Friday, December 20, 2013

Configuring VNC Server

Install the vnc server package in the server (192.168.56.2)

# yum install vnc-server

Open the configuration file and enter the following

# vi /etc/sysconfig/vncservers
  VNCSERVERS="1:root"
  
 :wq

The Xdisplay session will run as root.
For security just put a password.

# vncpasswd

From the client machine test the connection using the following

# vncviewer 192.168.56.2:1

Wednesday, August 7, 2013

Configuring ccd1 on freeBSD with fourdisks

1. To remove the existing configuration. run the below command.

# ccdconfig -v -U

2. Configure the Mirroring using the below command

# ccdconfig ccd0 32 CCDF_MIRROR /dev/ada2 /dev/ada3 /dev/ada4 /dev/ada5

3. Construct the file system using the below command

# newfs /dev/ccd0

4 .Mount our mirrored disk and make it persistent

/dev/ccd0 /work0 ufs rw 2

5. Run # mount -a

Tuesday, August 6, 2013

Configuring CCD in FreeBSD - How to

In this how to I am explaining briefly about CCD ( Concatenated Disk Driver)

1. To Configure CCD I am adding 4 new disks. System should be shutdown before adding to the disks

2. To confirm the detection of new disk check the kernel messages using dmesg command

# dmesg

From the above output it's clear that 4 new disk has been added to the system with the names ada2,ada3,ada4;ada5.

3. Label the disks using the bsdlabel command

# bsdlabel -w ada2

# bsdlabel -w ada3

# bsdlabel -w ada4

# bsdlabel -w ada5

4. Further label the disks using the bsdlabel -e

# bsdlabel -e ada2

When you run the above command a file will be open in your default editor(Defined in the Editor Variable)

Add a new line starts with e: at the end of the file

Save the file( If it ask for the y/n question while saving please give 'n' and continue).

Repeat the same steps for all the disk ad3,ada4,ad5.

5. Configure the CCD by running the below command.

# ccdconfig ccd0 32 0 ada2 ada3 ada4 ada5

Stripe size: Stripe size is the number defined x 512 bytes. In our case 32x512 = 16384 Bytes = 16KB

0 indicate the CCD level. level 0 is stripping and level 1 is mirroring

6. Generating UFS in the /dev/ccd0

# newfs /dev/ccd0

7. Create a mount point /work0 and mount our new ccd devise.

# mkdir /work0

# mount /dev/ccd0 /work0

4. To make the configuration become persistent across the reboot run

# ccdconfig -g > /etc/ccd.conf

5. To make the mounting persistent across the reboot add line like shown below to /etc/fstab.

Run mount command

# mount -a

To test the I/O run the below command. The command create a 1 GB file in /work0 directory which is already mounted by /dev/ccd0.

dd if=/dev/zero bs=1M count=1024 of=/work0/testfile.text

Enjoy !

Saturday, July 20, 2013

Openldap Replication- Multimaster

Below are the LDAP server participating in multimaster configuration. Operating System used is Centos6.3
masterldap1.fireblade.com - 192.168.56.191
masterldap2.fireblade.com - 192.168.56.192
masterldap3.fireblade.com - 192.168.56.193

Install Openldap in all the Machines(192.168.56.191.192.168.56.192,192.168.56,193)

# yum install openldap-*

Setup Openldap configuration environment

# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# chown ldap.ldap /var/lib/ldap/DB_CONFIG

# rm -rf /etc/openldap/slapd.d/*

Configure the Domain and set Manager password in all the systems.

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=fireblade,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=fireblade,dc=com"

rootpw          redhat

Save and above in all the three servers.

Enable syncprov module by commenting it in /etc/openldap/slapd.conf in all the three servers

moduleload syncprov.la

Save the configuration file.

Go to masterldap1.fireblade,com(192.168.56.191) and enter the below configuration at the end of the file.

1. 1. 1. 1. REPLICATION CONFIGURATION###################

serverID 001
syncrepl rid=000
 provider=ldap://192.168.56.192
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

syncrepl rid=001
 provider=ldap://192.168.56.193
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

index entryCSN eq
index entryUUID eq

mirrormode TRUE

overlay syncprov

syncprov-checkpoint 100 10

Save the configuration.

