Archive for the ‘Linux’ Tag

Correcting a bad superblock on Redhat

Saturday, April 4th, 2015

One system had an issue with the secondary drive. The monitoring system reported it was in a Read-Only state. Suspecting a bad superblock as they happen from time to time; I gave the system a reboot.

As expected; I received:

 *** An error occurred during the file system check.
 *** Dropping you to a shell; the system will reboot.
 *** When you leave the shell.
 Give root password for maintenance
 (or type Control-D)
 (repair file system)#
After entering the root password; it was time to repair. In my case, the problem was easy as the second drive is allocated to one mount. If you are not sure, you will have to look at the partitions.
To list out the partitions, simply enter:
fdisk -l

In my situation, I was interested in this part:

Disk /dev/cciss/c0d1: 146.7 GB, 146778685440 bytes
255 heads, 63 sectors/track, 17844 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1   *           1       17844   143331898+  83  Linux

If you have multiple partitions, you can verify the label as a precaution (that is if it’s still intact) by using the e2label command. For example:

e2label /dev/cciss/c0d1p1

Having verified the partition, it’s time to restore the superblock by using backup. This is accomplished by using the mke2fs command. Note: if the OS is running, you will need to unmount the drive.

Example:

mke2fs -n /dev/cciss/c0d1p1

It will list output (I forgot to copy it), but at the bottom you will see:

Superblock backups stored on blocks:
(various numbers)

It doesn’t matter which one you choose; I picked the third one. To start the restore of the superblock; enter:

e2fsck -y -b <block number> /dev/your drive path

The “-y” option is a good idea if your partition is large. Otherwise, you will find yourself pressing the “y” key many many times.

Once it’s completed, reboot the system.

Don’t be surprised if it doesn’t solve it on the first pass. Simply re-list the backup superblocks and use a different one for the e2fsck command. In my situation, it took three attempts.

Much as I would like to impress you with my knowledge, I have to give people their acknowledgments for reviewing their blog and site for review.

Linux Expresso

Linux Forums

Advertisements

What model is my linux server?

Wednesday, January 28th, 2015

I had a request to identify the model of a server running Redhat. There is the asset database but I wanted a faster solution.

A quick Google search and I found the answer.

Log into the server and SU to root.

# dmidecode | grep -A3 '^System Information'

System Information
 Manufacturer: HP
 Product Name: ProLiant DL360 G7
 Version: Not Specified

PHPINFO on the home page

Wednesday, December 17th, 2014

A recent audit found the homepage of an Apache server with phpinfo() information displaying. Phpinfo() is a valuable debugging tool as it contains all EGPCS (Environment, GET, POST, Cookie, Server) data. Really useful for debugging and information gathering if you want to attack a system.

If you are not used to handling Apache, the obvious question is what to do?

The server in question for whatever reason; didn’t have a regular home page.  Probably a test environment or a “quick fix” for a problem.

The obvious solution is to get this information out of the home page.  A quick examination of the index.php file showed:

<?php
phpinfo();
?>

It would be simple to disable phpinfo() or remove the entry but the resulting page would be blank and to some in the PHP world; this is the “White Page of Death” which could cause confusion and waste time.

Since there wasn’t a home page; a simple print command was used to display a message.  For this example “hello:”

<?php
print("Hello");
?>

This eliminates the problem but we can go further by disabling phpinfo(). This is accomplished by a change in the php.ini file.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions
disable_functions = phpinfo

This requires restarting httpd.

phpinfo() can be restarted by simply placing a “;” in the disable_functions line and restarting httpd.

Audit answered; now back to our regularly scheduled entertainment.

Linux top command errors with Segmentation Fault

Wednesday, April 9th, 2014

A user reported he could not execute the top command.

I accessed his system and found top worked. However, if I used to the su command to become the user, top would fail with a segmentation fault. To add to the oddness was a strange message: Cannot get binary type. Odd messages such as this can fill a person with dread as it could mean somebody messed up their profile.  A debugging task that is rarely fun or rewarding.

I checked the PATH and found it was in order.

For fun; I reloaded procps.

I even checked security settings.

Still the segmentation faults continued.

At this point; I asked a few people and checked the Net and didn’t get any obvious answers.

I tried another system with the users account and though it pulled an error at login, it did run top.

What could be wrong?  Do I need to reload the system?

I checked the users profile and didn’t see anything obvious.  I happened to run ls -la and one thing did catch my attention. There was a file called .toprc. I renamed it and top worked!

It turns out you can have an RC file for top.  I didn’t know that as my need for top is usually the load on the system…..

 

Boot single user mode for Redhat

Tuesday, February 5th, 2013

Every once in awhile I have the need to access a system in single user mode.  Especially, when the root password isn’t what it’s supposed to be or for some reason a root login dumps me back to the login prompt.

Sometimes I forget the option to enable the single user due to multiple systems and rarely needing to use it.

Single-user mode boots the computer to runlevel 1 which means you will have access to your local file systems but not the network.

To get to single use mode you simply follow these steps which I found here:

At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu.
  1. Select Red Hat Enterprise Linux with the version of the kernel that you wish to boot and type a to append the line.
  2. Go to the end of the line and type single as a separate word (press the Spacebar and then type single). Press Enter to exit edit mode.

After that press the “b” key to boot the system which should go through process and then leave you with a root prompt. There you can change the root password, edit config files, etc.

Restart windows service from Linux

Monday, April 2nd, 2012

I had a request on how to restart the three LSF services from a script. The person worked on the farm team and did not relish the idea of using remote desktop or VNC.

I thought about a Powershell script or using a batch script to run the PsService from sysinternals. It looked simple as the command is as follows:

psservice \\<computer> -u <domain\username> -p password stop service <service name>

psservice \\<computer> -u <domain\username> -p password start service <service name>

I contacted the user and asked a couple more questions and learned she wanted to run the script from Linux. Of course this required a change in my approach as I like to keep things as simple as possible especially when a user will write their own script. I decided to abandon windows scripts and find away to see if Linux could handle this via the windows management interface.

Looking around the Net, I found a way I didn’t even consider. Simply install the Samba-Common. This offers the Net utility(or as close to it as possible) for the Linux host. The particular command in question is Net RPC service command:

To list out the services on a Windows computer:

net rpc service list -I <IP Address> -U “<domain\username>%<password>”

If you wish to use the command line; simply remove “%<password>” and you will be prompted for a password.

To start or stop a service; you would enter:

net rpc service {start|stop} <Service Name> -I <IP Address> -U “<domain\username>%<password>”

Again, if you wish to use the command line, simply remove “%<password>” and you will be prompted for a password.

The account used will have to have local admin privileges so if you decide to script it, secure the file to yourself since the password will be plain text.

Much as I would like to impress you with my great knowledge; there was a sense of urgency to the request so I went to the Net and I did get help from the following sites so credit must be given where credit is due.

LifeHacker

Commandlinefu

LyleBackenrorth