Thursday, April 9, 2009

Configure RT(Ticketing system) in Fedora

Ticketing system use of Sales lead Tracking,bug tracking or networking security tracking.
Basic installation & configuration RT in fedora
$ yum install httpd
$ yum install mysql
$ yum install mysql-server
$ yum install sendmail*
$ yum install dovecot*

Start the httpd and mysql services

service mysqld start
service httpd start

Make sure the httpd & mysqld service start at boot

chkconfig httpd on
chkconfig mysqld on

RT Installation
wget http://www.jwhite3.com/files/rt-3.6.6-bundle.tar.gz 

tar –zxvf rt-3.6.6-bundle.tar.

 Set repository -set repository if you are using rhel 5

vi /etc/yum/repos.d/localrt.repo

[rhel51-rt3] name=RT 3.6.6 for Red Hat Enterprise Linux 5.1 baseurl=file:///path/to/your/extracted/files enabled=1 gpgcheck=0
Install rt3 and all dependencies with yum

yum install rt3

RT Post Setup

Now that rt is installed you may want to customize your setup. Inorder to do that you will need to know where your files are located. This package changes the file locations from the fedora6 version of rt,and differs greatly from the BP default

Customize /etc/rt3/RT_SiteConfig.pm

You may find a need to change the site configuration of rt from time to time. For example to point rt to a remote database, configure external authentication, or set other configurable options. Below are several options that I like to set, but keep in mind these may differ greatly from a standard configuration.

Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1'); 
Set($OldestTransactionsFirst, 0); 
Set($MyTicketsLength, 25); 
Set($MyRequestsLength, 25); 
Set($WebBaseURL , "http://rt.blogspot.com"); 
Set($WebPath , ""); Set($WebImagesURL , $WebPath . "/NoAuth/images"); 
Set($rtname, 'blogspot.com'); 
Set($DatabaseHost   , 'db.blgspot.com'); 
Set($DatabaseRTHost , 'localhost'); 
Set($DatabaseUser, 'dbuser'); 
Set($DatabasePassword , 'dbpassword'); 
Set($DevelMode, '0'); 
Set($ShowTransactionImages, 0); 
Set($SuppressInlineTextFiles, true);

Initialize the RT database

rt-setup-databse --action init

Configure sendmail

Symlink rt-mailgate to /etc/smrsh, and create aliases to use RT:

ln -s /opt/rt3/bin/rt-mailgate /etc/smrsh/rt-mailgate

Edit /etc/aliases and add lines:


rt: "|/etc/smrsh/rt-mailgate --queue general --action correspond --url http://blogspot.com/"
rt-comment: “|/etc/smrsh/rt-mailgate –queue general –action comment –url http://blogspot.com/”

Edit /etc/mail/sendmail.mc and change the line:


DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
to read:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)

Edit /etc/dovecot.conf and change the line:

protocols = imap,imaps,pop3,pop3s

Rebuild your sendmail.cf:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Add rt server alias to /etc/mail/local-host-names:

rt.blogspot.com

Restart sendmail:

service sendmail restart

Test your new RT instance

Login to your new RT instance and test things out:

Default URL : http://blogspot.com/rt3/
Default User: root
Default password-password




Posted by at 5 comments:

Wednesday, April 1, 2009

How to configure ldap in fedora & rhel -5

$  yum install openldap-clients
$  yum install openldap-servers
$  yum install openldap*
$rpm -qa | grep ldap
Take backup for slapd.conf
$ /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
Edit the file /etc/openldap/slapd.conf

     we need to change some lines suffix,
     rootdn and the two rootpw lines.
  

     Suffix is the high level descriptor you selected above.  The
     rootdn is who (the user) that owns the server and should start with
     cn=. The first root password (rootpw) line should be set to
     secret.  You can generate an encrypted password for the second
     rootpw line using the command:
    $ slappasswd
Just cut and paste the output of the slappasswd command into the
     second rootpw line in slapd.conf
$ vim /etc/openldap/slapd.conf
suffix          "dc=bloger,dc=com"

bloger is a your domain name

rootdn          "cn=Manager,dc=bloger,dc=com"
rootpw          secret
rootpw          {SSHA}MRNBda83kd9f7d7did902mLA1x0AVOWMRBua

save & exit this file.
open ldap.conf file.
$ vim /etc/openldap/ldap.conf
change 2 line in this file
HOST 127.0.0.1
BASE dc=bloger,dc=com

save & exit this file.
LDAP Migration tools-:
These tools are located
     in /usr/share/openldap/migration. If
     you don't find them in your distribution you can download these tools
     from:
http://www.padl.com/OSS/MigrationTools.html

Install is simple.

untar zxf MigrationTools.tgz
cd MigrationTools-47

You then must edit migrate_common.ph and change the following site-specific variables to reflect your installation:


# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "bloger.com";

# Default base
$DEFAULT_BASE = "dc=blger,dc=com
Now we need to add the base entries into the LDAP. Here is an example of a new base org. units you may need and a user new user. The file we will create in out example is bloger.com.ldif.