Go to second server masterldap2.fireblade.com (192.168.56.192) and write the below configuration in /etc/openldap/slapd.conf at the end of it.

serverID 002
syncrepl rid=000
 provider=ldap://192.168.56.191
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

syncrepl rid=001
 provider=ldap://192.168.56.193
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

index entryCSN eq
index entryUUID eq

mirrormode TRUE

overlay syncprov

syncprov-checkpoint 100 10

Save the above configuration.

Go to Third server and write the below configuration at the end of configuration file /etc/openldap/slapd.conf

serverID 003 syncrepl rid=000

 provider=ldap://192.168.56.191
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

syncrepl rid=001

 provider=ldap://192.168.56.192
 type=refreshAndPersist
 retry="5 5 300 +"
 searchbase="dc=fireblade,dc=com"
 attrs="*,+"
 bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com"
 credentials=redhat

index entryCSN eq index entryUUID eq
mirrormode TRUE

overlay syncprov

syncprov-checkpoint 100 10

Save the configuration.

Start LDAP in all the servers by running below command

# /etc/init.d/slapd start

Openldap Replication with syncrepl

Syncrepl RefreshOnly Style replication
Theory

In refreshOnly type of replication the consumer (1) initiates a connection (2) with the provider (2) - synchronization of DITs takes places and the connection is broken. Periodically the consumer (1) re-connects (2) with the provider (3) and re-synchronizes. refreshOnly synchronization may be viewed as operating in burst mode and the replication cycle time is the time between re-connections.

Master LDAP server - ldap-master.fireblade.com - Provider
Slave LDAP server - ldap1.fireblade.com - Consumer

In Provider LDAP ldap-master.fireblade.com configuration ile add the below configuration and save.

# NOTE: 
# the provider configuration contains no reference to any consumers

# define the provider to use the syncprov overlay
# (last directives in database section)
overlay syncprov
# allows contextCSN to saves to database every 100 updates or ten minutes
syncprov-ch
syncprov-checkpoint 100 10

In Consumer LDAP ldap1.fireblade.com configuration add the below configuration and save.

# provider is ldap://master-ldap.example.com:389, sync interval 
# every 1 hour, whole DIT (searchbase), all user attributes synchronized
# simple security with cleartext password
# NOTE: comments inside the syncrepl directive are rejected by OpenLDAP
#       and are included only to carry further explanation. They MUST NOT
#       appear in an operational file
syncrepl rid=000 
 provider=ldap://ldap-master.fireblade.com
 type=refreshOnly
 #re-connect/re-sync every hour
 interval=00:1:00:00
 retry="5 5 300 +" 
 searchbase="dc=example,dc=com"
 #both user (*) and operational (+) attributes required
 attrs="*,+"
 bindmethod=simple
 binddn="cn=Manager,dc=fireblade,dc=com"
 #Warning: password sent in clear - insecure
 credentials=dirtysecret

Restart ldap service in both Consumer and provider.

# service ldap restart

Test the configuration by creating a new entry in the Provider.

Openldap Replication with Slurpd

Here I am using Master-Slave replication using Slurpd. Below are the participating systems

1. ldap-master.fireblade.com (Master Server)

2. ldap1.fireblade.com (client Server)

Replication to work properly Master and salve system initially should have exact number of entries. Take a dump of all the entries in the Master server using the below command and import it to the slave.

# slapcat > master.ldif

Go to the salve ldap1.fireblade.com and import it using ldapadd.

#  ldapadd -D "cn=Manager,dc=dc1,dc=fireblade,dc=com" -W -x -f initial.ldif

At this point both master and slave has the exact amount of data. Let's start the replication configuration.

Open /etc/openldap/sldapd.conf in master server ldap-master.fireblade.com and add the below entries

Replication will happen in the every 5 minutes.

replicationinterval 300

# Keep the sapce in front of binddn as it is bbecause 
replica uri=ldap://ldap1.fireblade.com bindmethod=simple
 binddn="cn=manager,dc=fireblade,dc=com" credentials=redhat

save the configuration and exit the file.

Open /etc/openldap/sldapd.conf in the salve server ldap1.fireblade.com and add the following entries.

updatedn "cn=manager,dc=fireblade,dc=com"

updateref ldap://ldap-master.fireblade.com:389

Save the configuration and restart the ldap service in both the server and client

# service ldap restart

Test the configuration by create a new user in the master server and test whether it appears in the slave with in 5 minutes.

