Allow Root to SSH for Ubuntu

This is the most insecure thing you can do to your linux system. That said however, when working on development systems at home I like to logon as SSH. Granted this is behind a firewall to a linux system with no access from the internet.

This was tested on Ubuntu 14.x on a Raspberry Pi.

I do this out of laziness. NEVER do this to an internet accessible system.

Continue reading “Allow Root to SSH for Ubuntu”

CentOS to MS Hyper-V Volume Issues

After making an image of a physical linux box (Dell hardware running CentOS), I converted the IMG file to a VDH file and after booting had many issue. One of which was the following error which caused all databases on the respective volume to fail because the volume was in read-only mode.

EXT3-fs error (device hda3) in start_transaction: Journal has aborted

Turns out, the system is telling me that it’s detected a file system/journal mismatch, and it can’t utilize the journal any longer. When this situation pops up, the file system gets mounted read-only. To fix the situation, I had to boot the system (now in the VM environment) in single user mode, dismount the volume and fix it.

I first started by removing the journal from the file system:

# tune2fs -O ^has_journal /dev/hda3

Then I tried to fsck it to correct any possible problems:

# e2fsck -p -f -v /dev/hda3

Unfortunately this lead me to another error: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. (i.e., without -a or -p options).

Ugh. fsck again….I had originally run it without the -f option and it found no errors, yet it refused to mount in read-write mode. So now running it sans the -p option, -f forcing it to check it anyway, seems to have helped- but this time I needed to be present to hit y to every single error. There were hundreds.

Once that finished I ran it again with the -y option to see if it picked up anything and it was clean!

Time to make a new journal which makes the partition an ext3 file system again:

# tune2fs -j /dev/hda3

I can now mount the partition as an ext3 partition:

# mount -t ext3 /dev/hda3 /mnt/fixed

After rebooting the system seems happy once again with no mounting errors. Quick and simple!

QNAP NAS SSH Service Commands

I use several QNAP devices from the large 24 drive down to a personal 2 drive. I’ve found that they are pretty good and you can do a lot with them as they’re basically Linux boxes with a pretty web interface.

Here are some useful console commands for restarting specific services.

First, to restart basically everything you can issue this command:

/etc/init.d/services.sh restart

One of the most common ones is to restart smb:

/etc/init.d/smb.sh restart

Here’s a list of other common ones: (They’re all in /etc/init.d)
I believe they will all accept the restart option. They will accept start/stop options.

QMediaService.sh
Qthttpd.sh
StartMediaService.sh
bonjour.sh
crond.sh
ftp.sh
mysqld.sh
network.sh
opentftp.sh
qsyncman.sh
rsyncRR.sh
rsyncd.sh
rsyncd_srv.sh
rsyslog.sh
samba4.sh
services.sh
timemachine.sh
vpn_openvpn.sh
vpn_pptp.sh
webalizer.sh

Enabling SNMP On CentOS / RHEL

Setting up SNMP (Simple Network Management Protocol) on a CentOS machine is a very quick and easy process and I often forget so here’s a quickie on how.

Install the SNMP daemon by running the following command:

yum install net-snmp

Once SNMP is installed you want to install the configuration utility. I always forget this. It makes it easy to configure SNMP for both the community string,  SNMP version and basic security.

yum install net-snmp-utils

Once the configuration tool is installed, run it:

snmpconf -g basic_setup

As you run through the configuration utility it will present you with many options. Depending on how you have your remote monitoring setup (Cacti/Nagios) you will need to choose the options that work for you.

Once done, you will need to copy the configuration file to the correct directory. In most cases it will need to be moved from “/root/snmpd.conf” to “/etc/snmp/snmpd.conf” – You will need to overwrite the existing conf file in the /etc/snmp/ directory.

mv /root/snmpd.conf /etc/snmp/

Once the configuration file has been moved over you can restart SNMP.

service snmpd restart

The last thing you need to do is have SNMP start at boot time. If you do not run the following command you will need to manually start SNMP after a reboot.

chkconfig snmpd on

At this point you should be set. If for some reason you are running the firewall will need to open port 161 for UDP & TCP traffic to allow SNMP to be accessed remotely.

Sending Syslog logs from Ubuntu to a remote syslog server

I don’t know why I didn’t have notes on this already. I’ve done it dozens of times. So here’s the write up.

I use Ubuntu and it uses the syslog facility/daemon called rsyslogd. Its configuration file is located here:

/etc/rsyslog.d/50-default.conf

This file tells the deamon where to log each type of message. For example the follow entry means that all cron message are sent to /var/log/cron.log:

cron.* /var/log/cron.log
Continue reading “Sending Syslog logs from Ubuntu to a remote syslog server”

MySQL Truncating or Dropping All Tables in a Database

I just had the need to truncate all the tables in of my databases. Basically I wanted the data gone but the schema to stay. Below is the linux shell command I used to truncate the tables.