Create a data file (bloger.ldif) & copy following content.
$ tuch bloger.ldif

dn: dc=bloger,dc=com
objectclass: top
objectclass: organization
o: bloger
description: Top level LDAP for bloger.com
dn: ou=Group,dc=bloger,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=bloger,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Services,dc=bloger,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
save this file.
$ /usr/share/openldap/migration/migrate_base.pl > bloger.ldif
Import first record
$ ldapadd -a -W -x -D "cn=Manager,dc=bloger,dc=com" -f bloger.ldif
$ ldapsearch -x -b 'dc=bloger,dc=com' 'objectclass=*
Create test user-:create file newrec.ldif for test user & add some content in this file.

$ touch bloger.ldif
note- You need an empty line before each line starting with "dn:"
$ vim bloger.ldif
# test1, < style="font-weight: bold;">bloger, com

dn: uid=test,ou=People,dc=bloger,dc=com
cn: test
sn: test
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}$!Z0ksiAKjsKLAsjuwyuAK!jksX
uid: test
uidNumber: 501
gidNumber: 501
loginShell: /bin/bash
homeDirectory: /home/test
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowInactive: -1
shadowWarning: 7
shadowFlag: 0
shadowExpire: -1
save & exit this file.
The dn: record must be uniqe and should include the include your suffix.

Add the record to your LDAP
To add a record to the ldap database we use the command ldapadd

$ ldapadd -W -x -D "cn=Manager,dc=bloger,dc=com" -W -f newrec.ldif
$ ldapsearch -x -b 'cn=test,dc=bloger,dc=com'
will display this record if it is added correctly.
Client Side Authentication-:
1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.

2. Check Enable LDAP Support and click the Configure LDAP button
3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
4. Click the Authentications tab and check Enable LDAP Support.

To test this, create a user in your LDAP directory that is not in
     your machine. Then check the account by fingering the
     user.  For example, if you add the test record for you
     should be able to essue the command:
$ getent passwd
$ finger test1




Posted by at 1 comment:

Wednesday, March 18, 2009

Enable Passwordless Authentication with SSH

Step 1:
(*note server1 is the source server and server2 will be the destination server)

server1# mkdir ~/.ssh

Step 2:

server1# cd ~/.ssh

Step 3:

server1# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (”your_local_home”/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
18:6a:e3:78:ab:2d:0c:8e:f9:67:f7:30:32:44:77:34 phil@server1

Step 4:

server1# scp ~/.ssh/id_rsa.pub phil@server2.philchen.com:/home/phil/id_rsa.server1.pub

Step 5:

server1# ssh phil@server2.philchen.com Password:

Step 6:

server2# mkdir .ssh

Step 7:

server2# chmod 700 .ssh

Step 8:

server2# cat id_rsa.server1.pub >> .ssh/authorized_keys

Step 9:

server2# chmod 644 .ssh/authorzied_keys

Step 10:

server2# exit server1# ssh phil@server2.philchen.com

Posted by at 2 comments:

Thursday, March 5, 2009

Backups With Rsync

rsync is a command line utility that is used to synchronize files between two computers over a network to synchronize files between two filesystems. It was written as a replacement for rcp but with many new features. For example it uses an algorithm that will only transfer files that have been modified. SSH will be used to authenticate between the machines and to encrypt the network traffic.

The situation: We have four machines named: server, machine1, machine2, and machine3. The server has a tape drive that is used to do nightly backups. machine1 is used as a development box and has files that need to be backed up in /src and in /home. machine2 is used for mail and needs /home and /mail to be backed up. machine3 is a web server and needs /home, /var/www, and /etc/httpd backed up.

Create a shell script for each machine. Simplify your maintenance by placing the scripts in a central location. I like to use /root/scripts. Decide on where you want to log your output. I like /root/logs but another common option is to have the script mail you the output.

Add entries to your crontab to call the scripts. Make sure you leave enough time before your normal backups of the server that the rsync jobs complete.

Each night the following will occur:

  1. rsync machine1 -> Server
  2. rsync machine2 -> Server
  3. rsync machine3 -> Server
  4. backup server to tape
Let's take a look at the flags used for rsync in the examples:

rsync -ave ssh --numeric-ids --delete machine1:/home /machine1


Next generate a public private key pair with ssh. Place the public key in the ~/.ssh/authorized_keys file in an account on machine1, machine2, and machine3 that has read access to the directories that need to be backed up. It is best not to use the root account on the remote machines, but you should evaluate the risk in your environment. Test that you can login to these accounts using ssh without using a password.