Debugging
Statrt slapd and slurpd in debug mode to troubleshoot the issues

# slapd -d 1

# slurpd -d 1

Openldap referral

In Openldap we can delegate the responsibility to maintain a purticular part of directory to Other LDAP server. I am using two LDAP server hosting the domain dc=fireblade,dc=com.

1. master-ldap.fireblade.com - 192.168.56.10

2. ldap1.fireblade.com - 192.168.56.21

In this scenario we are going to delegate all the requests for ou=us,dc=fireblade,dc=com to the master-ldap.fireblade.com to ldap1.fireblade.com
Go to ou=us,dc=fireblade,dc=com create a new.ldif with below entries.

dn: ou=us,dc=fireblade,dc=com
ref: ldap://master-ldap.fireblade.com/ou=us,dc=fireblade,dc=com
ou: us
objectClass: referral
objectClass: extensibleObject
objectClass: top

Add the new entry to LDAP using the below command

# ldapadd -D "cn=Manager,dc=fireblade,dc=com" -W -x -f new.ldif

Go to Deligated server ldap1.fireblade.com and configure the domain fireblade.com in slapd.conf and create the ou us and user nagaraj under it.

vi /etc/openldap/slapd.conf

suffix          "dc=fireblade,dc=com"
rootdn          "cn=Manager,dc=fireblade,dc=com"
rootpw          {SSHA}U0DavqxmDkhcPK9qpaJzxRM7r/GFtptM

Create DIT using the following LDAP and add it using ldap add

# vim add.ldif

dn: dc=fireblade,dc=com
objectclass: dcObject
objectclass: organization
o: fireblade.com
dc: fireblade

dn: ou=us,dc=fireblade,dc=com
objectClass: organizationalUnit
objectClass: top
ou: us

 dn: cn=nagaraj,ou=People,dc=fireblade,dc=com
 objectClass: posixAccount
 objectClass: top
 objectClass: person
 objectClass: organizationalPerson
 objectClass: inetOrgPerson
 cn: nagaraj
 gidNumber: 20001
 homeDirectory: /home/nagaraj
 sn: Sulthan Munaver
 uid: sulthan
 uidNumber: 20000
 manager: uid=suresh,ou=People,dc=fireblade,dc=com
 telephoneNumber: 666677777777
 userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

# ldapadd -D "cn=Manager,dc=fireblade,dc=com" -W -x -f add.ldif

Now the ldap1.fireblade.com server configured with cn=nagaraj,ou=us,dc=fireblade,dc=com

Please go to any other machine with Openldap client and search the nagaraj entry in master-ldap.fireblade.com using the below command.

# ldapsearch -C -h master-ldap.fireblade.com -x -b "ou=us,dc=fireblade,dc=com" "(uid=nagaraj)"

Even though the entry is not there in the master-ldap.fireblade.com due to referral, it will consult the ldap1.fireblade.com and returns the output.

# ngaraj, us, fireblade.com
dn: cn=ngaraj,ou=us,dc=fireblade,dc=com
uid: nagaraj
gidNumber: 5010
sn: Nagraj Nagmangala
cn: ngaraj
homeDirectory: /home/nagraj
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
uidNumber: 5010

Configuring Multiple DIT in a Single server

Let's say if we have one domain called fireblade.com and we need to configure fireblade.net in the same server please follow the following steps.

Note: fireblade.com domain already exist and we are configuring the fireblade.net domian in addition and adding a OU called people OU.
My LDAP server's hostname is

master-ldap1.fireblade.com - 192.168.56.22

Open the configuration file and define the second domain

# vim /etc/openldap/slapd.conf

add the below lines.

database       bdb
suffix         dc=fireblade,dc=net"
rootdn         "cn=Manager,dc=fireblade,dc=net"
rootpw         redhat

directory       /var/lib/ldap/firenix-net

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

Save and restart LDAP

# /etc/init.d/ldap restart

Create ldif called test.ldif

vim test.ldif

dn: dc=fireblade,dc=net
dc: fireblade
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Firenix, Inc.

dn: ou=people, dc=fireblade,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

Add the ldif to the DATABASE

#  ldapadd -D "cn=Manager,dc=fireblade,dc=net" -W -x -f test.ldif

Now the server contains two domains fireblade.com and fireblade.net

Enjoy !!!

