Category Archives: RHEL/OEL 6

Configure SSH using key files

Configuration Guide
Configure SSH Key Authentication Linux Server

Subject(s): This document guideline for System Administrator to configure SSH Key Authentication when new installation Linux Server to secure OS system.

Grade/Level: Basic Administration

Tools: Putty, Puttygen

Time Allotment: 10 mins

Learning Context

SSH Key Authentication in Linux system replace password authentication make system more secure. Who has private key can access to server only. No need remember password. It is same method with public cloud providers (AWS, GCE, …) are using to secure your Linux servers.

Procedure

  • Install Linux OS
  • Connect SSH to Linux OS (default port 22 is opened without stop firewall, iptables).

Using Putty/SSH client to connect to server with root account and password.

  • Configure SSH Key from Client.

From client (Desktop, Laptop), Open puttygen to generate private-public SSH key.

  1. Click to Generate button
  2. Move mouse on blank region to generate public key.
  3. Click to Save private key, save file as *.ppk
  4. Select all public key, right click ->  copy

Copy public SSH Key to Server

  • In SSH session from root account, create new user: #useradd -m <username>
  • Switch to user created, create directory .ssh: mkdir -p /home/<username>.ssh
  • Create file: authorized_keys. Paste content public key to this file.
  • Save file
  • Change permission to file authorized_keys to 600: chmod 600 authorized_keys
  • Change permission to directory .ssh: chmod 744 /home/<username>/.ssh

Update SSH configure in Server

  • From root account, edit file: /etc/ssh/sshd_config
  • Uncomment line: PubkeyAuthentication yes
  • Comment line: #PermitRootLogin yes
  • Change line: PasswordAuthentication yes to PasswordAuthentication no
  • Save file

Restart ssh service:

  • Linux 4,5,6: service sshd restart
  • Linux 7: systemctl restart sshd

Using putty connect to server with your key 

  • Using putty, create new session to connect to server with username and private key file.

Restricted access SVN LDAP authorization.

Simple restricted access to SVN repository with LDAP authorization.

(On Ubuntu Server configure).

sudo /etc/apache2/mods-enabled/dav_svn.conf

Edit Repository which you want to restricted access with some users.

<Location /svn>
DAV svn
SVNParentPath /u02/svn
SVNListParentPath on
AuthType Basic
AuthName “SVN Server”
AuthBasicProvider ldap
AuthLDAPBindDN “cn=admin,dc=test,dc=mycompany,dc=com”
AuthLDAPBindPassword <admin password>
AuthLDAPURL “ldap://localhost/dc=test,dc=mycompany,dc=com?uid”
Require valid-user
</Location>

— Add Location for repository with users exist LDAP server.

<Location /svn/repo1>
Require ldap-user user1 user2 user3
</Location>

Restart Apache2 server

sudo service apache2 restart

 

New JVM JIT Feature in 11g May Cause ORA-29516 Error on Linux

Error:

ORA-29516: Aurora assertion failure: Assertion failure at joez.c:3311
Bulk load of method java/lang/Object.<init> failed; insufficient shm-object space

Cause:

You have set additional mount options on the shared memory device, /dev/shm, other than just the option named defaults.

Solution:

Examine the mount options in file /etc/fstab. If you see any addiitonal mount options after the word “defaults” for /dev/shm, such as nosuid, nodev, or noexec then this is likely the root cause.

For example:

none /dev/shm tmpfs defaults,nosuid,nodev,noexec 0 0

Remove these options from the entry in /etc/fstab:

none /dev/shm tmpfs defaults 0 0

Shut down the database instance, and reboot the system.  Restart the database instance.

Or

Disable the JIT compiler:

Alter system set JAVA_JIT_ENABLED=FALSE scope=both;

Fix error Bitdefender on Linux

Fix error Bitdefender on Linux

As many BitDefender Antivirus Scanner for Unices users have noticed, attempting to run the command line tool (bdscan) or the GUI application will result in an unexpected segmentation fault. The issue is caused by an incompatibility between the latest antivirus engines retrieved through update and the their platform specific component (bdcore.so) which currently cannot be updated. Until a new build of the packages is made, the solution is to grab the latest bdcore.so library and use it to replace the existing one.  In order to accomplish this task you will need run the following comands as root:
# cat /opt/BitDefender-scanner/var/lib/scan/versions.dat.* | \
      awk ‘/bdcore.so.linux/ {print $3}’ | \
      while read bdcore_so; do
          touch /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
          bdscan –update;
          mv /opt/BitDefender-scanner/var/lib/scan/bdcore.so \
              /opt/BitDefender-scanner/var/lib/scan/bdcore.so.old;
          ln -s /opt/BitDefender-scanner/var/lib/scan/$bdcore_so \
              /opt/BitDefender-scanner/var/lib/scan/bdcore.so;
          chown bitdefender:bitdefender \
              /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
      done
We apologize for any inconvenience created by this issue. Thank you.