Test each one of the rsync scripts. The first time you run rsync will take the longest as it will need to copy all the files from the remote machines and not just the files that have changed.

Add the /machine1, /machine2, and /machine3 (or whatever you have named them) directories to the servers backup script.

While this process does not backup the entire remote machine, it will ensure that you will not lose irreplaceable data.

Starting with the example scripts included in this tutorial there are many changes that can be made to fit your specific circumstances.

The frequency of the rsyncs can be modified to occur more often or at different times. Simply by adding additional crontab lines the backup from the remote machines could be done everyday at lunch, multiple times a day or even hourly.

The scripts could also be changed to rotate between multiple backups on the server or could be changed to do some sort of processing on the files before they are backed up. For example if the home directories you are backing up contain web browser caches, they could be removed after the rsync but before the system backup.

Using this article as a starting point you should create a backup plan that fit your needs.

Example rsync script for machine1:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine1:/home /machine1 rsync -ave ssh --numeric-ids --delete machine1:/src /machine1
Example rsync script for machine2:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine2:/home /machine2 rsync -ave ssh --numeric-ids --delete machine2:/mail /machine2
Example rsync script for machine3:
#!/bin/bash  rsync -ave ssh --numeric-ids --delete machine3:/home /machine3 rsync -ave ssh --numeric-ids --delete machine3:/var/www /machine3 rsync -ave ssh --numeric-ids --delete machine3:/etc/httpd /machine3
Example crontab file logging to a directory:
# Scripts to rsync machines 59 20 * * * /root/scripts/sync-machine1.sh >/root/logs/sync-machine1.log 2>&1 59 21 * * * /root/scripts/sync-machine2.sh >/root/logs/sync-machine2.log 2>&1 59 22 * * * /root/scripts/sync-machine3.sh >/root/logs/sync-machine3.log 2>&1 # # Nightly Backup script 59 23  * * * /root/scripts/backup.sh > /root/logs/backup.log 2>&1

Example crontab file mailing the output:

# Scripts to rsync machines 59 20 * * * /root/scripts/sync-machine1.sh 59 21 * * * /root/scripts/sync-machine2.sh 59 22 * * * /root/scripts/sync-machine3.sh # # Nightly Backup script 59 23  * * * /root/scripts/backup.sh
Posted by at No comments:

Saturday, February 28, 2009

Some simple Tricks

1. Create a Directory with different permission-: 

when we need a directory with specific permission , we created directory 
using the mkdir command then set the permission using chmod command.Define 
the access permission while creating the directory &  set permission. 
try to following command-: 
# mkdir /test -v -m 700 
where we used the -m option for define the permission,we need to set. Option 
v use for verbose mode. 

now check the directory permission. 
# ls -ld /test 

2. Take Hardware information on live server -:  Do you know Ram, Bious
Motherboard,processor,cache , slot status information form live server. We 
can use following command. 
# dmidecode --type bious 
# dmidecode --type processor 
# dmidecode --type memory
Posted by at 3 comments:

Friday, February 27, 2009

Basic Samba Configuration step by step

We are trying to share knowledge about a samba by example.

we are going to create a directory path /home/data/sales.set the ownership and permission on the drectory such that people in the sales group can add/delete file but other can not.
first create a directory & set group & permission.
$ mkdir -p /home/data/sales
$ chgrp sales /home/data/sales
$ chmod 770 /home/data/sales
$ chmod g+s /home/data/sales note-: we have set special permission for group can add/delete file other can not.

# yum install samba*

open smb.conf file & add some line.

[sales]
comment = sales 's file
path = /home/data/sales
public = no
write list = @sales
: writable = yes

save & exit file.
$ /etc/init.d/smb restart

make a samba users & set smbpasswd-
$ smbpasswd -a user1

Selinux- if your selinux is inforce mode then you will need to allow selinux policy
$ getsebool -a | grep sam
$ setsebool -P samba_enable_home_dirs on

Iptables- if your pc firewall is enable then you will need set rules for allow.
$ iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 137:139 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p tcp --dport 445 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 137:139 -J ACCEPT
$ iptables -I INPUT -s 192.168.10.0/24 -p udp --dport 445 -J ACCEPT
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart
$ /etc/init.d/smb restart

Client side-
$ smbclient //servername/sales -U user1

if you want to permantly mount when system boot. you should be make fstab entry
add some line in fstab file.

$ vim /etc/fstab
//192.168.100.10/sales /mnt cifs username=user1,passwd=matix 0 0
save this file
$ umount -a
$ mount -a
$ df -kh (for check mount enrty)
Posted by at 1 comment:

Monday, February 23, 2009

Posted by at No comments:
Subscribe to: Posts (Atom)