Openldap ACL Key word examples

0: o=suffix
   1: cn=Manager,o=suffix
   2: ou=people,o=suffix
   3: uid=kdz,ou=people,o=suffix
   4: cn=addresses,uid=kdz,ou=people,o=suffix
   5: uid=hyc,ou=people,o=suffix

Then:

   dn.base="ou=people,o=suffix" match 2;
   dn.one="ou=people,o=suffix" match 3, and 5;
   dn.subtree="ou=people,o=suffix" match 2, 3, 4, and 5; and
   dn.children="ou=people,o=suffix" match 3, 4, and 5.

OpenLDAP group ACL

In this scenario all the members in a particular group can update the Directory server data.

Create group called administrators add suresh as user under "dc=fireblade,dc=com" usingthe

following LDIF

dn: cn=administrators,dc=fireblade,dc=com
objectClass: groupOfNames
cn: administrators
member: cn=suresh,ou=People,dc=fireblade,dc=com

LDIF for suresh is given below

dn: cn=suresh,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
cn: suresh
gidNumber: 3001
homeDirectory: /home/suresh
sn: suresh
uid: suresh
uidNumber: 3000
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

Open the openldap configuration file and add the following configuration

access to dn.children="dc=fireblade,dc=com"
       by self write
       by group.exact="cn=administrators,dc=fireblade,dc=com" write
       by * auth

Save and exit the configuration and restart the service.

/etc/init.d/ldap restart

Connect to LDAP as suresh and try to modify the filed. Now you can modify the fields.

Enjoy !!!!!

Openldap ACL Implimentation

Giving Permission to change password for the authenticated current user

By using this configuration only currently authenticated user can change the password themselves. He can't view or change the others passwords.

Open /etc/openldap/slapd.conf

# vim /etc/openldap/slapd.conf

After the line rootdn          "cn=Manager,dc=fireblade,dc=com" enter the below configurations.

access to attrs=userPassword
    by self write
    by * auth

access to *
      by * read

Save the configuration and restart the openldap

# /etc/init.d/openldap restart

Giving permission to the Manager to update the filed of his Employee

# vi /etc/openldap/slap.conf

After the line rootdn "cn=Manager,dc=fireblade,dc=com" enter the below configurations.

access to dn.exact="uid=sulthan,ou=People,dc=fireblade,dc=com"

   attrs=carLicense,homePhone,mobile,pager,telephoneNumber
   by self write
   by set="this/manager & user" write
   by * read

Save the configuration file and restart the ldap using th below command

# /etc/init.d/ldap restart

NOTE: Create user sulthan with objectClass: IntetOrgPerson and suresh as his manager using any of the LDAP client like Apache Directory Studio.

LDIF for both sulthan and suresh are given below.

dn: cn=sulthan,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: sulthan
gidNumber: 20001
homeDirectory: /home/smunaver
sn: Sulthan Munaver
uid: sulthan
uidNumber: 20000
manager: uid=suresh,ou=People,dc=fireblade,dc=com
telephoneNumber: 666677777777
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

dn: cn=suresh,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
cn: suresh
gidNumber: 3001
homeDirectory: /home/suresh
sn: suresh
uid: suresh
uidNumber: 3000
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

Suresh is the Manager for Sulthan and he can update the fields such as carLicense,homePhone,mobile,pager,telephoneNumber.

Enabling logging in Openldap

To enable logging in the Openldap follow the steps given below.

# vim /etc/openldap/slapd.conf

Add the below line

 loglevel 256

Save the file
Restart ldap

# service ldap restart

Open /etc/syslogd.conf

# vi /etc/syslogd.conf


Add the lone at the end of the file
local4.*   /var/log/openldap.log

Create a file in /var/log/openldap.log

# touch /var/log/openldap.log

Save the file
Restart Syslog

#service syslog restart

Enjoy !!!!!

Directory Server Components

1. Main process of Directory server is ns-slapd

2. Made up of a front end which handles network communication and extensible which contain basic server functions.

3. Database is Sleepycat Berkrly DB.

4. Redhat management console.

To start Management console

# centos-idm-console

5. Redhat administration server which can handle start,stop,restart and view logfiles. 

6. Httpd.worker is the process.

Configuring SSL in LDAP server

Operating System used: Centos 6.3

Install Openldap by running the below command.

# yum install openldap-*

Copy slapd.conf file to the required location /etc/openldap

# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Copy DB_CONFIG to the required location

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Change the ownership by running the below command

# chown ldap.ldap /var/lib/ldap/DB_CONFIG

Open the the main LDAP configuration file and setup the Domain and Manager password.

