RHEL Downloadonly plugin for yum

If you need to get package source code only, and you don’t want to install it, you can use Downloadonly plugin for yum.

Install the package including “downloadonly” plugin:

(RHEL5)

# yum install yum-downloadonly

(RHEL6)

# yum install yum-plugin-downloadonly

Run yum command with “–downloadonly” option as follows:

# yum install --downloadonly --downloaddir=<directory> <package>

Confirm the RPM files are available in the specified download directory.

Source: https://access.redhat.com/solutions/10154

Import SSL certificate from web server Apache OpenSSL to Tomcat format

To import SSL certificate into pkcs12 format you can use command:

# openssl pkcs12 -export -in /home/taras/ssl/shkodenko.com.crt -inkey /home/taras/ssl/shkodenko.com.key -out /home/taras/ssl/shkodenko.com.p12 -name tomcat -CAfile /home/taras/ssl/shkodenko.com.ca.crt -caname root -chain
Enter Export Password:
Verifying - Enter Export Password:

You will be prompted to input password.

# keytool -importkeystore -srckeystore /home/taras/ssl/shkodenko.com.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore /home/taras/ssl/shkodenko.com.jks
Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Entry for alias tomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Now, you can use /home/taras/ssl/shkodenko.com.jks certificates storage in your Apache Tomcat SSL virtual host configuration.

Set up NFS on CentOS and RedHat enterprise remote server folder sharing

To set up NFS on CentOS and/or RedHat enterprise Linux the following package should be installed:

# yum install nfs-utils
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Excluding Packages in global exclude list
Finished
Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
Finished
Setting up Install Process
Package 1:nfs-utils-1.0.9-71.el5.x86_64 already installed and latest version
Nothing to do

If you see error while trying to start nfs service:

# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
                                                           [FAILED]
Starting NFS daemon:   
                                                           [FAILED]

check if portmapper service is working:

# rpcinfo -p
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
#

If not, add portmap service to auto start:

# chkconfig portmap on

Start the portmap serice:

# service portmap start
Starting portmap:                                          [  OK  ]

When portmap service is started it should show some output like:

# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
#

You should start nfs service

# service nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
#

Add an entry what folder do you want to share to configuration file /etc/exports

/home/taras/backups/shared 11.22.3.4/255.255.255.0(rw,sync)

Where 11.22.3.4 IP address of remote side where you will mount shared folder.

You can also add IP to configuration file:

# more /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL: 11.22.3.4

Create folder /mnt/shared and mount remote folder in it

# mkdir -pv /mnt/shared
# mount shkodenko.com:/home/taras/backups/shared /mnt/shared -o nolock

Install and configure custom PHP FastCGI version with Plesk 12

If you need to use modern version of PHP and you have Plesk control panel version 12+ you can use php_handler utility.

To view list of currently installed PHP versions use command:

# /usr/local/psa/bin/php_handler --list
             id:  display name:  full version:  version:    type:                           cgi-bin:  php-cli:                           php.ini:  custom:
          module          5.3.3          5.3.3       5.3   module                   /usr/bin/php-cgi                                 /etc/php.ini    false
         fastcgi          5.3.3          5.3.3       5.3  fastcgi                   /usr/bin/php-cgi                                 /etc/php.ini    false
             cgi          5.3.3          5.3.3       5.3      cgi                   /usr/bin/php-cgi                                 /etc/php.ini    false

To install custom PHP build installed to folder /opt/php-5.4.37 use command:

# /usr/local/psa/bin/php_handler --add -displayname php-5.4.37 -path /opt/php-5.4.37/bin/php-cgi -phpini /opt/php-5.4.37/etc/php.ini -type fastcgi -id php-5.4.37

You will see message:

The new PHP handler with the id "php-5.4.37" was successfully registered.

Now, you can select it in Plesk control panel then editing your domain “Hosting settings”.

Mtop utility installation on Debian 7

Mtop utility can be downloaded from http://sourceforge.net/projects/mtop/?source=typ_redirect.
Current version at this moment is: 0.6.6.

To install it the following system packages should be installed as dependencies: libncurses5-dev

# sudo apt-get install libncurses5-dev

Because of error during installation of depended Curses Perl library:
fatal error: ncurses.h: No such file or directory

The following Perl libraries required by mtop should be installed: Curses, Getopt::Long, Net::Domain, DBI and DBD::mysql
I’m istalling them using Perl CPAN module:

# perl -MCPAN -e shell
# ...
cpan[1]> install Curses
cpan[2]> install Getopt::Long
cpan[3]> install Net::Domain
cpan[4]> install DBI
cpan[5]> install DBD::mysql
cpan[6]> quit

Mtop installation process:

# cd /root/install
# tar xzf mtop-0.6.6.tar.gz
# chown -Rf root:root /root/install/mtop-0.6.6/
# cd /root/install/mtop-0.6.6/
# perl Makefile.PL
...
# make
...
# make install
Manifying 2 pod documents
Installing /usr/local/bin/mtop
Installing /usr/local/bin/mkill
Installing /usr/local/bin/mtop
Installing /usr/local/bin/mkill
Installing /usr/local/share/perl/5.14/cpan2spec.pl
Installing /usr/local/share/man/man1/mkill.1p
Installing /usr/local/share/man/man1/mtop.1p
Appending installation info to /usr/local//lib/perl/5.14/perllocal.pod

Now, mtop and mkill utilites are ready for use.

Using dpkg to find package names on Debian Linux 7 (wheezy)

To discover what package a file belongs to use command:

# dpkg -S /bin/dash
dash: /bin/dash

We find several packages related to what we’re looking for, together with brief descriptions. To get more information about a specific package, I can then use:

# apt-cache show dash

Read more at https://www.debian.org/doc/manuals/apt-howto/ch-search.en.html

Block / unblock IPs on Linux servers

There is several ways to block / unblock IPs on linux servers.

It can be done using IPTables firewall rules, server configuration files /etc/hosts.deny, using route.

I have written simple shell scripts to block / unlbock IPv4 which can be used on any Linux distribution if you have root administrator access.

You can get them for a small price:

Linux bash scripts to block/unblock IPv4 using route

usermod – add a existing user to existing group

If you need to add existing user to existing group use usermod command.

1. Check current user groups using id command:

# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin)

2. Add existing user to group using usermod command:

# usermod -a -G wheel serveradmin

3. Check if user has been added to group using id command:

# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin),11(wheel)

SSH login without password using keys

To set up SSH login without passwords using keys:
1. Generate key using ssh-keygen utility. Keys will be saved in this example in ~/.ssh/ folder. File ~/.ssh/id_rsa is your private key. File ~/.ssh/id_rsa.pub is your public key.
2. Add public key to ~/.ssh/authorized_keys on server where you want to login without password using command:

# ssh-copy-id -i ~/.ssh/id_rsa.pub user@shkodenko.com

3. Now you can login as user to example host shkodenko.com without password using your public key using command:

# ssh user@shkodenko.com

OpenSSL check if SSLv3 is disabled

To verify if OpenSSL protocol version 3 is disabled you can run command:

# openssl s_client -connect  www.shkodenko.com:443 -ssl3

If you will see answer like below:
CONNECTED144:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139824221411144:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

When SSL3 is disabled.