Linux.com

Community Blogs



Access VMWare Server 2 remote virtual machine without web interface

I've spent a lot of time doing something else and I left the blog alone for a while.

This new entry is related to VMWare Server v2.0 and Virtual Infrastructure Client on Linux.
Many of you already know there's no Virtual Infrastructure Client available on a linux client, so it's quite a mess if you'd like to control a VMWare server if you don't want the ugly web interface available with it.

Personally I don't like WebInterface, it's ugly and very slow, here's where Virtual Infrastructure Client (VIC) comes out, unfortunately this is only available for Windows machines. VMWare promised a lot of time ago a version available for linux but nobody have already seen it working or available.

I'm quite upset about lack of support for linux users so I've installed the windows client on linux with WINE emulation. It works fine, even with WINE, but it's clearly a Windows application and it's not native.

Few days ago I've discovered I can use VMWare Player  v2.x and use it to control Virtual Machines consoles even on a remote VMWare Server. If you run VMWare Player (v2.5.3.x on my Gentoo box) you can only choose local virtual machines so you cannot select remote machines running on a remote host without some sort of network share. if you run local help you can see:

~$ vmplayer --help
Usage:
vmplayer [OPTION...] <Virtual machine config file>

Help Options:
-?, --help Show help options

Application Options:
-v, --version Display the program version
-L, --list-stock-ids Display the list of registered stock IDs
-X, --fullscreen Start in fullscreen mode
-U, --unity Start in Unity mode
-k, --no-kiosk-warning Suppress the warning that appears when a Kiosk Mode ACE is started
-K, --no-kiosk-mode Force a Kiosk Mode ACE to start outside of Kiosk Mode

 But, if you launch it with this command:

~$ vmplayer -h remote.host.with.vmware:8333

Where "remote.host.with.vmware" is obviously the IP Address of the remote VMWare Server machine and 8333 is the remote port for VIC control (TCP Default)

When you run it you can see:

Just input your remote username and password and you'll see the list of remote virtual machines available:

 Open one of the machines and use it. You cannot administer or manage remote filestore or create new virtual machines like VIC does but at least you can use them. You've full access to the remote machine console without VIC and without web access.

Hope it helps someone

 

Andrea (Ben) Benini

 

 

 

mod_rewrite with Fedora 10 and ISPConfig for WordPress

This relates to Fedora 10 and ISPConfig 3.0.1 set up as described in this HowtoForge post One of my colleagues recently got interested in offering our clients Wordpress as a content management system, so he's been trying it out. Yesterday he found out that if he wanted to change the permalink style in Wordpress he needed write access to .htaccess, which he didn't have because the user rights haven't been set up very well there. So I gave him write access by using
chown apache:apache .htaccess
Unfortunately this resulted in a 500 Interal Server Error. Looking at the error log for the website I tried this for it let me know that RewriteEngine directives were not allowed in the .htaccess. Since I didn't want to mess with the base configurations of ISPConfig I started looking around for other options. Eventually I found that I had to add something similar to this to the Apache directives field under options under the website's settings
<IfModule mod_rewrite.c>
<Directory /var/www/[sitename]/web/>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
</IfModule>
Of course [sitename] should be replaced with the name of your website. It all works after I restarted the apache server myself, but I do not know if that is completely necessary. Also it might take a few seconds before ISPConfig finishes editing the configuration file.
 

RAID: Installing grub on the other Disks

So, you've followed my previous blog: Replacing faulted drive on Linux software RAID (MDTOOLS), you already know how to swap a faulty drive with a new one, but what happens if you need to substitute primary disk where your Computer makes boot ?

After adding a new disk to your raid chain it's a good idea to make it bootable as well by installing grub on MBR. When boot drive in your raid array becomes faulty all you've to do is to power off your machine, substitute your faulty drive and boot your computer again. If you've properly set bios boot sequence to iterate between primary, secondary, ... you can boot your raid array again, second or third HD makes the boot because you've installed grub on it, pretty easy and straightforward, this contributes to have a bulletproof system.

