Pages

Centos 6.3 basic config

! sockstat equivalent in linux
netstat -tulpn
lsof -Pnl +M -i4 

Network restart
service network restart
Sockstat
netstat -na | grep -v DGRAM | grep -v STREAM | grep -v ffff | grep -v 127.0.0.1 | grep -v ::: | grep -v UNIX | grep -v Node
Speedtest
wget -O /zzz/speedtest/tmp http://mia.voxility.net/10GB.bin

Restart all services without reboot
    init 1
    init 5
    Init 1  - will bring your computer to single user mode, where minimal services are running
    init 5 -  will being the system back to GUI mode, by restarting all the services

    When Clonning Centos VM , delete
    rm -rf /etc/udev/rules.d/70-persistent-net.rules
    ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules

    RESTART

     Centos Version
    # cat /etc/redhat-release
    CentOS release 6.5 (Final)

     Centos 66 Startup services
    # chkconfig  | egrep 'pdn|zabbix|mysql|bird|iptables'
    bird            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    pdns            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    pdns-recursor   0:off   1:off   2:on    3:on    4:on    5:on    6:off
    zabbix-agent    0:off   1:off   2:on    3:on    4:on    5:on    6:off

    Centos installed soft
    rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n" | grep pdn

    SE-Linux Check
    sestatus | grep mode
    getsebool -a
    Route-show
    echo '------IP ROUTE SETTINGS------'
    ip route

    echo '------IP ADDR SETTINGS-------'
    ip addr show

    echo '------  END CONFIG-------'
    ip -6 route show

    Usefull commands
    /etc/init.d/network restart 

    ifstat
    wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
    rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
    wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
    rpm --import RPM-GPG-KEY.dag.txt
    yum --enablerepo=rpmforge install ifstat

    Atop

    wget http://www.atoptool.nl/download/atop-2.0.2-1.x86_64.rpm
    yum install atop-2.0.2-1.x86_64.rpm
    # 1   second interval
    # -F  dont sort
    # -f   show all, even inactive
    atop -f 1 -n -F

    conntrack -L
    conntrack -L | grep dport=53

    tcpdump -i eth1 -nn  ip src 8.8.8.8
    tcpdump -i eth1 -nn  host  8.8.8.8

    IPTables

    iptables -L -v -n  --line-numbers
    iptables -L -v -n  -t nat -x --line-numbers
    ip6tables -L -v -n  --line-numbers

    IPTABLES Restart
    service iptables restart
    service ip6tables restart
    echo '===ipv4==========='
    iptables -L -n
    echo '===ipv6==========='
    ip6tables -L -n
    IPTABLES STOP
    service iptables stop
    chkconfig iptables off




    1) Install 64bit version (x86_64) - "minimal"
    2) Install VMware Tools
    ESXi 5.1  (v. 1065491) @ CentOS 6.3 64bits

    yum install make gcc kernel-devel kernel-headers glibc-headers perl
    ! mount VMWareTools CD in VM
    mkdir /mnt/cdrom
    mount /dev/cdrom /mnt/cdrom
    cp /mnt/cdrom/VMwareTools-9.0.5-1065307.tar.gz /tmp/
    cd /tmp/
    tar xvfz VMwareTools-9.0.5-1065307.tar.gz
    /tmp/vmware-tools-distrib/vmware-install.pl -d
    ! add -d to auto accept defaults





    OR

    echo "mount /dev/cdrom /mnt/cdrom ; cp /mnt/cdrom/VMwareTools-9* /tmp/; cd /tmp/ ; tar xvfz VMwareTools-9.0.16* ; /tmp/vmware-tools-distrib/vmware-install.pl -d "  > /tmp/vmtools-update ; chmod a+x /tmp/vmtools-update; time /tmp/vmtools-update





    3) Network Setup

    Interface config
    /etc/sysconfig/network-scripts/ifcfg-eth0
    BOOTPROTO=static
    DEVICE=eth0
    IPADDR=10.20.1.20
    NETMASK=255.255.255.0
    NETWORK=10.20.1.0
    ONBOOT=yes
    TYPE=Ethernet

    Default route
    /etc/sysconfig/network
    GATEWAY=10.20.1.1
    DNS
    cat /etc/resolv.conf  
    nameserver 8.8.8.8

    Modify routes
     route add default gw 1.1.1.1
     route delete default gw 1.1.1.1

    netstat -nr
    ip route


    Static routes
    cat /etc/sysconfig/network-scripts/route-eth1
    default 192.168.2.254 dev eth1
    10.0.0.0/8 via 10.10.29.65 dev eth1
    Restart network
    service network restart
    service network stop
    service network start
    Restart Firewall (for tests)
    service iptables stop
    chkconfig iptables off