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=fireblade,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=fireblade,dc=com"

rootpw          redhat

Save the configuration file and start ldap. Now LDAP will start in normal mode the port 389.

# /etc/init.d/slapd restart

OPENLDAP with SSL

Open the configuration file and make the following changes below.

TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile /etc/openldap/certs/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem

Go to /etc/openldap/certs and create the required certificates

# cd /etc/openldap/certs

# openssl req -new -x509 -nodes -out /etc/openldap/certs/slapdcert.pem -keyout /etc/openldap/certs/slapdkey.pem -days 365

Fill the required details while certificate creation
Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Kerala Locality Name (eg, city) [Default City]:Cochin Organization Name (eg, company) [Default Company Ltd]:FIREBLADE Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:fireblade Email Address []:admin@fireblade.com

Start LDAPS by running the below command

# /etc/init.d/slapd restart

Confirm LDAP is running in the SSL mode by running the below command.

# netstat -ntlp | grep 636

Installing Centos Directory Server

Installing Centos-Directory-Server and initial login.

DNS should be properly configured

Add following file to /etc/yum.repos.d/

# vim CentOS-Testing.repo

[c5-testing]
name=CentOS-5 Testing 
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

Save the file and exit

Install the directory server using yum

# yum install centos-ds

Install Supported rpm

# yum install xorg-x11-xauth bitstream-vera-fonts dejavu-lgc-fonts urw-fonts

Setting up java

# mv /usr/bin/java /usr/bin/java_old

Download the latest vesrion of java to /opt from the Sun and install it

# cd /opt

# tar xvzf jdk-7u5-linux-i586.tar.gz

# vim /etc/profile and add the following lines

JAVA_HOME=/opt/jdk1.7.0_05
export JAVA_HOME
PATH=PATH=$PATH:$HOME/bin:$JAVA_HOME/bin

save and exit the file

# source /etc/profile

Configure the directory server using the following command

#  setup-ds-admin.pl

After configuration start the services

# /etc/init.d/dirsrv start 
# /etc/init.d/dirsrv-admin start

Open Directory server administration console

# centos-idm-console

cn=Directory Manager
password=**********
Administration url=http://localhost:9830

If you wan to remove the initial configuration and reconfigure it Please do the below steps

Log files         /var/log/dirsrv/slapd-instance
Configuration files     /etc/dirsrv/slapd-instance
Instance directory     /usr/lib/dirsrv/slapd-instance
Database files         /var/lib/dirsrv/slapd-instance

Enjoy !!!!!!

Thursday, July 18, 2013

Using find in Linux

1. To find out all the Mp3 files in the system and to move /home/songs

# find / -name '*.mp3' -print -exec mv '{}' ~/songs \;

2. To print out all the Mp3 file names with odd charecters ( Doesn't matter whether upper or lower case)

# find . -name '*.mp3' -print0 | xargs -i -0 cp '{}' /back

3

Thursday, July 11, 2013

Creating Swap file in the BSD

Creating a 512 MB file using below command.

# dd if=/dev/zero of=/swap1/swap0 bs=1024k count=512

# chmod 600 /swap1/swap0

Convert the file in to Swap usingthe belwo command

# mdconfig -a -t -t vnode -f /swap1/swap0 -u

# swapon /dev/md0

Check the swap availability using the below command

# swapinfo OR # top

Make the setup persistent across the reboot add the below line to /et/rc.conf

swapfile="/swap1/swap0"

To turn off Swap

#swapoff /dev/md0

Storage Provisioning - BSD

FreeBSD Device Names

da - storage name begins with da is is SCSI|SATA|USB

ad - IDE mass storage

fla - flash

cd - SCSI|SATA cd-roms

acd - IDE cd roms

fd - floppy

/var/run/demsg.boot contains log of detected hardware @ last boot.

# dmesg - this comment also give the same output.

I have added a 4 GB disk to the system and I am partitioning this as 4 GB pation and mounting this /storage

Steps involved:

1. # sysinstall

2. Select the option  >>

3.This will lead us to the fdisk window and in fdisk window select  option.

4.In the next screen select No boot loader option

Save and quit
2. Re-enter sysinstall

a. configure
b.label
c. assign one or more label and mount point.
d. exit and check if the mount points suing # df -h and # cat /etc/fstab

Update /etc/fstab
/dev/ada1s1d /storage ufs rw 2 2

Checksum

Checksums are used for integrity check of contents.