How to install grub on other disks ?

First enter grub console:

~# grub
Probing devices to guess BIOS drives. This may take a long time.

 

GNU GRUB  version 0.97  (640K lower / 7168K upper memory)
[ Minimal BASH-like line editing is supported.  For the first word, TAB
   lists possible command completions.  Anywhere else TAB lists the possible
   completions of a device/filename. ]
grub> root (hd1,0)
grub> setup (hd1)
grub> quit

Where HD1 means second disk (grub starts counting from 0), HD2 means third disk and so on

If you've your boot partition inside a drive array as well it becomes easy to swap disks and replace them when faulty, here's an example:

boba:~# fdisk -l /dev/sda
Disk /dev/sda: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0003272d
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          12       96358+  fd  Linux raid autodetect
/dev/sda2              13          73      489982+  fd  Linux raid autodetect
/dev/sda3              74         681     4883760   fd  Linux raid autodetect
/dev/sda4             682       38913   307098540   fd  Linux raid autodetect

take a look at my fstab:

boba:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# proc /proc proc defaults 0 0
/dev/md2 / ext3 errors=remount-ro 0 1
/dev/md0 /boot ext2 defaults 0 2
/dev/mapper/storage-storage /home xfs defaults 0 2
/dev/md1 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0

As you can see my /dev/md0 is the boot partition, /dev/sda1 is a part of it, it doesn't matter if you're using RAID1,5,6,10,...

With this hint you can boot your machine again, even if your primary disk has gone 

Hope it helps

 

Andrea (Ben) Benini

 

 

Open Source Security Solutions

A report on the state of security has been released today by the Sans Internet Storm Center , the two main threats posed to an organisation are the threat of targetted "spear phishing" against Client Desktops and attacks against web applications.

Most here at Linux.com would be familiar with the threat of the malware against Windows Desktops, this report highlights the fact that other client applications are being targeted; Adobe Reader and Quicktime are good examples. Of course running Linux on your desktop lowers the risk of these attack vectors considerably.

Another area where Linux based open source solutions excel is in security vulnerability assessment tools. Use of these tools will help to find security vulnerabilities within your web server and web applications. Once the vulnerabilities are found they can be fixed or remediated.

Here are some tools to get you started:

Nmap for port scanning of your system(s). Shows you open ports on your server and holes in your firewall.
OpenVas for server vulnerability scanning of your servers. It checks for listening ports / services and then tries to confirm if services are vulnerable to exploitation using a db of thousands of vulnerabilities.
Nikto is web service scanner that does a thorough analysis of your web server. Looks for scripts and server misconfigurations that are a security threat.
SQLiX performs SQL Injection Testing that can find vulnerable web application applications. This is a popular attack vector for web application attacks.
OSSEC  is a Host based intrusion detection system that is easy to setup and use.

These tools are all high quality and just a sample of the powerful open source security tools that are available.

About the Author: Peter runs the popular online open source security tool scanning site http://www.hackertarget.com. Where various security scanning tools are made available for free to assist in the securing of internet based servers.
 

Replacing faulted drive on Linux software RAID (MDTOOLS)

Here's a very quick HOWTO for Linux Software RAID, these notes are maded for replacing a faulty disk with a new one.

When you've a software RAID configuration with linux you've planned to survive to hardware failures, when these failures happen you need to replace the faulty drive with a new one and inform your RAID configuration of it.

First take a look at your current RAID config by running the command:

~# cat /proc/mdstat
Personalities : [raid1]
  md1 : active raid1 sda2[2](F) sdb2[1]
     70645760 blocks [2/1] [_U]
  md0 : active raid1 sda1[0] sdb1[1]
     9767424 blocks [2/2] [UU]
  unused devices:

 

This shows raid md1 has drive sda2 stopped with a fault.
As my config shows I've two disks with software RAID1, sda2 is marked as faulty (letter F) and block device is not present in the RAID ("_" instead of "U"). First thing to do is to replace the drive, power off the machine if you don't have hotswap drives