I’ve also included how to straight up drop the tables too- just keep in mind dropping tables dumps the schema and data.

Truncate

mysql -Nse 'show tables' DATABASE_NAME | while read table; do mysql -e "truncate table $table" DATABASE_NAME; done

Drop

mysql -Nse 'show tables' DATABASE_NAME | while read table; do mysql -e "drop table $table" DATABASE_NAME; done

Make sure the user executing this has privileges to the database in question.

Get You External IP From Linux via the Command Line

I’m always needing to do this so here’s two quick ways.
[code]wget -qO- http://ipecho.net/plain[/code]
Or if you prefer curl:
[code]curl http://ipecho.net/plain[/code]
The ifconfig.me site
If you browse this website with your normal browser it will show how to get a lot of information from the command line, using curl, to get just the IP you can use:
[code]curl ifconfig.me[/code]
Now if windows was just as easy…if you have curl under Windows it is.

How To: Migrate Cacti to another host

I’ve been using cacti for network stat collection for years. In that time I’ve had to move cacti from one linux server to another. Keeping all the historical rrd data was of top priority. I just did another migration this morning. My notes were the key. I’m going to share them with you here.

A few things are assumed:

To start a quick outline of what needs to be done:

  • install cacti on the new machine and verify that it is working!
  • stop the poller on both cacti installs
  • copy the old database to the new one
  • copy your scripts and resources folders from the old to new (if you have any custom scripts)
  • convert all old rrd files to xml files
  • move/copy the xml files to the new cacti
  • convert the xml files back to rrd format
  • turn on the poller and test!

Why do the old rrd files need to be turned into xml files? rrdtool doesn’t like rrd files made on different machines. Even if they are identical machines/OSes. rrdtool is kind enough to allow you to export/import using the xml files to get around this.

General Steps

Make note of which cacti machine each command needs to run on! Context is very important!

After installing the new cacti, make sure it’s working.

Next get samba setup on the old cacti machine and share the whole cacti folder. Security shouldn’t be an issue so you can share without the need for credentials.

Mount the rra folder on the new cacti machine, I used this command:

mount -t cifs //kny_netmon/root/var/www/cacti/rra /mnt/oldcacti

Copy over your scripts and resources folders from the old cacti to the new cacti. This should be done from the new cacti machine.

You can do the sql database export several ways. I chose to export the database on the old machine. I used this command:

mysqldump --user=root --password=password cacti > /var/www/cacti/newcacti.sql

If you want to do the sql export from the new machine you can do it like this (the resulting sql file will still be on the old cacti machine though):

ssh root@kny_netmon mysqldump --user=root --password=password cacti > /var/www/cacti/newcacti.sql

Next, import the database to the new cacti database, remember you’re on the new cacti machine for this command.

mysql cacti < /mnt/oldcacti/newcacti.sql

On the old cacti machine, do the xml export. Run this from the rra folder!:

for i in *.rrd; do rrdtool dump $i > $i.xml; done

On the new cacti machine, copy the xml files to the rra folder:

 rsync -avz --exclude=*.rrd /mnt/oldcacti/ /var/www/cacti/rra

We don’t want the old rrd files so they’re excluded.

When the copy is done, on the new cacti convert the xml files back to rrd files:

for i in /var/www/cacti/rra/*.xml; do A=`echo $i|sed 's/.xml//'`; rrdtool restore -f $i $A; done

Remove the old xml files from the new and old cacti:

rm /var/www/cacti/rra/*.xml -f

Now here’s the wacky part. In all my years I’ve setup cacti on Windows, CentOS, Debian, Ubuntu and MacOS. Permissions are ALWAYS an issue in the rra folder. I haven’t discovered the proper permissions so I just chmod them 777 and it seems to work. So unless you know the proper permissions just chmod them 777:

chmod 777 -R /var/www/cacti/*

 

I do the whole folder just in case….I know it’s BAD security but all my cacti installs are on private networks.

Start up the poller on the new cacti and start watching your log files and graphs. They should work!

My only issue on my last migration was that my snmp host only respond to certain IP addresses so I had to add the new cacti machines address. Otherwise it picked up where it left off.

Notes

For the sake of this “tutorial” I didn’t present any scripts.

when I do this “live” I’m able to literally get all this done in less than 5 minutes. Know why that’s important? Of course you do! The poller runs every 5 minutes.

If you can start at the end of the old cacti pollers cycle you can be ready for the next cycle on the new cacti. Pretty neat!

Don’t be afraid to test the procedure. All the copying/updating on the new cacti overwrites its settings. Each time you run this procedure you’re picking up the new/updated data from the old cacti.

You *could* leave the poller running on the old cacti if you want. I did, just making sure that the xml export was done in less than 5 minutes. I have about 900 rrd files so it’s fairly quick.

 

Good luck!