloaded procps.

I even checked security settings.

Still the segmentation faults continued.

At this point; I asked a few people and checked the Net and didn’t get any obvious answers.

I tried another system with the users account and though it pulled an error at login, it did run top.

What could be wrong?  Do I need to reload the system?

I checked the users profile and didn’t see anything obvious.  I happened to run ls -la and one thing did catch my attention. There was a file called .toprc. I renamed it and top worked!

It turns out you can have an RC file for top.  I didn’t know that as my need for top is usually the load on the system…..

 

Check speed and duplex of an Ethernet card with Redhat

Friday, February 22nd, 2013

How does one check the speed and duplex on a computer running Redhat?

A simple tool (if installed) called ethtool will give such information.

You will have to use a root to get this information.

# ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:  10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: g
Link detected: yes

ethtool can also make changes but I have not had a need to do that yet.

Boot single user mode for Redhat

Tuesday, February 5th, 2013

Every once in awhile I have the need to access a system in single user mode.  Especially, when the root password isn’t what it’s supposed to be or for some reason a root login dumps me back to the login prompt.

Sometimes I forget the option to enable the single user due to multiple systems and rarely needing to use it.

Single-user mode boots the computer to runlevel 1 which means you will have access to your local file systems but not the network.

To get to single use mode you simply follow these steps which I found here:

At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu.
  1. Select Red Hat Enterprise Linux with the version of the kernel that you wish to boot and type a to append the line.
  2. Go to the end of the line and type single as a separate word (press the Spacebar and then type single). Press Enter to exit edit mode.

After that press the “b” key to boot the system which should go through process and then leave you with a root prompt. There you can change the root password, edit config files, etc.

What is the size of the drives on a Redhat computer.

Thursday, September 13th, 2012

I had to do an audit of several machines for possible inclusion to a compute farm. There was a requirement as to the physical size of the disks installed.

To find this information, you can use the fdisk command which will list the physical size and partition information. I had to use root to get this information.

# /sbin/fdisk -l

Disk /dev/cciss/c0d0: 146.7 GB, 146778685440 bytes
255 heads, 32 sectors/track, 35132 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d0p1   *           1          64      261104   83  Linux
/dev/cciss/c0d0p2              65       20624    83884800   82  Linux 
swap / Solaris
/dev/cciss/c0d0p3           20625       35132    59192640   83  Linux

Disk /dev/cciss/c0d1: 146.7 GB, 146778685440 bytes
255 heads, 32 sectors/track, 35132 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1   *           1       35132   143338544   83  Linux
#

As you can see in this example; there are two drives which are 146.7 GB in size.

What version of Redhat am I running?

Thursday, September 13th, 2012

Every once in awhile I find myself asking the question of what version of Redhat is installed?

The login prompt tells you but if you access several systems, this information gets ignored.

Red Hat Enterprise Linux Client release 5.7 (Tikanga)
Kernel 2.6.18-274.el5 on an x86_64
login:

Rather then logging off and back in, you can review a file which will have the version information.

$ cat /etc/redhat-release
Red Hat Enterprise Linux Client release 5.7 (Tikanga)
$

How to rename a Redhat system.

Thursday, September 13th, 2012

Every once in awhile there is a need to rename a Redhat box.  Normally, I would prefer to reload them but there are times where the setup must be retained or the setup is relatively clean and reusable.

Renaming a Redhat box is easy.

1) vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=computername
GATEWAY=xxx.xxx.xxx.254
NISDOMAIN=domain.com

2) change the entry for HOSTNAME= to the new hostname.

NETWORKING=yes 
HOSTNAME=newcomputername
GATEWAY=xxx.xxx.xxx.254 
NISDOMAIN=domain.com

3) change the system names in /etc/hosts

There have been times where the hosts file remains unchanged.  Edit the file for the new names.

4) reboot the system and the new name should take effect.

Don’t forget to update DNS and NIS!