Then you need to inform your configuration about the new drive, first remove your previous block device (from raid md1 in my case):

~# mdadm /dev/md1 -r /dev/sda2
mdadm: hot removed /dev/sda2

Then add your new partitioned block device:

~# mdadm /dev/md1 -a /dev/sda2
mdadm: re-added /dev/sda2


Now you will see it regenerate your RAID chain in mdstat:

~# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda2[2] sdb2[1]
70645760 blocks [2/1] [_U]
[>....................] recovery = 0.3% (268800/70645760) finish=21.8min speed=53760K/sec
md0 : active raid1 sda1[0] sdb1[1]
9767424 blocks [2/2] [UU]
unused devices:

When finished you'll have a working config

 

Hope it helps

Ben 

 

 

 

Instalando y configurando LAMP en Fedora

 LAMP Fedora

Ahora que ya tenemos nuestro servidor FTP funcionando, supongo que querréis algo más. ¿Tal vez, un servidor LAMP? Pues sí. Es lo que vamos a hacer. Instalaremos y configuraremos un servidor completo con httpd, mysqld y php. Pero antes, ¿qué es un servidor LAMP?

El acrónimo LAMP se refiere a un conjunto de subsistemas de software necesarios para alcanzar una solución global, en este caso configurar sitios web o Servidores dinámicos con un esfuerzo reducido.

En las tecnologías LAMP esto se consigue mediante la unión de las siguientes tecnologías:

  • Linux, el sistema operativo;
  • Apache, el servidor web;
  • MySQL, el gestor de bases de datos;
  • Perl, PHP, o Python, lenguajes de programación.

 

Para empezar instalaremos todos los paquetes que necesitamos. Abrimos una terminal y nos logueamos como root.

su -

yum install httpd php php-gd mysql-server php-mysql phpMyAdmin

Ahora, ya con todos los paquetes instalados, empezaremos a configurar nuestro servidor. Vamos a seguir un orden, asi que empezaremos por Apache, el servidor web. En fedora viene muy bien configurado por defecto y a no ser que necesitemos optimizar al máximo nuestro equipo no lo tocaremos. De todos modos, si queréis leer el archivo de configuración, se encuentra en /etc/httpd/conf/httpd.conf

Lo siguiente será establecer una contraseña para el usuario root de mysql. Para ello abrimos una terminal y escribimos.

mysql -u root

USE Mysql;

UPDATE user SET password=password(’escribimos_aquí_la_contraseña’) WHERE user=’root’;

quit

Nota: Si te devuelve un error al internar cambiar la contraseña prueba a escribir el comando manualmente, ya que al copiar de wordpress la comilla simple (’) puede transformarla en comilla doble (”)

Ahora con los datos de mysql configuraremos PHPMyAdmin. Abrimos de nuevo una terminal y escribimos.

Si usas Gnome | su -c ‘gedit /etc/phpMyAdmin/config.inc.php’

Si usas KDE | su -c ‘kwrite /etc/phpMyAdmin/config.inc.php’

Buscaremos las líneas donde pone:

$cfg['Servers'][$i]['user']= ”;
$cfg['Servers'][$i]['password']= ”

Y lo dejaremos de la siguiente manera:

$cfg['Servers'][$i]['user']= ‘root’;
$cfg['Servers'][$i]['password']= ‘contraseña_de_mysq’

Ahora que ya tenemos todo configurado iniciaremos los servicios necesarios para que funcione nuestro servidor. A diferencia de el servidor FTP que sólo requiere uno, nuestro servidor LAMP requiere dos. Además también hay que abrir los puertos en el cortafuegos. Para ello vamos a Sistema – Administración – Cortafuegos y en servicios confiables seleccionamos WWW. Aplicamos y cerramos. Ahora abrimos una terminal y escribimos lo siguiente:

su -

service httpd start

service mysqld start

Como todos los servicios también podremos pararlos.

su .

service httpd stop

service mysqld stop

O reiniciarlos. Esto es necesarios cada vez que cambiamos algo en los archivos de configuración.