2. Multiple types are there

a. md5 - 128 bit 
b. sha1 - 160 bit 
c. sha256 - 256 bit

Locations of Checksum Binaries in BSD.

# which md5

 /sbin/md5

# which sha1
 
 /sbin/sha1

# which sha256

 /sbin/sha256

md5 waits on STDIN for input (use CTRL-D to terminate STDIn stream) - Generates a unique finger print.
Example.
vasanth aa8adc7e1fb2c83161357130a4281c1a
Checksum do not garantee that a man in the middle has not viewed your content. It simply means the content is intact.
Checksum strings do not vary with time. They are solely content-dependent.

b. sha1 - vasanth-  6a04ed4f77798a2e8661e44cc9746f329af953af

c. sha256 - vasanth - b932a819680211a67c15707c88ca2070c55093139c12dbacb34597f2d3c0467f

To generates unique fingerprint for the strings

# md5|sha1|sha256 -s "STRING"

Generating Fingerprint for the files.

# md5 filename

Create a file called check.txt and create finger print for the file.

# cat check.txt

This is fingerprint check file.

Run the following command to get the fingerprint using md5,sha1,sha256

# CFILE=check.txt ; md5 $CFILE && sha1 $CFILE && sha256 $CFILE

 MD5 (check.txt) = 1da283e6addeca541faff8d2c617dea4
 SHA1 (check.txt) = ab5a2ea17198ac8f17225bbfa4d7135e70deb744
 SHA256 (check.txt) = 3f6309880627d03d8941774456f865058f19db449f67f5165ec7a76f73a1375e

Checksums are only as goo as the security behind the provider of the content Generating the checksums and saving in file

# CFILE=check.txt ; md5 $CFILE >> $CFILE.sums && sha1 $CFILE >> $CFILE.sums && sha256 $CFILE >> $CFILE.sums

[root@basd1 ~]# cat check.txt.sums
MD5 (check.txt) = 1da283e6addeca541faff8d2c617dea4
SHA1 (check.txt) = ab5a2ea17198ac8f17225bbfa4d7135e70deb744
SHA256 (check.txt) = 3f6309880627d03d8941774456f865058f19db449f67f5165ec7a76f73a1375e

Publish sums file with source so that receiver can check the integrity of the source by checking the fingerprint.

Enjoy !!!

User Management in FreeBSD

These tools provide ability to manage the users across the system.
adduser is

# adduser

Below are the steps involved when using adduser command in freeBSD.

Username: hemanth
Full name: Hemanth Murali
Uid (Leave empty for default):
Login group [hemanth]:
Login group is hemanth. Invite hemanth into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: bash
Home directory [/home/hemanth]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : hemanth
Password   : *****
Full Name  : Hemanth Murali
Uid        : 1002
Class      :
Groups     : hemanth
Home       : /home/hemanth
Home Mode  :
Shell      : /usr/local/bin/bash
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (hemanth) to the user database.
Add another user? (yes/no): yes
Username:

IN BSD adduser script updates password in two files

1. /etc/password

2. /etc/master.password

adduser script automatically copies the /usr/share/skel directory dot files to users home directory.
REMOVING A LOCAL USER

[root@basd1 ~]# rmuser
Please enter one or more usernames: hemanth
Matching password entry:

hemanth:*:1002:1002::0:0:Hemanth Murali:/home/hemanth:/usr/local/bin/bash

this the entry you wish to remove? yes
Remove user's home directory (/home/hemanth)? yes
Removing user (hemanth): mailspool home passwd.

-y option with rmuser will remove with taking yes for all the questions

# rmuser -y hemnath

To update the user attributes.

#chpass -s /bin/csh vasanth

The above command will change the uer shell to csh.

FreBSD imposes no account linits regarding: expiration and mandatory password change.

To change users password

# passwd username

To list the attributes of a user

# pw show user vasanth
 Output:
vasanth:*:1001:1001::0:0:Vasanth Muraleedharan:/home/vasanth:/usr/local/bin/bash

To change the shell of the user using pw

# pw mod user vasanth -s /bin/sh

pw command changes the following files - /etc/passwd,/etc/master.passwd,group

Enjoy !!!

Only for Geeks

Pages