    3) Setup time
    yum install ntp ntpdate ntp-doc
    chkconfig ntpd on
    ntpdate pool.ntp.org
    /etc/init.d/ntpd start
    4) Secure SSH
    vi /etc/ssh/sshd_config
    ListenAddress 10.1.1.151
    Port 1253
    UseDNS no

    service sshd restart

    [root@centos63 /]# netstat -an | grep 1253
    tcp        0      0 10.1.1.151:1253           0.0.0.0:*                   LISTEN     

    5) Update pkgs
    yum update
    If something went wrong
    yum clean all
    yum clean metadata
    yum clean dbcache
    yum makecache
    yum update -y

    mv /var/lib/rpm/__db* /tmp
    rpm --rebuilddb

    6) Install soft
    ! Install basic tools
    yum install mc net-snmp net-snmp-utils mysql mysql-server httpd php php-cli php-mysql perl-MailTools perl-DBD-MySQL perl-Net-Telnet quagga libart_lgpl php-snmp wget which tcpdump ruby gettext php-ldap cairo pango wireshark tcpdump openssl rrdtool rrdtool-perl ntp
    ! Install Linux Kernel headers and Compiler
    yum install gcc gcc-c++ kernel-devel
    yum groupinstall "Development Tools" -y && sudo yum install kernel-devel -y
    ! Go to: http://ftp.gnu.org/gnu/autoconf/
    download binary and install
    7) Add addiotional DISK to VM (VMware)
    To create a new virtual disk for an existing Linux virtual machine: (info from VMWARE)
    1) Create the virtual disk.
    2) Log in as root on your Linux virtual machine.
        Unless you are not running level 3, open a terminal session.
        Run the df command to examine the current disks that are mounted and accessible.
    3) Create an ext3 file system on the new disk:
    Rescan Disks
    ls  /sys/class/scsi_host/
       host0  host1  host2
    echo "- - -" > /sys/class/scsi_host/host1/scan
    echo "- - -" > /sys/class/scsi_host/host1/scan
    echo "- - -" > /sys/class/scsi_host/host1/scan
    echo "- - -" > /sys/class/scsi_host/host2/scan
    fdisk -l
    Create partition
    # mkfs -t ext3 /dev/sdb
    Note: b in /dev/sdb is the second SCSI disk.
    It warns that you are performing this operation on an entire device, not a partition. That is correct, as you created a single virtual disk of the intended size. This is assuming you have specified the correct device.
    Caution: Ensure you have selected the right device, there is no undo.
    Run the fdisk command to verify the existence of the disk you created:
    # fdisk -l
    Disk /dev/sdb: 3221 MB, 3221225472 bytes
    255 heads, 63 sectors/track, 391 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x00000000
    4) Run the following command to create a mount point for the new disk:
    # mkdir /<NewDirectoryName>
    5) Run the following command to display the current /etc/fstab :
    # cat /etc/fstab
    Run the following command to add the disk to /etc/fstab so that it is available across reboots:
    /dev/sdb /<NewDirectoryName> ext3 defaults 1 3
    Note: Use a Linux text editor of your choice.
    6) Reboot the Linux virtual machine and the new disk is now available.

    8) Zabbix agent 2.2
    rpm -ivh http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm
    yum install zabbix-agent
    chkconfig zabbix-agent on
    service zabbix-agent start
       
    iptables -I INPUT 1 -p tcp -s  ZABBIX_SERVER_IP –dport 10050 -j ACCEPT
    iptables -I OUTPUT 1 -p tcp -s ZABBIX_SERVER_IP –dport 10051 -j ACCEPT
    9) Install codecs
    yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/el/updates/6/i386/rpmfusion-free-release-6-1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/6/i386/rpmfusion-nonfree-release-6-1.noarch.rpm
    yum install gstreamer-ffmpeg  x264

    10) ethx_pps
    #!/bin/bash
    .
    INTERVAL="1"  # update interval in seconds
    .
    if [ -z "$1" ]; then
            echo
            echo usage: $0 [network-interface]
            echo
            echo e.g. $0 eth4
            echo
            echo shows packets-per-second
            exit
    fi
    .
    IF=$1
    .
    while true
    do
            R1=`cat /sys/class/net/$1/statistics/rx_packets`
            T1=`cat /sys/class/net/$1/statistics/tx_packets`
            sleep $INTERVAL
            R2=`cat /sys/class/net/$1/statistics/rx_packets`
            T2=`cat /sys/class/net/$1/statistics/tx_packets`
            TXPPS=`expr $T2 - $T1`
            RXPPS=`expr $R2 - $R1`
            echo "TX $1: $TXPPS pkts/s RX $1: $RXPPS pkts/s"
    done

    Usage:
    ./ethx_pps eth4



    12) IPTABLES

    FTP Passive/Active
    # Generated by iptables-save v1.3.5 on Thu Oct  3 22:25:54 2013
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [824:72492]
    
    -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-port-unreachable
    -A OUTPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    -A OUTPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    COMMIT
    # Completed on Thu Oct  3 22:25:54 2013