su -

service httpd restart

service mysqld restart

Por último, si queremos que estos servicios se inicien durante el arranque tan sólo tenemos que escrbir:

su -

chkconfig httpd on

chkconfig mysqld on

Con este servidor que acabamos de instalar y configurar podremos instalar cualquier CMS como Drupal o WordPress. Sólo hay que tener tres datos en cuenta, la carpeta donde deberemos crear nuestra web es en /var/www/html. Además mientras no se haya ningún archivo llamado index se mostrará una web de prueba de Fedora. Y por último, nuestro servidor será accesible localmente escribiendo en el navegador la dirección html://127.0.0.1/

Fuente | El blog de Iyan

 

Instalando y configurando VSFTPD en Fedora

 Servidor FTP

Instalar y configurar un servidor usando Fedora es una tarea sencilla y bastante entretenida. A lo largo de dos post explicaré paso a paso cómo instalar un servidor completo, tanto FTP como HTTP. Pero antes de empezar, ¿qué es un servidor?

En informática, un servidor es un tipo de software que realiza ciertas tareas en nombre de los usuarios. El término servidor ahora también se utiliza para referirse al ordenador físico en el cual funciona ese software, una máquina cuyo propósito es proveer datos de modo que otras máquinas puedan utilizar esos datos.

 

En la primera parte explicaré como instalar VSFTPD (Very Secure FTP Daemon), considerado como la opción más segura para crear un servidor de este tipo. Algunos ejemplos de servidores que usan VSFTPD:

  • ftp://ftp.redhat.com/
  • ftp://ftp.openbsd.org/
  • ftp://ftp.suse.com/

Para empezar, instalaremos los paquetes que necesitamos. Para ello nos logueamos como root y escribimos:

su -

yum install vsftpd

Ahora ya tendremos nuestro servidor FTP instalado. A continuación lo configuraremos y ya podremos empezar a compartir datos con él. Vsftpd tiene dos archivos de configuración, ambos guardados en /etc/vsftpd/

En primer lugar abriremos el archivo vsftpd.conf, donde se encuentran la mayoría de las opciones que podremos modificar.

su -

Si usas Gnome | gedit /etc/vsftpd/vsftpd.conf

Si usas KDE | kwrite /etc/vsftpd/vsftpd.conf

Os recomiendo que leáis con calma todos los parámetros y los modifiquéis para que se adpaten a vuestras necesidades. A continuación citaré los más importantes a tener en cuenta.

Parámetro anonymous_enable

Si el valor es YES cualquier persona podrá acceder al servidor. Si es NO, sólo los usuarios autentificados podrán acceder.

Parámetro local_enable

Con esta opción podemos permitir la entrada a usuarios locales o no

Parámetro write_enable

Si queremos permitir la escritura en nuestro servidor, escribiremos YES. Si por el contrario, queremos que sea de solo lectura, pondremos NO.

Parámetro ftpd_banner

Aquí escribiremos un mensaje que será mostrado cada vez que un usuarios accede al servidor.

Parámetro anon_max_rate

Se utiliza para determinar la máxima velocidad de transferencia a los usuarios anónimos. Se utilizan los bytes por segundo como unidad.

Parámetro max_clients

Aquí podremos determinar el número máximo de conexiones simultáneas a nuestro servidor FTP.

Parámetro max_per_ip

Igual que el anterios pero para limitar las conexiones que usen la misma IP. Lo lógico es poner el mismo tope que el anterior parámetro. Esto nos servirá para limitar el número de conexiones simultáneas de personas que usen un mismo Proxy, por ejemplo.

Ahora que ya tenemos todo configurado (estos son los parámetros básicos, pero hay muchos más) sólo tenemos abrir los puertos en el cortafuegos y arrancar el servidor. Para ello vamos a Sistema – Administración – Cortafuegos y en servicios confiables seleccionamos FTP. Aplicamos y cerramos.