#
cat /opt/BitDefender-scanner/var/lib/scan/versions.dat.* |awk ‘/bdcore.so.linux/{print $3}’|while read bdcore_so;do touch /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;bdscan –update;ln -s /opt/BitDefender-scanner/var/lib/scan/$bdcore_so /opt/BitDefender-scanner/var/lib/scan/bdcore.so;done

Install & Configure OpenLDAP in RHEL6

1. Install OpenLDAP Packages:
#yum install openldap-servers openldap-clients compat-openldap nss-pam-ldapd mod-authz-ldap
2. Configure LDAP database & configure file.
2.1 Get admin password to manage OpenLDAP: #slappasswd
2.2 Edit ldap configure file:
          #cd /etc/openldap/slapd.d/
          #vi olcDatabase\=\{2\}bdb.ldif
               Replace content: dc=my-domain,dc=com with dc=gimasys,dc=com
               Add line: olcRootPW: with result from slappasswd
2.3 Edit ldap monitor configure file:
          #vi olcDatabase\=\{1\}monitor.ldif
               Replace content: cn=manager,dc=my-domain,dc=com with cn=admin,dc=gimasys,dc=com
2.4 Update db configure file with command:
          #updatedb
2.5 Copy Database file
          #cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
          #chown -R ldap:ldap /var/lib/ldap
2.6 Test & start slapd service
          #slaptest -u
          #service slapd start
          #ldapsearch -x -b “dc=gimasys,dc=com”
2.7 Edit base.ldif
# vi base.ldif
dn:dc=gimasys,dc=com
dc:gimasys
objectClass: top
objectClass: domain

dn:ou=Users,dc=gimasys,dc=com
ou:Users
objectClass: top
objectClass: organizationalUnit

dn:ou=Group,dc=gimasys,dc=com
ou:Group
objectClass: top
objectClass: organizationalUnit

 

2.8 Add base file to ldap
     #ldapadd -x -W -D “cn=admin,dc=gimasys,dc=com” -f base.ldif

Update Oracle Enterprise Linux from DVD

  1. Download and copy the appropriate yum configuration file in place, by running the following commands as root:

    Oracle Linux 4 Update 6 or Newer

    # cd /etc/yum.repos.d
# mv Oracle-Base.repo Oracle-Base.repo.disabled
# wget http://public-yum.oracle.com/public-yum-el4.repo

    Oracle Linux 5

    # cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

    Oracle Linux 6

    # cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ol6.repo

    Oracle VM 2

    # cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ovm2.repo
  2. Enable the appropriate repository by editing the yum configuration file
    • Open the yum configuration file in a text editor
    • Locate the section in the file for the repository you plan to update from, e.g. [el4_u6_base]
    • Change enabled=0 to enabled=1
  3. Begin using yum, for example:

    yum list

    yum install firefox

You may be prompted to confirm the import of the Oracle OSS Group GPG key.

To get yum use the DVD as a repository, add a file ‘rhel-dvd.repo’ in /etc/yum.repos.d with the following content:

[dvd]
name=Red Hat Enterprise Linux Installation DVD
baseurl=file:///media/Server
enabled=1

gpgkey=file:///media/RPM-GPG-KEY-oracle

Install Xterm in VNCServer on Redhat 6

After long time search on google and support from redhat enterprise linux, finally we can install and configure vncserver on Redhat Enterprise Linux/Oracle Enterprise Linux 6 with xterm such as default configure in RHEL 5.

Prerequirement:

RHEL6/OEL 6 with tigervnc-server installed.

Configure VNC server with xterm follow steps:

1. Install 3 packages:  xorg-x11-twm, xterm, libXaw
# yum install xterm xorg-x11-twm *xorg*font*  tigervnc-server
2. Configure Fonts fix warning:
Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
#vi /etc/profile
# Add line follow
 export LANG=C
3. Replace configure xstartup with content:
# vi $HOME/.vnc/xstartup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
twm &
4. Edit file /etc/sysconfig/vncservers to enable users and vnc session
# vi /etc/sysconfig/vncservers
Edit line:
#VNCSERVERS=”2:username”
to:
VNCSERVERS=”1:<your username login>”
save file.
5. Add execute mode for xstartup file and restart vncserver services.
# chmod +x $HOME/.vnc/xstartup
# service vncserver restart

Finished.