Ahora abrimos una terminal, nos logueamos como root y escribimos:

su -

service vsftpd start

Además si querermos que arranque durante el arranque, escribimos:

su -

chkconfig vsftpd on

Listo!! Ya tenemos en marcha nuestro servidor FTP. Para comprobar que funciona, abrimos el navegador y escrbimos en la direccion:

ftp://127.0.0.1/

Ahora sólo queda empezar a compartir archivos. Para ello tened en cuenta que la carpeta en la que hay que guardar los archivos para que sean visibles en nuestro servidor es /var/ftp

Fuente | El blog de Iyan

 

 

tail -f vs less +F

When I was fist seen this command, I was thinking ohhhh god why I haven't seen this command long time back, this could have make my life much more easier.

tail -f /var/log/messages

The main advantages of tail -f is that, you can monitor logs real time it will keep on appending logs as it goes, but what if I have found one error and want to look back what went wrong, I have to quit the tail and open the file in VI or with less.
There comes the advantage of less +F, you can monitor logs real time it will keep on appending logs as it goes, and if I found error I can execute ctrl+c to stop appending real time log and can go back and check what went wrong, once I verified and can again start appending log by executing capital F
less +F /var/log/messages

This does the same thing as tail -f but it will also show the entire file, just press ctrl + c to navigate around the log file. When you want to view the log in real time again just type a capital F.
 

One shot RSync between two hosts without installing services

I was syncing two Linux hosts, just need to copy data between them. I don't need and neither don't want to install Samba as a Service for a quick sync, RSync was my preferred method.

RSync is very easy to use and quick but in this case I don't either want to install RSync service daemon as well on the destination machine (the machine with data to transfer), so I've opted for rsync through ssh tunnel without a service installed.

Here's a quick sample:

- You've to transfer data from remote host machine (name: "oldhost")
- You've to copy data into another machine (name: "newhost")
- You don't want to install/configure rsync daemon on these two machines
- You've at least ssh server access to "oldhost" from "newhost"
- You've at least rsync program installed on "newhost"

Ok, don't configure rsync daemon on these two machines, just login to "newhost", go to target directory (the directory where you'd like to have data copied) and issue a command like this:

newhost:/target# rsync --verbose --recursive --copy-links -perms --owner --group --compress --specials --stats --devices --times --delete -e "ssh -l root" oldhost:/source/ .

Please substitute /target with your target directory on newhost, /source with your source directory from oldhost, root with your favorite username on remote host

This command uses rsync through ssh shell on remote host and copies data from there to local host on specified directory (current directory as latest "."  on command reported)

You can substitute "." with local target directory as needed

 

In this way rsync is just used without the service (rsyncd), as a new blog I can create few easy steps for rsyncd configuration if you need it.
I always use this method for one shot synchronization, when your rsync operation are scheduled of programmed periodically it's better to use rsyncd service, this is my favorite backup system

Glad to read your comments

 

Andrea Ben Benini

 

Samba public users directory (quick howto)

This quick post shows you how to create a samba share for a network, every user is forced to a specific username and each file belongs to this username. This is useful when dealing with public folders for some sort of exchange between users in a network

Read/Write access  to everyone for directories and files, this is a tipical configuration for a swap area

Check it out:

[public]
comment = Public folder for my network
available = yes
browseable = yes
path = /home/public
guest ok = yes
public = yes
writable = yes
write list = *

force group = commongroup
force user = commonuser
create mask = 0644
directory mask = 0755

printable = no

 

Comments welcomed

 

Ben 

 

Transparent dynamic reverse proxy with nginx

A while back I wrote about using Apache as a dynamic reverse proxy. Anyone who has done even minimal research into web servers knows that Apache is the swiss army knife. It trys to be everything for everyone, and like a swiss army knife may not be as good as a more refined too at least as far as efficiency is concerned. (Read More)
 
Page 6 of 9

Upcoming Linux Foundation Courses

  1. LFD320 Linux Kernel Internals and Debugging
    03 Nov » 07 Nov - Virtual
    Details
  2. LFS416 Linux Security
    03 Nov » 06 Nov - Virtual
    Details
  3. LFS426 Linux Performance Tuning
    10 Nov » 13 Nov - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board